Kerio 2.1.5 and Avast 4.6

I have a question..how ami i able to clean the logs in Kerio 2.15. Usually what i do is right click >> Logs >> Firewall Logs >> right click & clear log....is there any other better option to clean that in a smooth way? Cheers

 

As far as I remember, that's the only way, aside from deleting the file...

 

Deleting the file from the the folder call filter logs or does it have any other name Kerodo?

 

Sorry MushfiQ, I took Kerio off again so I can't look. Anyone?

 

I am using Kerio 2.15 with BZ rules but with default loopback rules enabled and not the softare proxy and Avast works fine without any hitch. All incoming web pages are scanned with Opera, FF and IE.

By the way, Avast's web scanner has some issues with Zone Alarm Pro if you are using the privacy features. It is posted on their forum.

 

Arup-

Avast (or any other proxy) will work without excluding the ports from the loopback rule. The problem is it becomes possible for any other application to obtain internet access over the proxy port without the firewall knowing about it. If Avast is listening on port 80, then any application can use it, and effectively there is no application filtering.

 

Agreed, if you are running proxy then the rule has to be created but in my case, I have no proxy but ICS.

 

I tried the registry hack that BZ mentioned. It is easy to find in the Kerio support forum at DSLR. The result was a very long start up delay, probably caused by my AV trying to load and get net access for its mail proxys before the Kerio program loaded and allowed net access.

No free lunch on that one.

 

The Avast WebShield module never listens on port 80.

 

vlk-

I should have said listens for port 80. The general idea is if the web shield process for example listens on port 1180 for traffic to port 80, it will intercept all of that traffic without Kerio 2.15 ever knowing about it if port 1180 is not excluded from the loopback rule. Don't exclude port 80 from your loopback rule.

 

More on protecting Kerio 2.15 from termination:

The registry key is alwayssecure. Google for that and Kerio 2.15 and you will find what you need to know. Don't uncheck the "firewall enabled" box or it will cause you pain. I solved the start up delay problem by changing the loading behavior of the GUI from automatic to manual, there is a radio button for that, and then placing the shortcut for the firewall engine in the start-up folder. The firewall now loads ahead of the AV. This just might work with Avast, but I have not tried it.

The result is that when persfw.exe is not running, either intentionally or otherwise, there is no network traffic. The main drawback here is that it is not possible to completely unload the firewall for testing purposes without editing the registry. A "bypass all" rule could be added at the top and left unchecked except when needed.

 

The alwayssecure setting has more pitfalls, and problems than its worth currently for most users, especially broadband/lan users. That delay you saw was your av was dependent on rpc, and rpc was hanging due to dhcp wasn't able to do anything. Manual is a bad setting unless you willing to enable it every time you want to enable any network communications, however if your on dialup with dhcp disabled you shouldn't have any problem with the alwayssecure setting. Since I use dial-up currently, it doesn't cause me any problems.

If they could have made it a real option without any side effects, that would have been nice. Also if you install 4x, and reinstall 2x, it will be enabled, so that might cause a problem on some systems.

 

BZ,

The only reason it is on manual was to change the start up order. With the firewall engine shortcut in the start folder it starts with Windows and the splash screen comes up very quickly. Anyway, the delay went away once I started Kerio before the AV. I am going to run with it for a while on broadband, and see if I can get away with it. However, I understand why you are warning on this topic. Believe me, I would not put up with a long start up delay.

 

Diver, is that just to block all traffic before Kerio starts up?

 

Kerodo, Diver,

Have you guys ever tested Filescab, I am using it now, seems to be real nice, passes all the so-called tests out there and is very light on resources.

 

It blocks all traffic until the engine is loaded, which can include the inital dhcp request which rpc does, and can result in anything depending on rpc not starting up until the dhcp request times out, including Kerio's own engine. Its the component which allows it to interact with the user, it also the component in charge of how traffic is actually processed.

On systems that do have dhcp effected the setting should be off which is default as its a undocumented tweak, and at the most there less than a second between tcp/ip being initated to the engine being loaded at the most, which is also the same time that your not assigned a ip address while waiting for dhcp to assign you a dhcp lease.

 

Thanks BZ, I appreciate it. I think I'll just leave it as is..

 

K-

The general idea was to prevent termination of the firewall, possibly by a trojan. The sky is falling.

 

I'm not worried about termination or even packets getting thru while my system starts. Nor am I really worried about malware and so on. The only thing I worry about here is using IE. I used Firefox and Mozilla for a long time, but they always seem to have bugs that never get fixed. Still I guess it's safer to use Firefox. K-Meleon is nifty too. But for now I'm using IE and I get a little tense about that. I guess I really shouldn't use it. That's about it though. I have my firewall and AV and that's all I want right now...

 

K-

The one place I find that Firefox has problems is Yahoo. Some of their multimedia stuff just does not work right. However, I use Firefox 99% of the time because it displays small fonts better than IE and some of the extensions are cool. Also Eudora instead of Outlook Express.

It often seems like some of the most paranoid folks in security forums use IE, OE and lots of free screensavers. lol...

 

BZ-

Dial up? What's that?

I am seriously considering killing my last land line and finally getting a cell phone.

 

Yeah, I really like some of the extensions for Firefox, that's true, they are great.

One weird thing I've seen using IE is I've just been surfing around and suddenly had my AV pop up and say there's a virus in my IE cache. Turns out one time it was even an EXE! I doubt it would ever execute, but that sounds kinda dangerous offhand...

 

I get worms in my cache quite frequently,before it used to be Avast's real time scanning that would detect it, now it is detected by the web scanner. Good to know that AV is working.

 

K- Your AV is simply doing its job. Due to my frustrations with Firefox I embarked on a problem solving session this afternoon. The result was I found addblock to be causing the problems over at Yahoo. I could not get it to uninstall cleanly, and in the process the extensions window of FF quit working. I removed and reinstalled FF completely along with a few things that instal FF plugins, left off a few infrewuently used codecs and things are working very nicely over at Yahoo now.

With Kerio 2.15 I discovered that I could set my machine up for a static IP as my NAT reserves an IP so that ports can be forwarded. The thing boots up just as fast with alwayssecure enabled as it did before, either with automatic loading enabled or with the firewall engine sortcut in the start-up folder. Withoug the static IP hack I had gotten the start up delay down to only 7 seconds with the start up folder trick.

Of course, I could not do the static IP hack without a NAT.

 

You lose me when it comes to NAT and routers and such things. I just have a simple cable connection here, no NAT and no router.

As a result of P2k's mentioning some HD imaging software, I played with that, and then found out that I can also do a full system backup, including registry and system files, with MS Backup. So I did a reformat and installed everything fresh, configured everything, and then did a full backup. Now I'll never have to reinstall or reformat Windows again. Just a restore when I'm done playing with new programs. The only thing I have to do is uninstall programs and kill any folders left behind before I do the Restore. Pretty simple. A restore takes 5 minutes, from Windows. Pretty nice... I guess XP has that system restore, but I've got Win2k and don't have that. But Backup works well...