Windows Firewall with Advanced Security (Guide for Vista)

If you come up with the need to add more permissions to those two processes, allow us to know.

Regards

 

About the ports that need to be open check here
http://support.microsoft.com/kb/927847

wlidsvc.exe=Windows Live ID Service
wlcomm.exe= Windows Live Communications Platform (related with the windows live contacts)

Panagiotis

 

That's actually the URL where I took the info I needed to come up with the rules I mentioned, according to what would be needed.

But, the article seems to lack the information regarding those two processes. Those ports and what they're for, they're all related to msnmsgr.exe, AFAIK. Those were the same I got, back then, with Outpost Firewall PRO. I had assumed Outpost would have had created the needed rules automatically for every process. I guess I was wrong. lol

The problem was that, more rules are needed, for these two processes I mentioned. I "could" (my relative) spot connections only to the DNS IPs... Nothing more. It would be natural for other communications to appear as being blocked, if such attempts were being made.

I'll have to dig it.

 

My guess is that
wlidsvc.exe is trying to connect to https://Login.live.com
and wlcomm.exe to https://*.contacts.msn.com

Add udp 53 and tcp 443 for those apps.

Panagiotis

 

I'll tell my relative to give it a try, when possible, and I'll report back.

Back then, I associated -https://Login.Live.com-, -http://Login.Live.com- and -https://*.Contacts.MSN.com- to the process msnmgr.exe and ports TCP 80, 443, 1863. The same ones that Outpost had given, as mentioned before.

 

If he has a portable and connects with public wifis I would suggest to not allow tcp 80 (http).

Panagiotis

 

So are you saying you should use port 443 for a secure connection with public wifis? I forgot about port 443 probably cuz I never use anything like this.

I thought OutPost detects the ports you need.

 

HTTPS URLs begin with "https://" and use port 443 by default.
If you block this port in your firewall options your browser won't be able to enter on https site.

 

I still haven't got in touch with my relative... the season didn't exactly made me want to work things out so far ... but, I've started to look at it, and it does make sense.

wlidsvc.exe is for Microsoft Windows Live ID Service, so I'm assuming not just for Windows Live Messenger. Perhaps, also for Windows Live Mail

Either way, it is for signing-in, so this connection sure is a protected one (protocol https/port 443).

It is also bound to the service "Windows Live ID Sign-in Assistant". So, it would be a good practice to restrict/bound wlidsvc.exe to that service.

The one other, as you put it, is related to contacts. So, I guess some sort of protection would be requiring... makes sense to associate it with -https://*.contacts.msn.com ; https/443

@ everyone interested

Resuming... This is how I would/will make the rules for my relative, which seems to be the most appropriate and needed:

Traffic: Outbound
Process name: wlidsvc.exe (Bound this process to the above mentioned service.)
Local port: Any; Remote ports: 443

You obviously need an additional rule for DNS, if you got DNS client disabled.

 

I can really not imagine using anything else than the internal firewall and some safe-admin tweaks in Vista and Windows7. Add a freeware AV and you are well protected, I am only using OS protection

 

Hi:

I thought this thread was about the windows Firewall?

In BUT Outpost does have a list of TCP and UDP ports to trust in a preset exclusion list within attack detection feature. The user cannot edit them in any way.

port 443 is a listed excluded and trusted port in the TCP list.

 

Rilla may have mentioned Outpost because I mentioned it, when I said

As stated, back then I used Outpost to get the rules for Windows Live Messenger, but it apparently the preset rules didn't have all that were needed.

@ everyonehe

By the way, I forgot to mention the rules for process wlcomm.exe. Same as for wlidsvc.exe. Just do not bound it to the mentioned service.

 

Now that you have that figured out, install Windows Live Mail and give me the rules for wlcomm. Lol, I'm just kidding. I have WLMail/wlcomm setup fairly tight. Every now and then, when launching WLMail, it wants to bounce to another address. Malware Defender picks it up first, after that I add it to the Advanced Security. I guess I should just add the IP range for it but just haven't done it yet.

I noticed that you mentioned binding to a service. I had Win Updates set up that way but have since disabled the rule. Either it doesn't seem to honor it or my Win Updates are getting updates from MS updates which doesn't honor it. Either way, I scrapped that one and added the IP range/ranges for Mickey Soft updates and Win updates.

 

Does Windows Live Mail require the two processes communications I mentioned? Or, have you been able to use it without these two rules? (They would be the same ones as for Windows Live Messenger, I suppose.)

Not sure if it's needed, though. But, considering the process is for that service, I just believe it would make sense to bound it to that service, and not widely allow it to communicate with the Internet.

 

It requires a rule for wlcomm and wlmail.

 

Hello everyone. Can you please share if there is a specific outbound rule for ICMP for utorrent as I have allowed it full outbound access (all protocols included) but the nods attached to my seeding torrents decreased after I enabled Win7 outbound control in the firewall.

 

Have you allowed uTorrent inbound access?

 

Is it safe to allow inbound access in windows firewall for utorrent? KIS 2011 used to give me a few alerts when using utorrent. I am unsure of using utorrent with windows firewall.

 

Yes I have. Actually on installation, Utorrent automatically is allowed inbound access in any Windows (XP, Vista, 7) firewall and I haven't touched that. The only problem is that when I started using the outbound control of the built-in firewall, the number of connected nods to the torrents I seed dropped down drastically. Downloading is OK, but upload has to do with the proper outbound access. And I've given full outbound access to Utorrent. I remember from configuring other firewalls for it, that sometimes svchost.exe is acting for it when connecting outbound but I'm not sure how things are implemented in Win 7 firewall. I haven't created any outbound allow rules for svchost.exe as so far I don't need any and everything is working as it should (I'll copy the rules of Stem for Windows Update when I decide), no problem with DNS or whatsoever. I've also made 2 rules for ICMP outbound - 1 for all programs allow Destination unrechable, and 1 for Utorrent only - ICMP type 3, code 4 as recommended in their forum. Any suggestions?

 

If you don't allow inbound access, you won't be sharing pieces of whichever file(s) you have. Not exactly ideal for a P2P system/

I'm not seeing any problems with peers and my rules for uTorrent are quite strict, in that I only allow in to my uTorrent port and I only allow out to TCP 80 and between 1024-65535 (TCP/UDP) I also have an outbound rule for LPD, which is UDP out to 6771 on 239.0.0.0 - 239.255.255.255. My ICMP rules allow inbound for (type:code) 3:1, 3:2, 3:3, 11:0 and 11:1

have you checked the logs for dropped packets?

 

Yes,I do. Will check it when I get back home. Mostly they were ICMP type 0 dropped.

 

That's typically normal in most home setups, since those are echo reply. BTW, icmp is not tied to specific programs; they are part of the win fw core rules.

Not at my pc now to check everything, but this is part of what I've also got for my uTorrent rules. My icmp rules are strict (echo reply out and echo request in blocked) as well.

 

Could I ask you to share your outbound rules fro Utorrent and your ICMP system-wide rules?
Thank you

 

heh, heh...I knew they were in this thread somewhere My inbound are shown a few posts later.

-http://www.wilderssecurity.com/showpost.php?p=1766824&postcount=200

BTW, my icmp rules may be a little different than what's shown, so I'll have to confirm later when I get home , but I doubt they've changed significantly.

 

Thanks very much!