a few questions from a newbie.

Discussion in 'other firewalls' started by moontan, Oct 16, 2011.

Thread Status:
Not open for further replies.
  1. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i've just started using LnS firewall.
    i think this is a general question which is why i did not post it in the LnS forum.
    there are a few microsoft process i am not entirely sure if they need to be allowed access to the net.

    here they are:

    - rundll32.exe
    - services .exe
    - svchost (i know this one needs to connect)
    - explorer.exe (need to connect as well)
    - devicedisplayobjectprovider.exe
    - mscorsvw.exe (part of .net Framework)
    - and finally taskeng.exe (that one is not authorized to connect but can start processes that need to)

    i just want to make sure i got this thing locked down as much as i can without screwing things up.

    any help would be appreciated.
    -------------------------------
    edit:
    while we're waiting for other to comment i've found this page which help about a few of these processes:
    -http://www.dslreports.com/faq/5559
     
    Last edited: Oct 16, 2011
  2. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    moonblood, since when you're a newbie?

    Did you ever look at "Customizing Firewall Rules" by CrazyM in this sticky
    https://www.wilderssecurity.com/showthread.php?t=24415
    and this famous
    http://www.outpostfirewall.com/foru...-Producing-a-Secure-Configuration-for-Outpost

    I bet both still apply even if you're not on XP.

    LnS allows services to go internet. I blocked it on XP, as I do in Kerio or Outpost or Sunbelt with no ill effects.
    Svchost - I only allow it out together with IE on the days I do windows patches.
    But in LnS I had to allow it always, because otherwise DHCP failed and I found no way in LnS to have rules that are in daily use vs those that are for Bill Gates to fix things. Phant0m may have answered something to my post about it there, but I don't always understand the LnS answers. It's a very difficult firewall for me.

    Oh, DNS client here is disabled. Applications do the lookups normally. I haven't tweaked LnS rules enough yet to do the apps control for UDP ports, so any app at this point can do DNS lookup, far as I can understand it. Putting UDP port 53 behind every application list will do the job. But then it might block some other essential UDP port - I haven't figured that out yet. Ask Phant0m in the LnS section.

    RunDll - that depends much what's installed. For example Belarc Advisor service will use rundll to give you a portrait of the computer. I'd block it, watch the logs if something didn't work.

    Explorer - never internet, just one red block here, but green for allow to run other apps that might need to connect.

    mscorsvw.exe - I have never yet seen it be used. So I set the service in control panel to manual after reboot from MS updates. I may have seen it used for TurboTax last spring, now that I think of it. But not yet in LnS. My camera uses .NET junk, but no firewall ever alerted that it wants out. So I can't comment on that one, nor the others you listed.
     
    Last edited: Oct 19, 2011
  3. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx for taking the time m8! :thumb:

    i will check out the links you provided.

    btw, i'm not m00nbl00d. :D
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Newbie, i mean m00nbl00d, i mean moontan :D

    I see you're on W7, i'm on XP, but some things "might" be similar. act8192 makes some good points Plus anything you can learn from CrazyM/Stem/Phant0m etc is worth knowing :thumb:

    - rundll32.exe = I don't Automatically allow it.
    - services .exe = I don't Automatically allow it.
    - svchost = Tricky little bugger ! More than one instance of it running, & i havn't discovered a way of truly managing it But if you don't allow it = No internet !
    - explorer.exe = I don't Automatically allow it.
    - devicedisplayobjectprovider.exe = Don't know it
    - mscorsvw.exe = Don't know it
    - taskeng.exe = Don't know it

    Basically i don't allow anything Unless i Really have to. Plus every App that requires Internet access, i've set my FW to prompt me for, ALWAYS & Every time. Also i don't allow auto updates of Anything.
     
  5. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    oooops!, sorry moontan, I do get easily confused :)

    Perhaps the reason why LnS allows services out to the wild web is history. In Windows 2000 the entire list of jobs was under services. Then for XP Microsoft bundled all/some of those functions under svchost.
     
  6. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    moontan,

    did you enable "Advanced mode" in LnS ("options" tab, "Advanced" button)? It will show you that services, explorer and rundll only need indirect access (starting a software that will connect). There is nothing tricky about svchost, it must be allowed out, mscorsvw is a compiler process for .NET and needs only indirect access, and devicedisplayobjectprovider will call out to get some images of your USB attached devices (not needed, a matter of preference). Don't know about taskeng, it never wanted out here (Win7 x64).
     
  7. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    A Seer,

    yes i have Advanced Mode enabled.
    tnx everyone for the tips! :thumb:

    taskeng.exe launches googleupdates.exe, so indirect access for taskeng.exe
    --------------------------------------------------------------------------
    edit,
    i cleaned up things by deleting odd stuff from the list and waiting for them to reappear.
    the only windows process that's given full access is svchost.exe.

    everything else has indirect access.

    tnx again! :)
     
    Last edited: Oct 20, 2011
Loading...
Thread Status:
Not open for further replies.