Need help with Vista Firewall with advanced security

Discussion in 'other firewalls' started by JohnnyDollar, Aug 24, 2009.

Thread Status:
Not open for further replies.
  1. JohnnyDollar

    JohnnyDollar Guest

    I recently restored my Vistax64 from an earlier image and decided to just stick with Vista firewall this time. I have the Private profile as active and set it to block all inbound and outbound that doesn't match a rule. It seems to be letting everything through though. The only app that it seems to block outbound without a rule is Nod32. It doesn't block outbound for anything else. I even have a rule for firefox to block outbound, even though I shouldn't since it is suppose to block all without a matching rule.

    note: This is probably something simple that I am not doing right, but I can't put my finger on it.
     

    Attached Files:

  2. JohnnyDollar

    JohnnyDollar Guest

    Come on, where are all the Windows firewall advocates at?
     
  3. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    If you block Eset does Fx get through? If not, it is probably the web scanner in Eset that acts as a proxy - you will need to control apps through it as well to stop them once the proxy is allowed. This is not necessarily a firewall problem but the use of a proxy...if you disable the Eset http scanner each app will be controlled by the firewall rules.
     
  4. JohnnyDollar

    JohnnyDollar Guest

    I see what you mean, when I block ESET then apps can't get through. Interesting, but you wouldn't advise disabling the ESET http scanner correct? I am using ESET v3, and there is no place to control apps in HTTP checking.
     
    Last edited by a moderator: Aug 24, 2009
  5. JohnnyDollar

    JohnnyDollar Guest

    Unless I am missing something.
     

    Attached Files:

  6. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    It's a matter of how much knowledge you have on rulesetting. In the firewall Eset rule there is a section to control programs and services and you may have to use that to control some of Eset's services so then individual rules can be used for the programs you want that go through the http scanner component. If you trust Eset to catch all the malware, then the scanner is scanning everything through it and anything that doesn't go through (the firewall will block other programs not using the scanner) won't get out.

    If you want to try another way to see the components you can use Windows Firewall Control from sphinx software (free) to see the components and then set rules yourself and remove it. Many just use it to start until they get a handle on rule settings for thier particular setup.

    The http scanner is a nice 'extra' feature but usually not completely necessary. Anything written to disk should be scanned by the routine AV component (I have never used Eset/NOD so I don't have knowledge of the component structure) and there is probably a separate email component but attachments should be scanned by the routine AV component on access to stop malware. This is one reason that suites have become popular - they can deal with the interception of data in a more simple user interface manner than just a proxy AV scanner and a separate firewall.
     
  7. JohnnyDollar

    JohnnyDollar Guest

    Ok thanks for your help. I am going to start another thread over in the nod32 forum. This may also explain why I could't get Private Firewall to work correctly earlier.
     
    Last edited by a moderator: Aug 24, 2009
  8. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Make sure the firewall rules apply to All Profiles or your specified profile (Private in your case) and your network connection (in Network and Sharing Center) has the type Private as well.
     
  9. JohnnyDollar

    JohnnyDollar Guest

    Thanks for the reply, but I found out what the problem was. It was Nod32 v3, I installed v4 and the problem was taken care of.;)
    https://www.wilderssecurity.com/showthread.php?t=251755
     
Loading...
Thread Status:
Not open for further replies.