I have been using Core Force about a day now and am having trouble adjusting the download profile (Force) security set to medium-low. I can not send or receive email without disabling the protection for opera. Where in the config. do I look to change these setting?
Is "Network. Send and receive mails" enabled for Opera? http://img137.imageshack.us/img137/1696/immagine7ns.gif Also, did you look at the Activity Monitor for Opera? Most probably, it will show any failed attempts at sending-receiving mail. To look at the configuration for "Network. Send and receive mails" go on "Shared Policies" and look at the Permissions: http://img140.imageshack.us/img140/1737/immagine7xd.gif
Outgoing is right, do not put incoming. You probably need these two rules: Basic: ------------------------ Action: Pass Direction: outgoing Protocol: TCP Interface: Any Source: ------------------------ Address: Any Port: Any Destination: ------------------------ Address: [your smtp (outgoing mail) server] Port: 25 Advanced: ------------------------ Enabled: Yes Stealth: No Stateful: Yes Log: No Quick: No IP Options: No Flags: S/SA And: Basic: ------------------------ Action: Pass Direction: outgoing Protocol: TCP Interface: Any Source: ------------------------ Address: Any Port: Any Destination: ------------------------ Address: [your pop (incoming mail) server] Port: 110 Advanced: ------------------------ Enabled: Yes Stealth: No Stateful: Yes Log: No Quick: No IP Options: No Flags: S/SA You can delete the other Firewall rules for this Shared Policy.
Create new rules. If the new rules work, you can delete those old 4 ones (they were created at installation time, but they are to provide initial functionality without further editing: since the pop/smtp seem to have some problem, and since probably you don't use pop-ssl and imap, you don't need those 4, just the two new ones).
You're welcome. It takes some time to get familiar with Core Force, but with experience it becomes an amazing tool.
I used the wizard to create profiles for all programs that need to dial out. I am just hoping that everything is able to update itself when needed.
I didn't set the policy for the AV; basically, the AV should be considered "trusted" so (IMHO) it doesn't make much sense to enforce restrictions at filesystem and registry level, but I guess if you do want to enforce restrictions, you could do a "learning wizard" to let it know what files it must execute, then you can modify the list/read/write/delete to allow it to do this on the whole filesystem. That way its policy would not allow to launch a particular executable if a vulnerability is discovered in the AV; still, it's definitely bit of a stretch. There are policies IMHO that should to be enforced much before something like this. As for "firewall" permissions, I don't have the AV automatically check for updates, I do this manually so I basically answer "yes" in Core Force every time when I update the AV. But if you want to enforce restrictions on that, specify a "block all" rule first, then a new rule that lets the AV connect only (TCP) to the update server (like the ones above, but with destination address the AV update server and destination port the port the AV uses -- usually 80).
It's a beta, and rather complex, and relatively new, so I guess most people either don't know about, consider it too complex for its own good, or don't want to try a beta.
Dad-Blasted!!! I do hope they get CoreForce ironed out and stable enough to make fanfare over instead of the frustrations everyone has with it. I not been more enthusiastic about a single program outside System Safety Monitor but with what they have done with this CoreForce has me chomping at the bits. I know they can certainly get it stable at some point enough to depend on regularly, or so i sure hope so, it really is a nice concept and an excellent all-in-one which might be why they have so many issues they yet to get a handle on it.
You usually have to adjust the configuration after creating a basic one with the learning wizard, though. Don't let it do everything automatically, because most probably it will NOT be an appropriate "final" configuration.
One thing I have noticed is there alot of pops when trying to surf! I do not mind them aslong as it remembers when I say allow always but day 2 of core force and no bsod's and no freeze ups or slowdowns. Virtual memory is running at 77,056 alittle high for me but so did counterspy.
What do you mean "pops"? You mean as in "pop-up ballons asking about what to do with the connection"? That's weird, what do they say? Is the policy for Opera you have "Network. Web access to any computer (confermation required)"? If Opera is your default browser, you should totally change that. If you do that and add "remember" rules you're creating a lot of unnecessary firewall rules for Opera. You should do "Web access to any computer", and delete all those unnecessary rules you're creating. The best thing would be that you create a custom Security Level with only the rules you need. Let me know if you need assistance.
Yes, balloons before every connection. Where do I find web access under permissions? Your assistance would greatly help!
Go under General -> Programs -> Opera -> Permissions; on the "Firewall" tab on the right you'll see a series of rules. The rules written in grey are associated to policies, the ones written in black are of the "current" policy, meaning it's the ones you asked "to be remembered" in the baloon pop-ups (in "Information" on the right of the screen these say "Source -> Current"). Those in black are unnecessary, since Opera is your default browser and you do not want to create a neverending "whitelist" of outgoing firewall rules for it. http://img272.imageshack.us/img272/7937/immagine1kj.gif Once you've removed the unncessary rules, you can build your own "Custom" security level; mind you I give you my best advice of what I think you should include in it. Go under the "Custom" security level and right-click on it: it'll bring up: "Add Policy". http://img258.imageshack.us/img258/6982/immagine11fz.gif Once you click, in the policies window, add these (makes sure these are the exact rules you're adding!): - General. Environment for Opera. - Plugins. Execute approved plugins only. - Network. Web access to any computer. - Network. Web access to Internet with proxy. - Downloads. Save to download folder. - Downloads. Save to any data folder (confirmation required) - Downloads. Open attachments, except programs (confirmation required) - Uploads. Read from upload folder - Uploads. Read from any data folder. Then right-click on Opera -> Change Security Level http://img266.imageshack.us/img266/6915/immagine28ki.gif and choose "Custom" http://img188.imageshack.us/img188/3692/immagine43dv.gif And you should be set, with the right restricted environment, and with all the necessary rules.
Makes me dizzy just viewing all those permissions that CoreForce tries to allow feature for but i still admire how they try to cover the whole gambit of Windows Permissions from Process to Registry to Folder and so forth. Still slows my performance down too much for comfort just yet but watching the developments with much interest.
Actually I did that under medium security and just removed the confirmation required with (Network, web access to any computer). This way keeps everything tight and allows me to surf any where with the balloons. Both ways go down different path but end up at the same house. I can see this will be a learning curve to end all curves ! Thank you for all the help, I know I will have many more. Ptah PS. May the Force be with us!
One of the mistakes one can make with Core Force is approach it in a way similar to what is done with something like Sygate, as in "Balloon pop-up question -> Answer "yes" -> remember rule". This should not be done with Core Force: - answering "yes" means only enabling a "strict" rule (like, for Firewall, only a certain "outgoing" firewall rule to an IP, for Filesystem, only a permission on a certain file, etc). - most importantly, it should not be done for a program that's not in the "Programs" list and for which a specific program configuration has not been created, because "remembered" rules like these go directly under the "System" profile, a bad idea for many reasons! The right approach should be that of creating shared policies for the programs to "contain" to use and do a learning wizard for new programs AND after the learning wizard add the shared policies and modify the permissions for the particular program. But yes, it's a learning curve.