Defensewall setup question

Discussion in 'other anti-malware software' started by Gigabyte, Apr 21, 2010.

Thread Status:
Not open for further replies.
  1. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    Not to sound stupid,but by reading the help files,it seems I should put firefox,etc into "untrusted" correct? What about av products?Sorry for the dumb questions,just don't want to be using something and it be setup wrong, therefore not doing any good.Right now FF is running in the untrusted process alert?Thanks
     
  2. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    I think Defensewall does all that for you; I am not an advanced user, so I haven't done anything but run it "out of the box". It scans your system and automatically assigns trusted and untrusted- and does a great job.

    Without knowing your exact setup, I can tell you that I have installed Defensewall 3 Firewall before and after AV's and firewalls, and never had one problem with updates due to Defensewall.

    Do you have a specific problem?
     
  3. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    Should the program(s) I am running at the time be in the "You have 2,etc running processes running on your computer"? Right now I have Firefox and Thunderbird running and they are in that column.Should they be is what I am trying to figure out I guess.
     
  4. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    Yes, I think everything is running fine. As an example, I am using Chrome, and have Itunes also. Defensewall shows 5 untrusted process- Bonjour, Apple Mobile Device Services, and 3 instances of Chrome.

    The fact that Defensewall shows that is one of my favorite things about it. Look, and if you don't like it, hit terminate. Done.

    All in all, this is one of THE BEST security programs I have come across. Once you get used to it, it truly is set and forget- unless you need it.

    So, I guess what I am trying to say is you probably would have to work to mess it up. Ilya has done a great job "idiot proofing".:cool: (No offense to you)
     
  5. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    Thanks dueceswild,that's what I was wondering about.Having the "untrusted processes" and that big STOP ATTACK button below it was throwing me off.Looks like all is well.
     
  6. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    Yeah, I can see that. The stop attack closes everything. You can also terminate untrusted processes individually in the "untrusted process details" screen. Just highlight and terminate.

    I think (hope) you'll be well pleased with this program after you take it for a spin. I bought it one or 2 days into the trial. Ilya has added some great enhancements. Like when you download an installer, it is automatically classified as untrusted. Used to, you had to manually change it before install. Now, if Defensewall doesn't have it whitelisted and you forget to change the status to trusted, you get a popup asking what you want to do.

    Among the best security software money that can be spent, IMHO. And great support, basically on two forums and through email. Ilya is very responsive.

    Good luck
     
  7. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    As described on the first sheet of main dialog, all the browsers, e-mail, multimedia IM, P2P and IRC cliens should be into the "untrusted" group. DefenseWall has built-in list of "already known should be there" applications, but, naturally, it's not 100% complete. So, if you have one DW doesn't see, just add it manually.
     
  8. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Since I've installed DW v3 (over the v2.56) my Firefox can't connect to the internet through Tor.

    I think it's DW firewall that's blocking something.

    I added manually polipo.exe, vidalia.exe, tor.exe, tor-resolve.exe and Vidalia Bundle and Torbutton folders to DW firewall and they have "Allow for untrusted" internet status now, but to no avail. If I set FoxyProxy to "Use proxy 'Default' for all URLs" then Firefox goes online but directly (without Tor, which is normal), but if I set it to "Use proxy 'Tor' for all URLs" then Firefox can't connect to internet.

    What should I do?
     
  9. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, you have do do following:
    1. Clean up "Events log" sheet ("Delete all"->"Apply")
    2. Reproduce the issue.
    3. Export DW's logs ("Events log"->"Export") into a file, zip and send me to the support address.
     
  10. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    I cleaned the Events log.

    I started Firefox sandboxed by SBIE (as I usually do) and got the same message. I looked at Events log - nothing there. I thought perhaps Sandboxie interferes, so I exit everything and start all over, this time Firefox is not sandboxed. The same message again and Events log is empty. o_O
     

    Attached Files:

  11. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    OK, I see now (after 3-4 minutes) the events log is populated with some data. I'll send it to you.

    EDIT:Well, when I look at it, it's just these lines:

    04.22.2010 16:32:27, module C:\Program Files\Opera\opera.exe, Attempt to set value CommonMusic within the key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (Registry)

    04.22.2010 16:32:31, module C:\WINDOWS\system32\java.exe, Attempt of connect to the UDP port 44578 (Network)

    04.22.2010 16:32:41, module C:\Program Files\Opera\opera.exe, Attempt to set value {EB9B1153-3B57-4E68-959A-A3266BC3D7FE} {0000010B-0000-0000-C000-000000000046} 0x401 within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\ (Registry)

    04.22.2010 16:32:41, module C:\Program Files\Opera\opera.exe, Attempt to post message 412 into the window of the process C:\WINDOWS\explorer.exe. (Shatter)

    04.22.2010 16:33:28, module C:\Program Files\Mozilla Firefox\firefox.exe, Attempt to connect to the TCP port 8118 (Network)


    That's all: the Firefox line is repeated 15 times and the java line maybe 60-70 times
     
    Last edited: Apr 22, 2010
  12. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Just to clarify, I use Opera for regular ("naked") surfing and Firefox with Vidalia/Tor/Polipo/Torbutton bundle for surfing through Tor. Polipo listens on port 8118.


    EDIT: I have just now disabled DW firewall's inbound and outbound protection for ten minutes. Started Firefox sandboxed and everything works just fine.
     

    Attached Files:

    Last edited: Apr 22, 2010
  13. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    What's the process is owing 8118 post? Use CurrPorts get get full path name.
     
  14. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Where can I see the full path? CurrPorts shows this:
     

    Attached Files:

  15. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    It shows this because you have to run it as trusted and with full administrative privileges.
     
  16. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    o_O :oops: :D
     

    Attached Files:

  17. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Currently, you need just allow 8181 port. Later, I'll try to make a generic rule on it if possible.
     
  18. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    OK, no need to allow 8181 port. Download generic ruleset file, unzip, replace your existing c:\windows\system32\DefenseWall HIPS\defensewall_inbound_excludes.txt with it and wait for five minutes.
     
  19. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Yes! It's working!

    I am posting this through Tor with sandboxed Firefox with Vidalia and Polipo.

    Thank you very much for your time and effort, Ilya. You are the best!
     
  20. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I'm very dlag I could help you with the problem.
     
  21. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    Glad I made this helpful post.:D One more thing,does DW have keylogger protection?
     
    Last edited: Apr 22, 2010
  22. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    Yes, it does, but the process must be running as "Untrusted" to see an alert. :)
     
Loading...
Thread Status:
Not open for further replies.