Nod32 v3: Software firewall made useless b/c all connections are running through v3?

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Ahh... I understand. I must say that respectfully, I don't agree. IMO, the firewall should always be the primary application facing the outside world.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

yes, but in that case you will have packet filter, not application FW...

 

OA Free user here! From this monumental thread (actually this page), which is accurate? 1) "Please look at my EDIT in the post above yours. Set your OA to Intercept loopback and then set rules to intercept ports 1024-4999. then use endpoint restrictions to send only to following enpoints: 127.0.0.1/32." or 2) "Well, can't imagine much more plain English instructions than "Just tick 'Intercept Loopback Interface' in OA". It doesn't work for you? Or you cannot find the option? Or... ?"

 

Well, since 1/ and 2/ are exactly same answers, I really don't get the point of your question.

 

But they aren't the same!
"intercept ports 1024-4999. then use endpoint restrictions to send only to following enpoints: 127.0.0.1/32." or
"Just tick 'Intercept Loopback Interface" Or are you saying that is what will happen when you "just tick", which I doubt.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

EPIC POST IS EPIC!!

solved my tears and frustrations that ive been having for the loongest time!! THANK YOU mickhardy, UR THE BEST!!

 

concerning the Web Access Protection setting in NOD v4..

i don't really think i need such module since i'm quite satisfied with scan-on-file-{creation, execution} policy thus i probably don't need Web Access Protection/HTTP Checking enabled at all..!?

also, having in mind previous question and being a Outpost Firewall 2009 user i would like to know next:
1) what happens if Web Access Protection is disabled like in my case?
does infamous NOD built-in proxy filters traffic instead of my firewall even then or one should enable it just for sake of excluding certain app from being proxied?

2) someone told me that i can test whether my firewall works or is bypassed via NOD's proxy by deleting all rules for browser and then try to connect HTTP to see what will ask for connection, firefox.exe or ekrn.exe.. and i did.

what i saw is that firefox.exe, (not ekrn.exe), asked for HTTP connection and also, i never ever saw ekrn.exe asking for connection other than its update nor i ever saw it in current connections list except when i'm updating it manually.

so once for all, answer for eternal question:
Does My Firewall Works!?

 

I'd strongly encourage you to leave the HTTP/web scanners enabled as they use more sensitive and stronger heuristics than other modules so with them you're better protected against new threats.

 

I don't understand. Are there several levels of heuristics? Do you mean to say that scanning on file access is less effective than checking web traffic?

Sorry but I'm confused by this.

 

majority of my applications that needs web access are Sandboxied as added security to already installed security applications set and im not too paranoid since im using my computer to work on it and earn myself a vage and not to maniacally update/upgrade/protect OS/Applications because of boredom.

i find my browser and HTTP quite secure for my needs since i don't use cracked software by any means and face malware threats quite rarely.

i would like to hear answer to my questions above since Eset customer support i tried to contact via email gave me quite moronic answer on my question:

thanks for replies..

 

If Outpost is giving you popups for network enabled applications then it's working and not being by-passed purpler. It means you have successfuly turned off the proxy filter in NOD. Otherwise all traffic would be going through the NOD process [ekrn.exe].

You can also verify this by looking at Network Activity in Outpost. If your browser is listed when you are using it rather than NOD then the firewall is doing the filtering rather than going through NOD.

 

thats all i ever wanted to know about this topic!
in exactly that form.
thanks