Sygate and Apache

hi!

There was a post about it, but that is not solution for my problem.

I installed Apache 2.2.6 and sygate personal firewall.
I used apache 2.2.2, and 2.2.4, and every time, when sygate asked it, i sad NO to access the network.

Since i'v intalled this 2.2.6 i am always geting this message:
The executable has changed since the last time you used.

But i did not upgrade or do anything with this exe.

Why is it ?

 

Exactly the entry:

The executable has changed since the last time you used: D:\apache\bin\httpd.exe
File Version : 2.2.6.0
File Description : Apache HTTP Server
File Path : D:\apache\bin\httpd.exe
Process ID : 0x650 (Heximal) 1616 (Decimal)

Connection origin : remote initiated
Protocol : TCP
Local Address : 217.20.142.189
Local Port : 80 (HTTP - World Wide Web)
Remote Name :
Remote Address : 85.255.170.100
Remote Port : 4813

Ethernet packet details:
Ethernet II (Packet Length: 62)
Destination: 00-00-02-00-00-00
Source: 02-00-20-00-02-00
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 117
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x44e0 (Correct)
Source: 85.255.170.100
Destination: 217.20.142.189
Transmission Control Protocol (TCP)
Source port: 4813
Destination port: 80
Sequence number: 2314073152
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x9e49 (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 00 02 00 00 00 02 00 : 20 00 02 00 08 00 45 00 | ........ .....E.
0010: 00 30 BD 4D 40 00 75 06 : E0 44 55 FF AA 64 D9 14 | .0.M@.u..DU..d..
0020: 8E BD 12 CD 00 50 89 ED : F4 40 00 00 00 00 70 02 | .....P...@....p.
0030: 40 00 49 9E 00 00 02 04 : 05 B4 01 01 04 02 | @.I...........

 

Have you tried disabling the appropriate option in Sygate.

May be disable anti-application hijacking? (I'm not using Sygate so working from memory)

Regarding the above information, you need some serious firewall expert to interpret that! But there should be definitely someone at Wilders who can.

 

Regarding the contents of packet / type of network connection. That is irrelevent I think.

The application was changed earlier (a software update possibly)

Now it is trying to connect to the internet to continue working normally. (So network data probably irrelevent)

If Sygate doesn't remember the application's file checksum, try reinstalling Sygate / adding application to exclusion list.

 

I understand you.

But my problem is:
You know, when i installed my machine, first time, sygate asked all the applications, do i want to enable to access that for network or not.
There is a checkbox about, remember this settings or not ?

When there are a portscan, sygate aksked me, do i want to allow the mysql (for example), to access the network. So i sad no, and since that time, sygate never asked it again.

When my AVG update itself, sygate ask me, do i want to allow the network, becase before the update i allowed that, but since that time the executable has changed. Of course i want, because i know that it has changed, bacuase it has updated.

BUT!
Apache web server not that kind of application, what make changes day by day. And this question comes 5-6 times a day.

I think i should ask the apache foundation, what could be the problem.
If i will get the answer, i will tell it here.

 

Hello,

If the executable got changed somehow, it will ask you that.

You need to know if the change should have happened - and accordingly allow or deny. But for your reference, this happens all the time with software updates, for example, when Firefox updates, the first time it launches after the update, Sygate will ask about the change. If it's harmless, you allow it. If not, you investigate what could have happened.

Most likely, apache got updated. Compare the version you have to the one you think you have, check the file sizes etc.

Mrk