some basic questions re settings

Discussion in 'LnS English Forum' started by humback, Oct 5, 2009.

Thread Status:
Not open for further replies.
  1. humback

    humback Registered Member

    Joined:
    Oct 4, 2009
    Posts:
    3
    Hello Folks,

    I've been recently doing some maintenance on my pc and among others re-installed LnS (2.06p4).

    Now, while configuring it again I had a look at the Options tab and noticed an option 'Service' in the Automatic Start section. Don't know if I've overlooked that option in the previous LnS version but anyways, could you advice me what's the difference between the two options 'System' and 'Service'? I know it's a simple question but couldn't find an explanation in Help.

    Also, after the maintenance done things got a little worse than before [:)], i.e. I'm now getting Security Center alerts at the start and shut down stating that my firewall is turned off. From what I've found on searching this forum I shouldn't be much concerned about that, as it's the service (LnSSvcVista) and not the GUI that matters in terms of filtering traffic.

    However, at Windows start up in the case that the LnS service is running and the GUI not yet, is it only the Internet Filtering module being active or the Application one as well? I mean, would all applications (already recorded in the ruleset) be authorised or blocked from connecting the network, according to their configuration in the ruleset?

    Thanking you very much for shedding some light into my head :)
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,
    If you are under Vista, the service start mode is not supported, but sometimes the option was available anyway in the 2.06p4. This has been fixed in the 2.07 (I mean the option remains greyed).

    To answer your question anyway, under 2000/XP, the Service mode Option was starting Look 'n' Stop earlier than with the System mode.
    Yes, this service does the job but it is anyway controlled by the application, and the service detects if the application is running or not. So, it should work normally.
    Note that the old Windows API to the Security Center used by the 2.06p4 will no longer be supported by Microsoft and will stop working soon (maybe this is what you are experiencing).
    Supporting the new API (and the Win7 Action Center) is also part of the 2.07 enhancements.
    The service doesn't control the filtering at all. Only the GUI does.
    So, no filtering occurs before the application starts.
    There is anyway a registry tweak if you want to block all trafic before the application starts.

    Regards,

    Frederic
     
  3. humback

    humback Registered Member

    Joined:
    Oct 4, 2009
    Posts:
    3
    Hello Frederic.

    Thank you for the reply.

    So what does the service do (in terms of protection) since the moment when it's loaded until the GUI starts?

    Would you know by any chance any reliable website where I could find such tweak?

    Also, just as a matter of interest, I'm behind a Voyager router with NAT. I basically get similar entries in my log all the time, which look as blocked traffic between the router and pc and don't appear to me as the blocked attempts of attacks onto my pc from outside. If you took a look at the two samples from my log ( http://img12.imageshack.us/img12/9150/lnsscreen1.jpg , http://img12.imageshack.us/img12/1285/lnsscreen2.jpg ), would you say the same?

    Cheers!
     
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hello humback,
    When the service starts, it starts the GUI. So the GUI starts earlier using that way (before the logon screen especially) and the filtering are enabled earlier (than with the "Run" registry entries).
    But unfortunately Vista no longer supports GUI application (interactive process) to be started that way (because there are some security issues).

    Here it is:
    https://www.wilderssecurity.com/showthread.php?t=194644
    (search for "block all")

    Yes, if "voyager.home" is your router, some log entries are not real attack. To clarify the log, you can create specific rules based on the IP address of "voyager.home" to continue to block this trafic (if it works fine like this) but without logging it.

    Regards,

    Frederic
     
  5. humback

    humback Registered Member

    Joined:
    Oct 4, 2009
    Posts:
    3
    Thanks for your feedback Frederic.

    So, pls. correct me if I'm wrong:
    (a) the LnS automatic start along with the system (after logging on to Windows) seems to be the only valid option for Vista,
    (b) the firewall gives protection from the moment when the GUI starts and LnS icon appears in the tray,
    (c) if I want to block traffic before the GUI starts, I should make a registry tweak as suggested.

    As you've probably noticed I'm not extremely IT skilled, so am putting things very straight :).

    Regards.
     
  6. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes, this is correct.

    Note that the registry tweak is a bit strict, as no packet is allowed to be sent/received.
    This could cause some issues if you have to log on an NT Domain.
    Also, this could cause some delay to get an IP address through DHCP.

    Regards,

    Frederic
     
  7. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Hi Frederic,
    Is there a way (like a second reg.file) to uninstall the "block all" feature of this registry hack? Let's say, I install it first and then get extremly long delays to receice an IP during logon... so I don't want this feature anymore

    Thanks,
    Thomas :)
     
  8. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Thomas,

    Just edit the .reg file and set the value to 0 instead of 1.
    ("BlockAllBeforeInit"=dword:00000000)

    Regards,

    Frederic
     
Thread Status:
Not open for further replies.