Protecting windows firewall with regdefend.

Discussion in 'Ghost Security Suite (GSS)' started by farmerlee, Jan 2, 2007.

Thread Status:
Not open for further replies.
  1. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Just been setting up another computer, one which will be using the windows firewall. I manually disabled the firewall and then permanently blocked the attempt when regdefend alerted me. Is this sufficient to protect the windows firewall from termination by malware?
     
  2. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Unfortunately I've never looked at how exactly the windows firewall "works" but the "Application Layer Gateway" service or alg.exe seems to be involved (going by the description of it). So you'd want to protect that EXE from expiring, although I have a suspicion the firewall would still work without it. Either way the windows firewall is rather easy to "circumvent" so I wouldn't be using it in a way you are discussing.

    All you really need in these days of routers being the standard is some kind of application network firewall (like AppDefend has). The rest just complicates matters if you have a router. You only really need to block a port once. :)
     
  3. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
  4. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    This particular setup is only using a usb adsl modem which has no firewall built in so for ease of use i was going to use the windows firewall. Appdefend is taking care of the outbound connections. I am wondering if it might be worthwhile using ghostwall, can this be protected from termination with gss?
     
  5. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    GhostWall would work great, as long as that computer isn't used as a gateway (there exists a problem with the documented firewall method GW uses due to Microsoft). GhostWall doesn't need the .EXE running to actively protect your computer either, just the .SYS driver. So it's rather safe from "termination".
     
  6. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Cool, thanks for the helpful advice.
    I had been using ssm and ps for the last few weeks but i have switched back to gss, its ease of use, lightness and stability are amazing.
     
  7. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    Hi Jason, interesting link you have found.
    You migth be interested to know that regdefend already cover that part of the registry using the tony ruleset.

    I beleive it fall under that rule
    HKEY_LOCAL_MACHINE\System\*controlset*\Services\Sharedaccess\Parameters\Firewallpolicy**
     
  8. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Yeah I should have checked if the custom rulesets already covered that, good find f3x. There is some good info on that page though for curious people. :)
     
Thread Status:
Not open for further replies.