Windows Firewall with Advanced Security Settings

Discussion in 'other firewalls' started by Habakuck, Sep 14, 2009.

Thread Status:
Not open for further replies.
  1. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Hi @ all.

    I used the windows firewall for a long time but never changed the settings to block Outbound Connections cause i am not familiar with setting up the correct rules.
    Now i read Stem's Poste here: https://www.wilderssecurity.com/showthread.php?t=239750&highlight=Vista FireWall Stem
    and decide to try it again.

    I set up a few rules but have some problems now so i need your help.

    Thunderbird, FireFox, svchost (Windows Update) and my AntiVirus are working fine.

    But the WindowsFirewall (WF) blocks some UDP connection right after startup and i want to know what it is and how to create a rule for that.
    I am very disappointed not to see any file paths in the Firewall log. That makes it very hard to seperate what tries to get out!
    I think it has something to do with IPv6... cause my IPv6-Addi shows up in that log.
    Here we are:
    What is allowed there?
    What is dropped there and how can i allow it?

    Btw.: It would be great if anyone can explain the log...
     
    Last edited: Sep 15, 2009
  2. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Ok. I did a system restore. Nothing worked. Secunia PSI and some other Applications wont update/work proper.
    And i set up rules for each of them! :rolleyes:

    That is not very cool.

    Is there no tool which is able to set the rules automatically or a bit easier?? :doubt:
     
    Last edited: Sep 15, 2009
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello.

    Allowed is normal IP v4 DNS (port 53) as well as multicast IPv6 DNS (port 5355). Blocked is DHCPv6 (ports 546 & 547, sorry can't find a useful link at the moment).

    svchost hosts all of the above services.

    Why would Secunia checker and "other apps" you mention not work properly because of this is really beyond me. I have never used PSI long enough to know its exact workarounds.

    Cheers,
     
  4. JohnnyDollar

    JohnnyDollar Guest

    What service pack and av are you running? After installing sp2 on my Vista Nod32 v3 was screwing with my firewall (something about proxy), I installed v4 and everything was fine. If you block your av with win firewall will the rules work for your other programs? If so then it is your av not the firewall.

    From what I have been told, you can install Vista Firewall Control Free and set all the rules with the popups and it will create the rules for you, then you can uninstall it.
     
  5. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Thank you for the input!

    I reset the firewall and now secunia is working fine. I set up very restrictive rules for incoming and outgoing connections. Everything fine.

    But do have some dropped connections in the log and would like to know what it is cause i do not want to block my operation system.

    I blocked all IPv6 connection! Is that why i get these entries? Is that ok?

    What do you exactly mean?

    best regards!


    PS: I am running Vista HP SP2 no AV Suite.
     
  6. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Your post #5 also shows NetBIOS as being blocked (port 137 broadcast, that belongs to IPv4), so if you don't have a LAN (and I asume you don't) you should either keep these blocked with a firewall (as it is now) or stop services that enable NetBIOS. There is also some blockings on port 80 outbound, these belong probably to closed browser sessions (also on IPv4 protocol).

    Well, if you wish to allow these IPv6 comms, simply make rules for svchost on required ports. I am just not sure you should allow them, as I really doubt you're using DHCPv6.

    As a bottom line, I can't see anything wrong in your logs.

    Sorry, I can't comment on those ICMP blockings without some investigation, and I can't find the time at the moment. Later perhaps...

    Cheers,
     
  7. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Thank you Nick!

    I am not sure what NetBIOS is so i will keep the status quo.

    What is closed browser sessions?

    I dont wanna use IPv6!

    Cool, thank you so far.

    I just want to make sure nothing importan is beeing blocked...
     
Loading...
Thread Status:
Not open for further replies.