Sunbelt Personal Firewall 4.5.916.0

Discussion in 'other firewalls' started by ErikAlbert, Apr 15, 2008.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The main setup of my security is finished, but it needs to be polished.
    I have SPF on board, but I don't understand much about firewalls in general.

    How do I control outgoing traffic of an application in Sunbelt Personal Firewall (SPF) ?
    Never done this before, it's all chinese to me, but one example might be enough for me, to do the rest myself.

    My assumption is, that it happens here, but I could be wrong :
    1. Open SPF
    2. Click "Intrusions"-tab.
    3. Mark "Enable Application Behavior Blocking"-box
    4. Click "Advanced"-tab
    And then what ? :oops:

    Nothing can go wrong, I have an excellent rollback system. So we can play without fear. :)
     
  2. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    No. The behavior blocking in Kerio works much like your basic HIPS programs such as SSM, Process Guard etc. It is more concerned with executables, program modifications and parent-child processes than it is internet access. Under your network tab (I don't have Kerio installed anymore so I am going from memory) you should have a list of programs that have attempted internet access. You can set permissions there. Another way (which I used as it affords many more options) is to create packet filter rules that either deny an application or allow it to access the net through specificed ports. You an set parameters for each application as to what sites they are allowed to access, and deny any other sites. The packet filter is basically the same as it is in Kerio 2.1.5 except it is a little more user friendly to set up. You can also uncheck the box in your network tab so all of your work is done through your packet filter only. That takes a little more time to set up, but it gives you a lot more control over what your apps are allowed to do than just using the network monitor. If you decide to go the packet filter route, there are many tutorials on how to set up rules. I used the same rules with it that I used with Kerio 2.1.5, and there are many tutorials (DSLReports being one of the best sites for those) available to walk you through the process. Also, if you want to PM my I can try to help you set if up if you so desire.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    KDNeese,
    OK. I was already wrong from the beginning, it shows how much I know about firewalls in general.
    So the main tab in SPF is "Network Security" and that's where it all happens, which also contains the "Packet filter..."-button.
    Now I know at least where to start thanks to you.

    What strikes me, is that the "Applications" under "Network Security" doesn't have an "Add"-button.
    So my assumption is that the applications, already mentioned, are added during the installation of SPF and that new applications are only added, when these applications access the internet.

    In other words, only applications that have the possibility to access internet can appear in applications. An application like "Notepad" will never appear in that list, because it doesn't have that possibility, while an application, like MS Word and MS Excel, have that possibility to access the internet.
    As long I don't access the internet via MS Word/Excel, I assume that MS Word/Excel won't appear in applications.
    Once an application accesses the internet, it stays on applications forever, until I remove it myself.

    If I'm wrong, correct me, because I'm trying to catch the philosophy behind a firewall.
    I'm first going to read the help regarding "Applications" under "Network Security".

    This is going to be a slow learning process anyway considering the complexity and the time, I have to learn all this.
    Thanks for showing me the right arrows.
     
  4. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543
    A little Ot: Erik did you try kerio 2.15 ? If you only need to control outbound traffic it is the best one around imo.It is light and free!
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes I tried Kerio v2.1.5, but didn't like the GUI.
    In my case, it doesn't matter which firewall I use, because I don't understand any of them.
    In the past, I always used a firewall, but I left it untouched after installation, because it wasn't my priority #1.
    Until now, I was only interested in Image/File backup and Immediate System Recovery and since FirstDefense-ISR is terminated, nobody requires help anymore. So I have to do something else and I choosed firewalls.
    SPF was a very small investment : $9.95 and I like it at first sight, after trying Sygate, Kerio, Agnitum, ZoneAlarm, Comodo, Look'n'Stop, ...
    Once I know how a firewall works, I might use another more sophisticated firewall, but not right now.
     
  6. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Erik I no longer use a software firewall but if I did it would be Sygate 5.6 build 2808 - very easy to configure e.g to stop windows media communicating or to set to ask first.
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes but this thread is about SPF, my choice is already made and it doesn't matter which firewall, I choose.
    It's not only about firewalls, it's also about learning internet, which uses a specific vocabulary, which I don't even understand. SPF or any other firewall will keep me busy for a very long time.

    I have to find something else, because FDISR is not a challenge anymore.
    I have a computer that cleans and repairs itself automatically during each reboot. I can't do better anymore. High time for me to do something else.
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I need help.

    I really like Comodo with D+ and have tried Online Armor (free) but when it comes down to bare bones i just can't seem to pull myself away from the old Kerio 2.15.

    What makes this firewall so very efficient and lite and so far it's really never been compromised and since you can use a good HIPS to prop it up so to speak, why is this FREE Kerio 2.15 the single major choice of users like me who have used it for many years and without any problems?
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    A test :
    Eusing Registry Cleaner (ERC) has an executable "Regcleaner.exe" to run ERC

    In SPF I create a packet filter for "Regcleaner.exe" with
    - Direction = Both (= Incoming and Outgoing)
    - Action = Deny
    This means to me that ERC can't communicate anymore with internet.

    I open ERC, click Help, click Home Page and ERC opens the Home Page, while I said no communication anymore.
    What am I missing ?
     
  11. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    Erik,

    You're right on adding apps. That's one feature that bugged me, as you couldn't add applications until they attempted to access the net. However, you CAN add them under the packet filter. In other words, if you want to make sure that MS Word doesn't ever access the net behind your back, go to the packet filter rules and add a rule for that application. Keep in mind that the rules are processed in order from top to bottom, so if you have any kind of "allow" rule processed beforehand that conflucts with a "deny" rule, the "deny" rule is basically obsolete. Just thought I'd mention that. I wish I had Kerio installed so I could better tell you how to add the rule.. but you can go to your packet filter, click on "Add," then you can select the application, the protocol, etc for that app. If you just leave the protocols, ports etc blank in the rule it will just default to "any," which is fine if you don't want it to have access, period. Also, you're welcome to PM me if you want more specifics on how to set up the rules, etc. I'd be glad to walk you through it.
     
  12. Teknokrat

    Teknokrat Registered Member

    Joined:
    Apr 20, 2007
    Posts:
    95
    Location:
    First Life? (Sweden)
    As I don't have used the program you mention I have no experience of how it work. A qualified guess: Regcleaner.exe invokes [whatever browser you use] using an URL switch and the browser communicates with internet. No outbound connection is made directly from Regcleaner.exe.

    regards,
    T
     
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Kerio 2.1.5 has a known vulnerability regarding fragmented packets.
     
  14. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    Any program you deny will not have internet access. With Kerio most, if not all of your programs will only need outbound access to function. Outbound means that the connection request with the website server originated from your computer. So if you allow a program outbound access it can communicate with the site. Inbound means a connection originating from somewhere other than your own system. Generally that means unsolicited inbound connections, which you do not want. If you want that program to download updates set the rule to Outbound > TCP > Allow. You can also make a specific rule to allow it only access to that particular IP address also if you so choose. You can also further specify that the rule is valid only for that particular session.
     
  15. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This vulnerability was never exploited as far as I know, and it can be patched (unofficially, and if you really know what you are doing :D ).
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Sure, you're right. My point is that Kerio 2.1.5 isn't bullet-proof.
    Of course, I don't care about that and I use Kerio without worries.
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I ignored your advice in this thread, but after trying Sunbelt and PC Tools, I better would have listen to your advice, it would have saved me alot of time.

    I'm using Sygate 5.6 build 2808 now and this is the one, I need.
    The GUI and the icon are very ugly, but I like the way of formulating questions in order to configure this firewall. I'm glad I finally found one, because I was sick and tired of trying firewalls. Finding the best firewall was not my goal, I had to find one with an easy, more or less understandable configuration.
    Thank you very much. :) :cool:
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    K-2.15 is got to be one of the longest dependable old forgottens that is a hard act to follow no matter what, even firewalls that build HIPS and every other protection from conceivable dangers, i keep coming back to it and just did again last night.

    For me it's perfect in weight as in "Lite" and responsive plus issue-free, and believe it or not, i am only just now beginning to get my mind around the fashioning of custom rules and other "patches" let's say.
     
  19. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Lightweight firewalls like Kerio and Sygate give solid protection and allow users to actually 'use' their computers.

    Regarding being dated and lacking 'HIPS', we've got lightweight programs for that. You can have your lightweight firewall and lightweight HIPS program (instead of the bloat).

    If these older programs (Kerio and Sygate) could be tweaked to Vista it'd make all the Vista firewall posts/questions on here redundant.

    ErikAlbert, this is a good read for Sygate firewall. http://www.kotiposti.net/string/SPF_eng/SPFGuide.html
     
  20. kencat

    kencat Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    47
    Location:
    Ontario, Canada
    ErikAlbert,

    I hope you're having fun with the Sygate firewall. I've used Kerio 2.15 for years, and I keep learning about the computer thru it all the time, playing with the rules and investigating issues. Always trying to tighten things up. Once your learning curve with Sygate has leveled off, perhaps give the old Kerio a try. From the link given by Saraceno (nice stuff there BTW) it looks like K2.15 might give some added control (ICMP for example), but not having used Sygate I could be wrong there.

    I did finally come across a situation where Kerio would not work though :'(
    Playing with an old 233 Mhz Laptop, W2K, it would just not play at all with a new set of drivers for a D-Link wireless adapter card using ACS.exe. Trying to push Kerio into accepting incoming connections caused an error message talking about buffer overflows :eek: I guess there will be more and more situations with these old non-supported progies, eventually rendering them obsolete.....too bad.

    Sure wish that Ghost Personal Firewall project had taken root. It would have been very popular (at least on Wilders :) ) I think.

    Anyway, have fun, and learn well.
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,

    Good choice, Erik! Welcome to the best firewall for Windows department!
    Syggie is more than just a firewall - it is a fast and light firewall. You won't really notice until you start pumping the connections, in and out. Then you'll notice ...

    Nothing at all, no slowdow :)

    Mrk
     
  22. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Erik, I could not agree more with you to me a good firewall does not have to be pretty or pass every single leak test.Beside what good is that If one does not understand what it is asking to allow or deny. A not properly configured firewall would be pointless Imo.That said congrats on finding one to meet your needs.
     
  23. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Mrkvonic, Kencat and Saraceno (thanks for the link !!!)
    I'm glad to hear Sygate Personal Firewall isn't such a bad choice.
    I use it mainly for OUTBOUND protection, because WinXPproSP2 Firewall is only inbound according my readings. I also have a router D-Link DI-604 and it has the latest firmware, although this router is discontinued, but that happens often.

    I need above all a firewall I "understand" a little, it's more a learning process, than a security issue.
    A complicated firewall would be more dangerous for me, than a simple firewall. I have the same problem with HIPS.
    If malware bypasses this firewall, my recovery solution will kill it anyway.

    It's probably old news, but Sygate seems to be property of Symantec, it doesn't exist anymore and is replaced by Norton Internet Security, which isn't a pure firewall anymore.
    I must have missed this, but I can't read and translate every post at Wilders.
    In this case, it doesn't matter, I can always switch to another firewall, if I get smarter. :rolleyes:

    I also checked the installation file with VirusTotal/Jotti and ALL scanners didn't detect anything, not even a possible f/p. I was quite surprised by such clean report, usually at least one scanner reports something, but not in this case. It's at least a good indication that the file might be malware-free.

    I have now a firewall with outbound (and inbound) protection and that is enough for now.
    Thanks to everyone who participated in this thread. :thumb:

    PS: I'm using Sygate Personal Firewall Pro v5.5.2710 now, because I was tired of the nagging registration screen of the free version.
     
    Last edited: Jun 3, 2008
  24. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Anyone wanting the pro version it's at the following link:
    https://www.wilderssecurity.com/showpost.php?p=1243190&postcount=13

    The version ErikAlbert is using is the final pro build, then there's a beta and a debug build.

    Symantec did put an end to Sygate, but if you look at it the other way round, millions today are benefiting from Sygate's technology used in Symantec's products. Symantec selected wisely too. It's a solid product.

    And there's no lag, no sooner do you click on the icon, it appears and you can see what's going on.
     
  25. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    OK. I will use that link as home page of Sygate Personal Firewall Pro in my installation file. Since I can't buy it anymore and pay for it as a honest user, I will make the nagging registration screen disappear like I did in my newbie time.
    Shooting an already dead body isn't a crime either. ;)
     
Loading...
Thread Status:
Not open for further replies.