PC Tools Firewall strangeness ?

Discussion in 'other firewalls' started by StevieO, Sep 9, 2009.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    For a long time i used Za Free up to v6, and found it very easy/quick to set up etc. For eg, adding/deleting programs etc was a doddle, and the main plus for me was being able to allow/deny internet access to those programs on the fly.

    Recently i was thinking of trying out Outpost free, but even though i received a lot of very favourable and helpful suggestions, i felt it seemed more complicated etc than i was hoping for.

    For several months i have been running OA free with the FW. But i could not find a way to allow/deny internet access to programs on the fly. It seems fixed at one or the other. I don't want permanent access given to ANYTHING thank you ! So i've been considering going back to ZA free, or other options.

    After the latest glowing report tests from Matousec on PC Tools Firewall Plus v6.0.0.69 i thought i'd try it out.

    Disabled the OA FW, and installed with no probs.

    On rebooting i configured it to my preferences, and replugged in the modem. Launched FF to go straight to shields up at grc.com to test it, and got this -

    pcf1.png

    Hello ! Why on earth does Windows Explorer need out ? It never did with ZA or OA, and anyway i had it blocked with them which never prevented me from connecting anywhere. I had to change the settings to allow WE out, and then i started getting multiple asks for both it and Userinit.

    pcf2.png

    pcf3.png

    Any ideas on why these WE events occur with only PCT ?
     
  2. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    The above is normal for that product. Just allow it! If you don't then you'll have issues which can be serious.
     
  3. dallas7

    dallas7 Guest

    You can use the Allow button without checking "Remember this setting" for each of these events and the alerts won't reappear again until you restart Firefox. The Remember setting will create a a permanent rule and you won't see the alerts ever again in Firefox. Remember or don't... your decision.

    Why Firefox needs to access those two system hooks is way beyond a 25-words-or-less discussion. ;) And it doesn't occur only with PCT. I run Outpost and have alerts set up for Explorer and it wants to go out for more than just Firefox. Every time you evoke a search in Explorer, it wants to connect to sa.windows.com, for example.

    Cheers!
     
    Last edited by a moderator: Sep 10, 2009
  4. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    You can allow explorer.exe to set up IE.Because explorer will send message to IE to make IE open the webpage.
     
  5. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    tipstir

    Really is it, that ain't good at all ! I can't see ANY reason why Explorer should be given internet access under normal everyday conditions ? It does NOT need it, and i've Never had to allow it before. As i mentioned above, i had it blocked with ZA or OA with no issues ever.

    dallas7

    That's just it though, i don't want to allow Explorer internet access, nor should anyone have to just to surf etc. I had to allow it just to test PCT FW, but wasn't very happy doing so.

    cqpreson

    Please see above.

    -

    If anyone can shed any further light on this, i'm sure i'm not the only one who would like an answer/solution.

    Thanx for the replies so far.
     
  6. nhamilton

    nhamilton Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    61
    It is not really asking if explorer can have access, only if it is children can have acess. Since app A launches app B, it makes an assumption (wrong in a lot of cases) that is is using app B to access the net for it, so it asks is App A children are allowed to access the net, even tho app B normal has permission.

    You can still disable all internet access for explorer (at least in expert mode). You just need to turn on child connect
     
  7. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    You could change the rules but the way the PCT FWP works this is normal. It's also monitoring Explorer so not to say it's giving it full access which it's not.
     
  8. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Sorry,I was wrong.Explorer.exe indeed needs to connect the Internet.But I don't know why it would connect the Internet.Maybe that means Microsoft want to obtain your information.
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    WE should not go outbound, some XP tweaks cause this behavior which can be easily misused by malware, so try blocking WE out in stead.

    Why PCTools blocks this, because its origin analyses (triggering parent process) is better than with most FW, downside of PCT is that its granularity is much less than f.i. Outpost, OA or Comodo. You allow exception groups in stead of individual intrusions/misuse of windows functionality by 'common' programs. On the plus side this accepting in groups reduces the number of pop-ups. So when you use PCTools FW, try to find a copy of Blue Ridge freebie called EdgeGuard Solo and make sure all your internet facing programs run as limited user. I tested PCTFW V5 with EdgeGuard Solo and it is a solid and user friendly combo.
     
  10. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Very good explanation of the PCTools Firewall Plus rule architecture Kees1958

    Here is my input on allowing Microsoft Windows Explorer access to the Internet:
    For years I have blocked Microsoft Windows Explorer access to the Internet, both inbound and outbound, why, because all of the articles, books, magazines and expert advice recommended such action.
    Blocking Microsoft Windows Explorer access to the Internet has never caused any problems and felt like the right thing to practice. Some of the software firewalls that I have used occasionally
    popped up an alert informing that "Windows Explorer" was denied access to the Internet. Great, I feel my computer is protected. Now some years later I have an different opinion about this practice.
    On one of my test machines, there is no security software installed and Microsoft Windows Firewall is disabled, the computer is behind an Firewall Router. The Firewall Routers configuration
    blocks all the necessary items in the list available, such as WAN Requests, Multicast, UPnP, Remote Access, Proxy, ActiveX, and Cookies. Microsoft Internet Explorer is equipped with AdBlock Pro v2.6.
    This setup on this computer has been the primary computer for Internet access for the past eight Months, there has been absolutely no adverse aftermath at all. Microsoft Windows Explorer has full
    access to the Internet and I do not even notice any difference in the behavior of this application. In fact, this test machine runs fast, clean, and mean. There are no infections, no popup windows
    to deal with, there is no noticeable change in the behavior of the Internet other than some sites can not be navigated or accessed because of cookie, activex, flash, and ad blocking, but hey, I figure
    if I can not navigate the Web Site then I have no business being there. Microsoft Windows Explorer has its hooks into just about everything in Windows, those hooks are there for an reason, and I now
    believe that the application should be allowed to do what it was designed to do. Some of us become programmers, technicians, exploit annalists, troubleshooters, and etc., and all of us at some point
    believe that we know all there is to know about Microsoft Windows, how wrong we are. Not even the programmers of Microsoft Windows know all there is to know about Microsoft Windows, because no one
    person performs all the programming. The programming is conducted on an very large scale with programming groups, each programming groups individual members specialize in one branch of programming.
    PCTools exception group rule allowing Microsoft Windows Explorer access to the Internet I believe is the proper practice. If malware wants access to the Internet it does not need Windows Explorer.


    HKEY1952
     
  11. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    Not a big deal, by default that's what it does.
     
  12. Ghost_ARCHER

    Ghost_ARCHER Registered Member

    Joined:
    Jan 21, 2007
    Posts:
    62
    Hi, I was using PC Tools 5 paired with KAV. The recent update to 6 on vista seems has lots of problem. At beginning, the installation first met a ip confliction and cause computer to hangup after startup; then after that is fixed, I found an obvious slower browsing response speed than v5 -- even though the speakeasy.net speed test is still 11M and ping to google is still ~60ms. Not sure if other computer with KAV should be update to v6......
     
  13. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Thanx to everyone who responded.

    I've decided that i really don't like been forced to allow WE out, especially when i believe it it's just NOT required. Never was before with other FW's i've used either.

    So as good as it is in other respects, i've decided to ditch it. If they can resolve the WE issue then i might go back to it.

    S
     
Loading...
Thread Status:
Not open for further replies.