Core Force - Opera rules HELP!

Discussion in 'other firewalls' started by Ptah, Apr 30, 2006.

Thread Status:
Not open for further replies.
  1. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    I have been using Core Force about a day now and am having trouble adjusting the download profile (Force) security set to medium-low. I can not send or receive email without disabling the protection for opera. Where in the config. do I look to change these setting?
     
  2. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
  3. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    Ok, Direction says Outgoing
     
  4. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Outgoing is right, do not put incoming. :)

    You probably need these two rules:

    Basic:
    ------------------------
    Action: Pass
    Direction: outgoing
    Protocol: TCP
    Interface: Any

    Source:
    ------------------------
    Address: Any
    Port: Any

    Destination:
    ------------------------
    Address: [your smtp (outgoing mail) server]
    Port: 25

    Advanced:
    ------------------------
    Enabled: Yes
    Stealth: No
    Stateful: Yes
    Log: No
    Quick: No
    IP Options: No
    Flags: S/SA


    And:


    Basic:
    ------------------------
    Action: Pass
    Direction: outgoing
    Protocol: TCP
    Interface: Any

    Source:
    ------------------------
    Address: Any
    Port: Any

    Destination:
    ------------------------
    Address: [your pop (incoming mail) server]
    Port: 110

    Advanced:
    ------------------------
    Enabled: Yes
    Stealth: No
    Stateful: Yes
    Log: No
    Quick: No
    IP Options: No
    Flags: S/SA

    You can delete the other Firewall rules for this Shared Policy.
     
  5. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    I have got a list of (4) that say out going. Do I edit them or create new rules
     
  6. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Create new rules. If the new rules work, you can delete those old 4 ones (they were created at installation time, but they are to provide initial functionality without further editing: since the pop/smtp seem to have some problem, and since probably you don't use pop-ssl and imap, you don't need those 4, just the two new ones). :)
     
  7. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    Thanks, TNT everything is working know!!!
     
  8. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    You're welcome. :)

    It takes some time to get familiar with Core Force, but with experience it becomes an amazing tool.
     
  9. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    It seems your the only one using this program? I installed it yesterday and have had no problems!
     
  10. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    I used the wizard to create profiles for all programs that need to dial out. I am just hoping that everything is able to update itself when needed.
     
  11. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    TNT what policy should be set for your AV?
     
  12. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I didn't set the policy for the AV; basically, the AV should be considered "trusted" so (IMHO) it doesn't make much sense to enforce restrictions at filesystem and registry level, but I guess if you do want to enforce restrictions, you could do a "learning wizard" to let it know what files it must execute, then you can modify the list/read/write/delete to allow it to do this on the whole filesystem. That way its policy would not allow to launch a particular executable if a vulnerability is discovered in the AV; still, it's definitely bit of a stretch. There are policies IMHO that should to be enforced much before something like this.

    As for "firewall" permissions, I don't have the AV automatically check for updates, I do this manually so I basically answer "yes" in Core Force every time when I update the AV. But if you want to enforce restrictions on that, specify a "block all" rule first, then a new rule that lets the AV connect only (TCP) to the update server (like the ones above, but with destination address the AV update server and destination port the port the AV uses -- usually 80). :)
     
  13. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    It's a beta, and rather complex, and relatively new, so I guess most people either don't know about, consider it too complex for its own good, or don't want to try a beta. :)
     
  14. EASTER.2010

    EASTER.2010 Guest

    Dad-Blasted!!! I do hope they get CoreForce ironed out and stable enough to make fanfare over instead of the frustrations everyone has with it.

    I not been more enthusiastic about a single program outside System Safety Monitor but with what they have done with this CoreForce has me chomping at the bits. I know they can certainly get it stable at some point enough to depend on regularly, or so i sure hope so, it really is a nice concept and an excellent all-in-one which might be why they have so many issues they yet to get a handle on it.
     
  15. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    You usually have to adjust the configuration after creating a basic one with the learning wizard, though. Don't let it do everything automatically, because most probably it will NOT be an appropriate "final" configuration.
     
  16. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    One thing I have noticed is there alot of pops when trying to surf! I do not mind them aslong as it remembers when I say allow always but day 2 of core force and no bsod's and no freeze ups or slowdowns. Virtual memory is running at 77,056 alittle high for me but so did counterspy.
     
  17. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    What do you mean "pops"? You mean as in "pop-up ballons asking about what to do with the connection"? o_O

    That's weird, what do they say? Is the policy for Opera you have "Network. Web access to any computer (confermation required)"? If Opera is your default browser, you should totally change that. If you do that and add "remember" rules you're creating a lot of unnecessary firewall rules for Opera. You should do "Web access to any computer", and delete all those unnecessary rules you're creating. ;)

    The best thing would be that you create a custom Security Level with only the rules you need. Let me know if you need assistance. :)
     
  18. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    Yes, balloons before every connection. Where do I find web access under permissions? Your assistance would greatly help!:)
     
  19. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Go under General -> Programs -> Opera -> Permissions; on the "Firewall" tab on the right you'll see a series of rules. The rules written in grey are associated to policies, the ones written in black are of the "current" policy, meaning it's the ones you asked "to be remembered" in the baloon pop-ups (in "Information" on the right of the screen these say "Source -> Current"). Those in black are unnecessary, since Opera is your default browser and you do not want to create a neverending "whitelist" of outgoing firewall rules for it. :D

    http://img272.imageshack.us/img272/7937/immagine1kj.gif

    Once you've removed the unncessary rules, you can build your own "Custom" security level; mind you I give you my best advice of what I think you should include in it. Go under the "Custom" security level and right-click on it: it'll bring up: "Add Policy".

    http://img258.imageshack.us/img258/6982/immagine11fz.gif

    Once you click, in the policies window, add these (makes sure these are the exact rules you're adding!):

    - General. Environment for Opera.
    - Plugins. Execute approved plugins only.
    - Network. Web access to any computer.
    - Network. Web access to Internet with proxy.
    - Downloads. Save to download folder.
    - Downloads. Save to any data folder (confirmation required)
    - Downloads. Open attachments, except programs (confirmation required)
    - Uploads. Read from upload folder
    - Uploads. Read from any data folder.

    Then right-click on Opera -> Change Security Level

    http://img266.imageshack.us/img266/6915/immagine28ki.gif

    and choose "Custom"

    http://img188.imageshack.us/img188/3692/immagine43dv.gif

    And you should be set, with the right restricted environment, and with all the necessary rules.
     
  20. EASTER.2010

    EASTER.2010 Guest

    Makes me dizzy just viewing all those permissions that CoreForce tries to allow feature for but i still admire how they try to cover the whole gambit of Windows Permissions from Process to Registry to Folder and so forth.

    Still slows my performance down too much for comfort just yet but watching the developments with much interest.
     
  21. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    Actually I did that under medium security and just removed the confirmation required with (Network, web access to any computer). This way keeps everything tight and allows me to surf any where with the balloons. Both ways go down different path but end up at the same house. I can see this will be a learning curve to end all curves:eek: !

    Thank you for all the help, I know I will have many more.

    Ptah

    PS. May the Force be with us!
     
  22. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    One of the mistakes one can make with Core Force is approach it in a way similar to what is done with something like Sygate, as in "Balloon pop-up question -> Answer "yes" -> remember rule". This should not be done with Core Force:

    - answering "yes" means only enabling a "strict" rule (like, for Firewall, only a certain "outgoing" firewall rule to an IP, for Filesystem, only a permission on a certain file, etc).

    - most importantly, it should not be done for a program that's not in the "Programs" list and for which a specific program configuration has not been created, because "remembered" rules like these go directly under the "System" profile, a bad idea for many reasons! :eek:

    The right approach should be that of creating shared policies for the programs to "contain" to use and do a learning wizard for new programs AND after the learning wizard add the shared policies and modify the permissions for the particular program. :)

    But yes, it's a learning curve. :)
     
    Last edited: Apr 30, 2006
Loading...
Thread Status:
Not open for further replies.