firewall disable notice

Discussion in 'Ghost Security Suite (GSS)' started by beethoven, Sep 11, 2005.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Running RD on XP with the inbuilt firewall disabled as I use Sygate. Just wondering why I received the RD alert about firewall disable notice and security centre today? (svchost.exe) I have not changed anything, the setup has been the same since RD was installed/upgraded. o_O
     
  2. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Beethoven,
    Could you copy the alert entries and paste them in here so we can see what was being done. It would also be useful to know the value in "Extra Data" because that is the updated data for the value, and also the command line parameters for the svchost.

    If any of the values

    • AntiVirusDisableNotify
    • FirewallDisableNotify
    • UpdatesDisableNotify
    are set to 1 then Security Center will not popup alerts when those items are not running

    So if svchost was setting them to 0 then nothing to be worried about and you can Allow it without any issues

    If svchost was setting the value to 1, then I would suggest you have a look a short while later to see if it was just temporarily disabling the alert while it did something. It all depends on your level of paranoia as to whether you want to allow the change or not, just temporarily not getting Security Center alerts is not a big deal given that you know about it and can check to make sure that it is set back to zero (0) again afterwards...
     
  3. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    gottadoit

    please see attached a screen shot. The last entries relating to the firewall were setting back to 0. What I don't understand (among many issues :oops: ) is that this alert was happening today as I did not change anything to the set up recently. Is this supposed to be done at every reboot?

    You will also see the entries below to dhcpnameserver and following. I am not sure what is going on here either. Again, these seem to be coming up each time I start my pc. While I recognise the values for the defaultgateway, the domain and the subnetmask, the entry relating to dhcpnameserver shows values that I can't place.
     

    Attached Files:

  4. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    beethoven,
    The Security Center service (wscsvc) runs inside one of the svchost processes (svchost.exe -k netsvcs) and it does attempt to change the values on startup on my machine as well (first to 1 and then to 0 very shortly afterwards)

    So you would probably be ok allowing svchost to make the change without the alert (use remember when the alert pops up next)

    If you wanted to be more paranoid you could use "remember" to create the application rule for you and then change it to Block instead of Allow, that would get rid of the Alert dialog and stop any changes. There is a chance that you might get a false alert during the Security Center startup or that Security Center may not function properly because you interfered with its the normal operation...
     
  5. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Thanks, I guess I won't worry about the security/firewall issue. Now I just have to understand the nameserver issue .
     
Thread Status:
Not open for further replies.