Windows Firewall

Discussion in 'other firewalls' started by controler, Mar 20, 2004.

Thread Status:
Not open for further replies.
  1. controler

    controler Guest

    well i downloaded the new SP2 RC1 and like it so far :D

    It adds a few new icons to your control panel
    one is the security center where the install adds whatever antivirus you have to the security center and another icon is for the firewall only.
    You can access both your Av and the built in firewall through the security center though.
    With this new firewall you can allow or disallow programs to access the internet such as Yahoo AOL ect. You can add programs as you go.
    After installing the new service pack , the first time i tried to start Yahoo Im, I got a firewall warning asking if I wanted to allow or not allow the program to access the internet.
    You also get the choice to only allow the program on your LAN or not.
    so this is all I have after the first 10 min of looking at it LOL
    Oh yes I forgot to mention, when I started Firefox, I got no warning. Not sure why yet. I am also running Panda's firewall-Av along side of it .
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    It really isn't a good idea to run two firewalls at the same time. They compeat for sys resources, you might not be aware of the resourcse hit but it is there. Microsoft recomends that you disable ICF if you are running another firewall.
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    What i had read about SP2.RC1.2096- ICF, It only provides control over Applications acting as server.
    If you block Application server rights then this Application isn't capable of receiving remotely started Incomings, am i wrong?
     
  4. controler

    controler Guest

    Here are the command line options:


    Configuring Windows Firewall from the command lineAdvanced users can use the command line to configure Windows Firewall. You can use the netsh command line tool for this purpose.

    The netsh commands in the following table are available for Microsoft Windows XP Service Pack 2 (SP2). Typing the command plus " /?" displays the Help for that command.

    Group Command Description
    Add netsh firewall add allowedprogram Adds allowed program configuration to Windows Firewall
    netsh firewall add portopening Adds port configuration to Windows Firewall
    Delete netsh firewall delete allowedprogram Deletes allowed program configuration from Windows Firewall
    netsh firewall delete portopening Deletes port configuration from Windows Firewall
    Reset netsh firewall reset Resets Windows Firewall configuration to default
    Set netsh firewall set allowedprogram Sets allowed program configuration in Windows Firewall
    netsh firewall set icmpsettings Sets ICMP configuration in Windows Firewall
    netsh firewall set logging Sets logging configuration in Windows Firewall
    netsh firewall set notifications Sets notification configuration in Windows Firewall
    netsh firewall set opmode Sets operational configuration in Windows Firewall
    netsh firewall set portopening Sets port configuration in Windows Firewall
    netsh firewall set service Sets service configuration in Windows Firewall
    Show netsh firewall show allowedprogram Shows allowed program configuration in Windows Firewall
    netsh firewall show config Shows Windows Firewall configuration
    netsh firewall show currentprofile Shows current profile of Windows Firewall
    netsh firewall show icmpsettings Shows ICMP configuration in Windows Firewall
    netsh firewall show logging Shows logging configuration in Windows Firewall
    netsh firewall show notifications Shows notification configuration in Windows Firewall
    netsh firewall show opmode Shows operational configuration in Windows Firewall
    netsh firewall show portopening Shows port configuration in Windows Firewall
    netsh firewall show service Shows service configuration in Windows Firewall
    netsh firewall show state Shows current state of Windows Firewall

    Notes

    The Set machine, Set online, Set offline, and Dump commands are not supported in Windows Firewall. These commands do not do anything.
    The Show commands usually only display locally configured settings. Group policy settings are not displayed except in Show state.
     
  5. controler

    controler Guest

    bigc73542

    Yes I am aware of MS's warning about running two firewalls at the same time. So far I have not seen any conflicts for resources. I just installed it today so really don't know that much about it yet. i am still reading the help files.
    I can tell you the install went very smoothly. After install there is 4 critical March updates that need to be done though.
     
  6. controler

    controler Guest

    Hello

    as you can see from the screen shots, I still haven't figured out this Windows built in firewall yet. I turned off Sygate to look at it a bit.
    from inside the firewall you should be able to check the options you want enabled. As you can see, i do not have Remote Assistance ticked but from the Show Configurations setting on the command line, it shows enabled.
     

    Attached Files:

  7. controler

    controler Guest

    Command Line Options:
     

    Attached Files:

  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I guess this behaviour is normal when you have "My network (subnet) only" checked on an Application.
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    You can simply check "Any computer (including those on Internet)".
     

    Attached Files:

  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    &
     

    Attached Files:

    • 003x.PNG
      003x.PNG
      File size:
      14.7 KB
      Views:
      592
  11. controler

    controler Guest

    But shouldn't the command

    netsh firewall set service remoteadmin disable
    shut it off no matter if you have all computers checked or not?
    seems odd to me.

    I still get the same results when checking subnet only :(
     

    Attached Files:

  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    This appears to be how it’s designed, when “My Network (subnet) only” is checked it overrides “Programs and Services:” settings. Guess Microsoft didn’t think of possible threats on users Networks.
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    No, take it off that setting by simply checking "Any computer (including those on Internet)", but keep the check off that application in "Programs and Services:" Properties...
     
  14. controler

    controler Guest

    Phantom

    I know you are very knowledgable with fiirewall and am happy for your help. thank You

    So far i have tried always unchecking that options in the program section.
    No checkmark in remote assistance.
    and I have tried ticking the Any Computer ( Including those on the Internet )
    and I have tried ticking My Network ( Subnet Only ) and the show config always shows enable remote assistant .
    scratching head here again
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hmm Interesting, i guess re-booting may be needed after making modification in that way...
     
  16. controler

    controler Guest

    Nope rebooting don't seem to help

    Even tried these settings which are suppose to even block
    any you have ticked
     

    Attached Files:

  17. controler

    controler Guest

    complete:
     

    Attached Files:

  18. controler

    controler Guest

    Did you go to DOS and type

    netsh firewall show config on your system yet?
    and if so does yours show enable remote assistant?

    thanks
     
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I’m convinced! Appears making modification to that app doesn’t apply or apply fully.

    * I'm in process of downloading but afterwards i'll see what i can find out about this...
     
  20. controler

    controler Guest

    ok here we go: might be onto something
     

    Attached Files:

  21. controler

    controler Guest

    Appears Standard and Domain profiles are different.

    the ticks in the GUI must effect the domain and not the standard profiles.
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I simply removed

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:Remote Assistance"

    which is in the registry to fix that prob also :p
     
  23. controler

    controler Guest

    Ok now that is cheating LOL

    but i really like the DOS command

    netsh firewall show config verbose = enable

    This command gives you the whole firewall configuration.

    and looking down under allowed programs configration for standard profile it shows the default settin as DISABLE
    but there is a ton of other info which is interesting




    l
     
  24. controler

    controler Guest

    C:\Documents and Settings\controler>netsh firewall show config verbose = enable

    Domain profile configuration:
    -------------------------------------------------------------------
    Operational mode = Enable
    Exception mode = Enable
    Multicast/broadcast response mode = Enable
    Notification mode = Enable

    Service configuration for Domain profile:
    Mode Customized Name
    -------------------------------------------------------------------
    Disable No File and Printer Sharing
    Scope: LocalSubNet
    Disable No UPnP framework
    Scope: LocalSubNet
    Disable No Remote Desktop
    Scope: *
    Disable No Remote Administration
    Scope: *

    Allowed programs configuration for Domain profile:
    Mode Name / Program
    -------------------------------------------------------------------
    Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
    Scope: *

    Port configuration for Domain profile:
    Port Protocol Mode Name
    -------------------------------------------------------------------
    139 TCP Disable NetBIOS Session Service
    Scope: LocalSubNet
    445 TCP Disable SMB over TCP
    Scope: LocalSubNet
    137 UDP Disable NetBIOS Name Service
    Scope: LocalSubNet
    138 UDP Disable NetBIOS Datagram Service
    Scope: LocalSubNet
    1900 UDP Disable SSDP
    Scope: LocalSubNet
    2869 TCP Disable UPnP framework over TCP
    Scope: LocalSubNet
    3389 TCP Disable Remote Desktop
    Scope: *

    ICMP configuration for Domain profile:
    Mode Type Description
    -------------------------------------------------------------------
    Disable 2 Allow outbound packet too big
    Disable 3 Allow outbound destination unreachable
    Disable 4 Allow outbound source quench
    Disable 5 Allow redirect
    Disable 8 Allow inbound echo request
    Disable 10 Allow inbound router request
    Disable 11 Allow outbound time exceeded
    Disable 12 Allow outbound parameter problem
    Disable 13 Allow inbound timestamp request
    Disable 17 Allow inbound mask request

    Standard profile configuration (current):
    -------------------------------------------------------------------
    Operational mode = Enable
    Exception mode = Disable
    Multicast/broadcast response mode = Enable
    Notification mode = Enable

    Service configuration for Standard profile:
    Mode Customized Name
    -------------------------------------------------------------------
    Disable No File and Printer Sharing
    Scope: LocalSubNet
    Disable No UPnP framework
    Scope: LocalSubNet
    Disable No Remote Desktop
    Scope: *
    Disable No Remote Administration
    Scope: *

    Allowed programs configuration for Standard profile:
    Mode Name / Program
    -------------------------------------------------------------------
    Disable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
    Scope: LocalSubNet

    Port configuration for Standard profile:
    Port Protocol Mode Name
    -------------------------------------------------------------------
    139 TCP Disable NetBIOS Session Service
    Scope: LocalSubNet
    445 TCP Disable SMB over TCP
    Scope: LocalSubNet
    137 UDP Disable NetBIOS Name Service
    Scope: LocalSubNet
    138 UDP Disable NetBIOS Datagram Service
    Scope: LocalSubNet
    1900 UDP Disable SSDP
    Scope: LocalSubNet
    2869 TCP Disable UPnP framework over TCP
    Scope: LocalSubNet
    3389 TCP Disable Remote Desktop
    Scope: *

    ICMP configuration for Standard profile:
    Mode Type Description
    -------------------------------------------------------------------
    Disable 2 Allow outbound packet too big
    Disable 3 Allow outbound destination unreachable
    Disable 4 Allow outbound source quench
    Disable 5 Allow redirect
    Disable 8 Allow inbound echo request
    Disable 10 Allow inbound router request
    Disable 11 Allow outbound time exceeded
    Disable 12 Allow outbound parameter problem
    Disable 13 Allow inbound timestamp request
    Disable 17 Allow inbound mask request

    Local Area Connection firewall configuration:
    -------------------------------------------------------------------
    Operational mode = Enable

    Port configuration for Local Area Connection:
    Port Protocol Mode Name
    -------------------------------------------------------------------
    443 TCP Disable Secure Web Server (HTTPS)
    80 TCP Disable Web Server (HTTP)
    110 TCP Disable Post-Office Protocol Version 3 (POP3)
    25 TCP Disable Internet Mail Server (SMTP)
    21 TCP Disable FTP Server
    3389 TCP Disable Remote Desktop
    143 TCP Disable Internet Mail Access Protocol Version 4 (IMAP4)
    220 TCP Disable Internet Mail Access Protocol Version 3 (IMAP3)
    23 TCP Disable Telnet Server

    ICMP configuration for Local Area Connection:
    Mode Type Description
    -------------------------------------------------------------------
    Disable 3 Allow outbound destination unreachable
    Disable 4 Allow outbound source quench
    Disable 5 Allow redirect
    Disable 8 Allow inbound echo request
    Disable 10 Allow inbound router request
    Disable 11 Allow outbound time exceeded
    Disable 12 Allow outbound parameter problem
    Disable 13 Allow inbound timestamp request
    Disable 17 Allow inbound mask request

    Log configuration:
    -------------------------------------------------------------------
    File location = (null)
    Max file size = 0 KB
    Dropped packets = Disable
    Connections = Disable


    C:\Documents and Settings\controler>
     
  25. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
Loading...
Thread Status:
Not open for further replies.