How to use PC Tools FW + version 5.0.0.38 LT # 5

Discussion in 'other firewalls' started by Escalader, Feb 22, 2009.

Thread Status:
Not open for further replies.
  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hello:

    Stem suggested (off line) that I might start a LT on this 2 way FW.

    This thread will explore the use of this FW, and along the way hopefully we can share some tricks to optimize the use of it's features.

    FYI, I have downloaded and installed the firewall program PC Tools FW + version 5.0.0.37. Note that http://www.matousec.com:80/projects/...ge/results.php used version 36 in it's latest report if you happen use that site for FW information. Please note this thread doesn't deal with posts on the +'s or -'s of matouse.


    PC Tools FW is a free product from a well known vendor. If you want to work with us you really should install http://www.pctools.com/firewall/ at least on a test machine so that your results / posts are real!

    IMHO, this product is not a suite, it doesn't have a HIPS or a web site screener or a mail checker, blocking lists etc so don't look for these features. Users can achieve these features in other ways with PC Tools FW+.


    Here is a quote from their quick start guide:


    AS before a learning thread is not offer a chance to "knock" PC Tools. Far from it.

    Support for PC Tools FW is in the usual PC Tools forum.

    Here is my first advanced rule dealing with my mail client. The product helped me generate 3 specific application rules MS Outlook for pop3 ,smtp and UDP. All I did wasput in the specific ip's and ports used. It is clear about protcols and packet direction.

    The next thing I want to do is "untrust" my router as it is shared with a nasty PC upstairs used for on line gaming.

    But to be candid I'm not sure how this should best be done. I'm hoping Stem will help me do this! There is a Trusted zone and an Internet zone so there may be a way to use these to untrust my router.



     

    Attached Files:

  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: How to exploit PC Tools FW + version 5.0.0.37 LT # 5

    To be specific, I said I would participate in such a thread if made,.. that aside,...

    On the HIPS side of things, there is some implementation, which on first encounter (I have missed some versions/releases of this firewall) does present some possible confusion as to what actually requires "direct" internet access, I will start to put together examples of this and how to control such as windows "explorer" (not IE) which requires no direct internet access, but requires a parent-child control allowed.


    - Stem
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Hi Escalator,

    By default all network cards are placed in the "Internet zone", you can check this by going to "Settings- Adapters"

    adapters.jpg

    Now, go to "Advanced rules- Internet zone" and note the top 4 rules.

    lan.jpg

    The first 3 rules are there to allow access to the local service ports for various LANs, opening one of these rules will show that for specific IPs that local ports 0-1023 are allowed.

    ports.jpg

    These are in place to allow for such as netbios over the LAN.

    The forth rule is in place to block this access not previously allowed.

    So for the setup you want, un-check (untick) those top 3 (three) rules.


    There is also a need to look at the auto rules created for such as Svchost, but I first want to make some checks.


    - Stem
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: How to exploit PC Tools FW + version 5.0.0.37 LT # 5


    My error, Stem!

    Your participation is good enough for me! I need more sleep! :D
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5


    Thanks Stem:

    I have unticked the 1st 3 rules (this reminds me of Kerio)

    What if the user didn't untick those 1st 3 rules but changed them instead to block rather than ignore which is what I'm assuming untick means:doubt:


    In my case, I have TCP/IP NetBIOS Helper services disabled so would this have mattered if I had left them ticked?
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    You could change them to block, but there is the 4th rule already in place to block those ports from any IP, so you could do either:-

    Disable the rules by unticking them
    or
    change them to block.

    From my point for your setup, it is really just a case of disabling un-needed / un-wanted rules.


    - Stem
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5


    Thanks, that's what I thought.

    However I have a mystery to solve.

    My adapters screen is blank? Why? (see attached)
     

    Attached Files:

  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    I did have the same problem with one installation. Does a re-boot solve the problem? If not, you may need to remove and re-install.

    I think a possible bug.


    - Stem
     
  9. 2good

    2good Guest

    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Do not use this firewall its has bugs just had BSOD without ESV turned on.
     
  10. ambient_88

    ambient_88 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    854
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Well, it has been working fine on my system with ESV on (Win XP SP3).
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Stem, Escaldor,

    I think the ESV feature and the HIPS are good to deal with common nasties/intrusions. It is a very fast FW in my experience. I think direct disk access is a missing feature.


    What do you specifically like about this PCTFW+
     
  12. 2good

    2good Guest

    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    My apologies to all especially pc tools for the last comment it turned out to be display driver.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Hello,

    I am not seeing any BSOD, but I have had a couple of lock outs when starting some programs.



    - Stem
     
  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Hi Kees1958.


    I still need to set up and check its packet filtering, so too early to say anything.


    - Stem
     
  15. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    So far I have few conclusions, it is early in a learning thread. Out goal is to learn how to use this FW as it is. We aren't comparing it to other products. Of course readers will have FW's and draw comparisons but that is NOT what I'm doing.

    I agee it seems fast. I don't think it has a HIPS with it unless you took the Threat Fire option, I didn't take TF. Did you take that and that is the HIPS you refer too?

    What is the reference to ESV? I'm learning right along with you!

    I like the fact that I can create specific rules for each application right down to the ip and port level. I like the clarity on protocols the dns translations as well confirming I've hit the correct site for updates to my security products.

    So far I find the logging a bit to micro as I have to turn it on for each application 1 by 1 but I may in fact find that valuable later.
     
  16. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Well I've uninstalled the FW and note that as it should the windows FW is back on! It should be a no brainer that if the user uninstalls a 3rd party FW the windows fw gets turned back on automatically. Now I'm about to reinstall PC Tools FW+ and I will see if it is smart enough to turn windows FW OFF.

    More later.





    Okay, I had the blank yesterday and again today so I did reboot it once. I'm wondering if it is related to one of my services turned off or tweaks via jv16 Power Tools 2009.

    But let me try a reinstall again first.
     
    Last edited: Feb 23, 2009
  17. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Stem:

    I have the adapters back see attached jpg.I had to reinstall product.

    The windows FW was turned OFF so that is good. Given that the incoming protection of PC Tools FW is as good as windows xp sp3:doubt:

    However the pain in the neck now is I have to untick the 3 rules again and redo the work on my mail client ips, ports etc. Where is the restore settings feature? Or is there one? :doubt:

    I will look for the restore feature.
     

    Attached Files:

  18. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Stem:

    Is this attached rule from the trusted zone correct? It says zip about direction? Maybe I'm forgetting an earlier lesson (again)
     

    Attached Files:

  19. ramoncin

    ramoncin Registered Member

    Joined:
    Jun 26, 2007
    Posts:
    28
  20. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5


    Thanks, I'll check it out.
     
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
  22. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Well I installed v 38 and imported my V37 rules from the internet zone.

    So far I have problems with the internet connection being blocked now. I'm here posting only to tell you guys this and that I would hold on 38 for a bit.

    I may only have made a stupid error in rule building
     
  23. NewsAndHistory

    NewsAndHistory Registered Member

    Joined:
    Feb 9, 2009
    Posts:
    12
    Location:
    Earth
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Thanks for posting so much information abou PC Tools Firewall PLUS. Does it block pop-up advertisements well on your computers, anyone?
     
  24. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5


    Well no, that function is dealt with in the pop up settings in your browsers.

    I use FF 3.0.6 to deal with that via no script, no cookies etc. IE 7 has it's own pop up controls. :D
     
  25. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: How to use PC Tools FW + version 5.0.0.37 LT # 5

    Well I ran winsockxpfix on 38 and rebooted and recovered my connection.

    Don't do this guys it's a bit hazardous. But once again I have my blank adapters back. :'(

    Tomorrow I will reinstall 38 again and NOT import rules to see if:

    1) I have a connection
    2) My adapters are in the Internet Zone

    Another event that bugs me is Nod32 updates! I have chosen one ip in the Nod32 server list for updates. BUT PCTools keeps giving me ALL the pop up requests for all the eset servers in the Nod32 list! :eek:

    Now this is not what I have experienced with any other FW! So either Nod32 is trying to connect to every server even though I told it to use just 1 and PC Tools is the only FW that detects this behavior which seems unlikely. Or there is a bug in Nod32.

    I'm waiting for Stem now to comment on all this having caused enough excitement for 1 day. I suspect a few bugs exist in PCTools Fw+

    See yah
     
Loading...
Thread Status:
Not open for further replies.