FWDRV.VXD

Discussion in 'other firewalls' started by yodafan, Oct 27, 2002.

Thread Status:
Not open for further replies.
  1. yodafan

    yodafan Guest

    Hi,

    Wut is this FWDRV.vxd file? I need it to connect to my isp AOL, and a lot of traffic is going threw this application? Nething i should be concerned about?

    YODA
     
  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    If I am not mistaken, that is associated with Kerio. If you have Kerio, perhaps you can find some info at the web site.
    If you do not use kerio, I think it would bear looking into a little further.
     
  3. yodafan

    yodafan Guest

    I have kerio free firewall, its only installed but is not being used at the time. So i don't think it should be transfering data... Ne how i cannot connect to my isp if i block it with my firewall. I would like to know wut this file is, i have not found much info on it though..

    YODA
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    That module is supposed to be a key component of the Kerio firewall. It's a virtual device driver, and it allows the firewall application access to the data passing through your network device at a very low level, allowing it to do its job in controlling access permissions.

    I'm wondering what you meant when you said...

    Yodafan>> "a lot of traffic is going threw this application?"

    How exactly do you see that the traffic going threw it? If you can tell us what tool shows this, and what exactly it says, we may be able to better interpret it for you.

    It's possible that this driver is still used by your network device simply by being installed, even though the firewall UI is not running.
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Seems at first look a plausible explanation:

    What files/registry keys get installed:

    Tiny and Kerio use InstallShield6 programs for installation and uninstallation. The downloaded file contains three OS Groups: Win9x, Win2K, WinNT. The files installed are identical for all OS, except that a VXD file is used for 9x, and the same SYS file for 2K and NT.

    *** Files installed

    KPF.chm \..\home folder (Kerio only)
    persfw.exe \..\home folder
    pfwadmin.exe \..\home folder
    fwdrv.vxd \windows\system (9x) ;fwdrv.sys (2K, NT)Start Menu Links to these files are also added, and log, key & conf files are created in the home folder during execution. Only four registry keys and one value are added:

    *** KPF
    [HKEY_LOCAL_MACHINE\SOFTWARE\Kerio]
    [HKEY_USERS\.Default\Software\Kerio] ;added after reboot
    *** TPF
    [HKEY_LOCAL_MACHINE\SOFTWARE\TinySoftware]
    [HKEY_USERS\.Default\Software\TinySoftware] ;added after reboot
    *** Both
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\persfw.exe]
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\fwdrv]
    ...[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "PersFw"="......."

    Questions from LowWaterMark seem valid ones nevertheless.

    regards.

    paul
     

    Attached Files:

  6. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
  7. yodanfan

    yodanfan Guest

    Wow lots of reponses....i haven't read them all yet but i will.

    After unistalling kerio firewall, that wasn't in use the fwdrv.vxd is gone. But now another application call "ATW protocal driver" ( atwpkt2.vxd) is needed to connect to isp.... it seems it has taken its place or something but acting the same way, it is in my AOL folder. Wut is a protocal driver and wut does it do, and should it be allowed to transfer inbound and out bound connections? Btw...I'm using sygate firewall, and i see that it is as one of the running applications thats is transfer the most data compare to the other applications i'm using.

    YODA
     
  8. yodafan

    yodafan Guest

    oh yea.. thanx guys for the fast response and answers
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    ..as expected ;)

    A needed driver for (I believe) AOL v7.0.

    regards.

    paul
     
  10. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    I don't have atwpkt2.vxd on XP, with AOL 7.0, but it may be used to support the Windows 9x or ME versions. Yoda what is your Windows version and also AOL version?

    I've found that AOL is a funny product as I've used it for many years. It adds a lot of its own networking components when it installs. AOL doesn't like to depend upon things being on a PC, it brings almost everything with it - just in case. (It even contains its own edited version of RASPPPoE - a DSL access application.) So, I agree this is most likely a key driver allowing AOL network access by your system. It's how your PC is connected and able to talk to the network, and that explains why its the most active thing passing thru your firewall.

    Have you actually tried using Sygate to block it from accessing the network to see what happens? It might be an interesting test, provided you are also comfortable with how to re-enable its access again after testing to get back online. ;)
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Oops..apologies. Since this one obviously has been recreated, the original would be atwpkt.vxd.

    regards.

    paul
     
  12. crkit1

    crkit1 Registered Member

    Joined:
    Aug 31, 2002
    Posts:
    93
    Location:
    Florida
    I use Win9x, AOL 7.0, no .vxd files in there anywhere.

    There is a .vxd file in Internet Explorer 6 that sends information to a company called Mindset. I inquired about that recently and Mindset shows one screen only. On that screen, they say they collect info to determine how best to serve users' marketing needs. They are not extremely clear as to what exact info is collected.
    I blocked that file with my firewall and so far, I haven't had any problems connecting to Aol or IE.
    Nosey, aint I? :cool:
     
  13. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Nice job, crkit1 ;)

    regards.

    paul
     
Thread Status:
Not open for further replies.