Outpost 2009 Free or Pro

I am curious now if wwdc works on vista??

 

According to system requirements, it doesn't

Hi again Toby!

don't worry about it. We've all been there before and it just takes time. Based on this info, I would advise you setup outpost as follows in my screenshot. After you hit the 'Normal" button, just leave the next settings as:

"Auto create and update rules" and "Automatically train Outpost Firewall Pro during one week", then hit the "Next" button.

When you installed Outpost, you would have been offered this option during the installation.

Sometime later when you are more comfortable with firewalls and network basics, you can fine-tune the rules to be more restrictive, but the auto-generated ones will give you decent security to get you going on the right path.

 

Hi Toby,

I am now setup.

Looking at the auro rules created for svchost and the LAN you are on, we need to go through a number of steps to get you secure.

You say you have removed all applications rules.

Open Outpost, and ensure that the LAN setting for truted etc are disabled.(as in my earlier post concerning netbios)

Next: Go into the "windows administrative tools" and select "services" look down the list untill you find "SSDP discovery service" double click it, then press stop(if it is not already stopped), then disable the service.

Once all done, I want you to open outpost, select settings- application rules- select svchost, and then post a screenshot of all the current rules for svchost.


- Stem

 

Not good advice to a user who is on an untrusted LAN, certainly as outpost give "allow rules" to every service possible.


- Stem

 

Typically it's not the advice I like to give, but this individual has stated he knows nothing about firewalls. There is the very real - and likely - risk of locking himself out of Internet access if the rules are set up incorrectly. My theory is it is easier to auto-create the rules, then go through and delete the unnecessary ones such as those you mentioned, as well as modify those that may be too liberal. Also, if he disables file sharing in Vista, this should greatly minimize concerns about connection attempts to the machine.

However, if you are willing to continue helping, I am more than happy, due mainly to the respect I have for your wealth of knowledge in networking, to defer the thread to you.

 

Ok -- I will do this tonite when I get off of work. Thanks for all of your time and help!

 

Stem,

One question real quick....

If I delete my wireless network and reintall choosing "public network" will this take care of the problem. Right now It's set to home network.

Thanks!
Toby

 

Hi Toby,

Public network in what? In Vista firewall?

In Vista once the windows firewall is disabled then all the settings for sharing are enabled.

Sorry if I misunderstand.

- Stem

 

Hi Stem,

Nah it's ok -- I'm not the best at explaining things.

OK - when my wireless card detects a network, I have the option to log onto it...entering my network key. This network is encrypted. After I enter the key and it connects it asks me what kind of network to set up. It gives me the option for "home" or "public".

 

Hi Toby,

OK, Yes, I would set it to "Public" as basically that is what you are connecting to.

- Stem

 

Will this take care of the problem? Does Vista firewall have any relation to this "Public" network setting?

 

A setting of public should in most cases create a more tight default config. But we will need to check what comms are being allowed

Not in this case because you will be using OP pro rather than the Vista firewall.


- Stem

 

Ok Stem,

This is what I had thought -- I'm learning here!

I'll post some screen shots tonight with regards to svchost's rules. Are there any other processes rules' that you would need me to post?

Thanks again,
Toby

 

Hi Toby,

We can just take it one step at a time. I will be around for the next 5 hours or so.

So just post a screen shot of svchost rules to start with.


- Stem

 

OK - Will do

 

OK Stem, Here they are:






EDIT: I just disabled the discovery service -- should I post screen shots again?

 

Hi,

Did you disable the SSDP discovery in the windows services as I mentioned in an earlier post?

All the rules for SSDP for svchost can be set to block.(do not delete them just open each rule and change it to block)

The other rules such as multicast/LDAP, can be specific on setup.

Give me 10 minutes to reinstall OP pro. I want to check on isolating your PC with easier method.


- Stem

 

No problem Stem...I got a beer in my hand...not going anywhere.

I just disabled the discovery service....also I blocked all SSDP for SVCHOST per your instructions.

Toby

 

Hi Toby,


OK, first what is your setup;-

Ip range of your LAN?
Do you use a fixed IP on your PC? (I did not see boot DHCP in your ruleset)

I think we should set up rules to block the LAN and rules to protect reserved ports which I think will be easier for you, and then even if auto rules are created they will be blocked.


- Stem

 

Ip range of your LAN?
Sorry, I have no idea. How would I check this? I assume I would have to go into the router settings right?

Do you use a fixed IP on your PC? (I did not see boot DHCP in your ruleset)
Dynamic IP -- it always changes..this is what you mean right?

 

Go down to the tray icon for Outpost and just hover the cursor over that icon, an address should popup (probably 192.168.1.*)

Yes, no problem, just wanted to check.


- Stem

 

192.168.1.37; fe80::510d:2371:afb1:c10c

 

We will block all the LAN
Caution is needed in case the gateway IP is not at default.

Open OP- setting- IP blocklist, then enter-

192.168.1.2-192.168.1.254



Then apply/ok.

If you suddenly get blocked/ cut off the internet, then remove the blocked IPs and we will need to check your gateway IP

- Stem

 

Done, still here

 

Next,

In the attack detection, ensure you have the "Block sniffer" rule enabled.





I am now just checking reserved port blocking .