Free, Light App For Outbound Connections

Discussion in 'other anti-malware software' started by tobacco, Apr 18, 2010.

Thread Status:
Not open for further replies.
  1. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Well, i've tested out several firewalls and found PCTools and Private Firewall to run the best on my system. However, both of these ended up interfering with a program and were therefore removed. The latest being Private Firewall preventing Prevx from scanning new installs, etc. despite giving Prevx full open access in the rules.

    So since i'm already behind a router, i thought i would try to "fore-go the firewall route" and use something else for outbound internet monitoring.

    Looking for a free and lightweight app that will tell me when an outbound request is made and give me the option to allow/deny "once" or create a "standing rule".

    Again, outbound connections only. I don't want to be popup bothered everytime a program tries to run (full HIPS)

    Can Sandboxie be setup this way or is it just whatever is running in the sandbox??

    Thanks!
     
  2. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    Sandboxie can be configured to only allow outbound connections from designated applications, but you aren't going to get any on-the-fly options. If you set restrictions on network connections then you have to specifically configure Sandboxie for each application to allow.

    You can do what you want with Threatfire by enabling the included custom rule for processes enabling network connections.
     
  3. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Online armour free w/ HIPS off. You can configure the firewall under advanced user.
     
  4. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    That firewall did not play well on my setup.
     
  5. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    I understand that program is a behaviour blocker. Can it be used for outbound connections "Only"?? No other action popups??
     
  6. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Tobacco,
    It sounds like you are looking for a light weight firewall w/ outbound only. Have you tried look nstop or sunbelt personal firewall? You might also try and figure out the problem with the firewalls that do work with your system. I can't think of any programs other than a firewall that monitors and allow/deny access to access the net.
     
  7. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, I'd suggest LnS as well, be he wants a free one... :doubt:
     
  8. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Yes, the construction industry where i live is still suffering :(
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    look n stop is lite;)
     
  10. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    I tested all the freebies and any major conflicts or major bootup slowdowns were immediately yanked. The 2 i mentioned i spent time investigating and trying to correct the issue but enough was enough which is why i want to try another direction. I'll try an HIPS if i can disable it to only watch outbound connections.
     
    Last edited: Apr 18, 2010
  11. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    No, you can't disable the behavior blocker. But it is lightweight and free, and if you turn it down to its lowest settings you'll probably never see a popup.
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yes set sensitivity level to 1 and you are done
     
  13. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Thanks - am testing right now in a VM, in WonderShare Time Freeze, in Sandboxie :D
     
  14. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    There's a link for Look 'n' Stop Lite in this post if you're looking for a free version of this lightweight firewall.
     
  15. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Thanks but my bad - i didn't say i run Vista32 and it says XP and older. Secondly, from the description it looks like inbound protection only in that free version??
     
  16. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    I'm liking so far with it set at "2". Very light. Wonder if it's outbound blocking abilities have been tested??

    Thanks Again
     
  17. Less

    Less Registered Member

    Joined:
    Dec 24, 2008
    Posts:
    248
  18. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    Free? Light?

    Kerio 2.15 - Lightest
    Sygate 5.5 - Very Light (turning off IDS lightens it a lot)
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i am very tempted to try threatfire again:D
     
  20. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Bootup time a tad slower now but besides that, Threat is playin well with Avira and Prevx.

    So far, as a non-firewall app, it is fulfilling my outbound protection needs.
     
    Last edited: Apr 20, 2010
  21. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Great stuff Kees, didn't know that. Been using the latest threatfire for a couple of weeks now, on its own (network connection alerts enabled), with Hitman Pro on-demand and sandboxie. Awesome. :)
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep,

    See some older instruction https://www.wilderssecurity.com/showthread.php?t=253507

    Please make two precautions

    1. Make sure you create a restore point before Quarantaine (see older post)

    2. Secure explorer from being quarantained


    Remove an allow outbound connection program from the Allowed list in threatcontrol (e.g. WindowsMediaPlayer). Now start WMP, choose KILL! Then start WMP again: Terror will strike into your heart wih the following pop-up: TF tries to quarantaine Explorer because it launches a untrusted program. Now choose ALLOW + REMEMBER. again start WMP and also choose ALLOW + REMEMBER.


    For XP users running admin (and Windows 7 users running UAC default) and wanting to add startup protection of HKLM: Download Autoruns (from Microsoft), run it and simply add all keys listed in HKLM) see picture (Note when you run full UAC in Vista or Windows7 registry keys of HKLM are protected)
     

    Attached Files:

  23. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yes,

    For a reasonable knowledgeable PC user, Windows 7 with UAC on default, my registry download protection tweak (using Chrome as Browser) and TF (set sensitivity level to 1) looking at autorun keys and outbound, you get a decent protection.

    DJames has promised me that they would add sensitivity level and the ADS bit (which I use for my registry tweak) of mail attachements and downloaded files (the ADS bit which prompts Windows for a warning) to the custom rules.

    This would make custom rules possible like

    When any process
    tries to execute a file
    which has been downloaded
    set sensitivity level to 4

    regards Kees
     
  24. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Great info there Kees :thumb:

    Would you give us your general option on Threatfire??
     
  25. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    For a freebie it is a good application. In the time the HIPS were real 'dumb' meaning the user had to know, it was a breakthrough technology.

    Currently I think PrevX has the best BB implementation. WIth HIPS going smart (e.g. Comodo Sandbox), It is still a viable strong solution. But they big plus (less user knowledge) is reducing because ithers get smarter.

    I really like the custom rules, I really dislike the auto quarantaine, as illustrated with my bewares. I think they shot themselves in the foot. TF was the best BB, so they even imitated AV behaviour (quarantaine). The reported false quarantaines are really decreased. You can influence it by adding trusted processes (they will never be quarantained).

    Still for a knowledgeable user TF on sensitivity level 2 or 3 with some custom rules is a strong free solution.
     
Loading...
Thread Status:
Not open for further replies.