Windows FW blocks BoClean updater?

Discussion in 'other firewalls' started by mercurie, Aug 3, 2005.

Thread Status:
Not open for further replies.
  1. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Pretty strange. I thought Windows was inbound defense only. Went to check to make sure BoClean was getting updated. Nope o. k. I 'll manually do it.

    "Error no connection check firewall settings."

    Connection must be lost. Nope can get out on the net fine. Keep messing around nothing worked. Alright I'll turn Windows FW off for a minute. Tried again. o_O Got the update! Wow. Why is this? Any one else have or know of this? I can manually update just turn XPSP2 FW off for a second but seems silly. :rolleyes: :p
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Don't use the firewall since I got a router. Turned the firewall off and told the security center that I had a firewall that I would monitor myself. BOClean updates just fine.
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi mercurie

    Windows Firewall is inbound only with the exception of a couple of ICMP types. How is BoClean updating: HTTP, FTP? Anything in the Windows Firewall log that would indicate it was the firewall?

    Regards,

    CrazyM
     
  4. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Hello Crazy M,
    It is Windows Firewall for sure, again this evening I was working with it. All I have to do is turn off Windows Firewall and click BoClean Update button, bam updates instantly.

    Before I did that I messed around some more. I added Boclean update and BoClean Program to the exceptions list. Upon doing that I got connection statement as opposed to the error message I listed above in the other post, but BoClean would freeze and Task Manager would indicate Updater "Not Responding". :p

    May be easier just to turn Windows FW off for a minute to get the update as I am behind a Router as well. I think BoClean is a much better way to fight off outbound trojans on a machine requiring youngsters to make decisions on pop up FW questions. :rolleyes:

    Based on my further investigation this evening I could try some other things like opening a port for it. I think it would need to be 21. :doubt: Then maybe I could change "Scope" to reflect I. P. address. Good grief... :p lots of trouble when all you got to do is turn it off for a second to get up date, Windows does not even complain for that short of time. I could not get the Logs to register anything even with check for dropped packets checked. Aports indicates after puting it in the WinFW exceptions list that a connection was established but no downloads and like I said above, no response.

    Any more thoughts even tho this is certainly not a big problem. There is a solution and others may encounter this and not all have the benefit of a router for protection. ;) Thanks.
     
  5. passing thru

    passing thru Guest

    I have found that BOClean's updater will connect and hang (stop "responding") if you have the DNS Client service running along with a custom hosts file (Bluetack's in my case). If I stop/disable the DNS Client service, the updater succeeds. If I let the DNS Client service run but with the "default" hosts file, the updater again succeeds. If you have it running, I would try disabling the DNS Client service and see if that helps. To double-check, I also installed BOClean on a clean XP image and the updater worked fine with a running Windows Firewall using default settings.
     
  6. passing thru

    passing thru Guest

    I should have mentioned that I am behind a router as well (with incoming IDENT forwarded to a non-existing IP).
     
  7. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Sometimes my XP firewall blocks KAV updater, but it always pops up with the warning that its blocked and asks if I want to unblock.

    In your firewall settings do you have the box checked for "Don't allow exceptions" if you do it doesn't warn you if firewall blocks programs.

    RejZoR said something about XP SP2 firewall blocks things that want to be a server, maybe Boclean & sometimes KAV updater want server rights o_O?
     
  8. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    Fastest answers from us come directly from support@nsclean.com ... Jan asked me to come and visit ...

    The problem you're having is usually Internet Explorer's internal settings ... in order to do FTP file transfers, Internet Explorer has to be set into what is called "passive mode" because the XP firewall will block a return signal from our end resulting in you actually not being connected. Give this a try and see if it solves it for you:


    How to Change the Internet Explorer FTP Client Mode

    Start Internet Explorer.
    On the Tools menu, click Internet Options.
    Click the Advanced tab.
    Under Browsing, click to clear the Enable folder view for FTP sites check box.
    Click to select the Use Passive FTP (for firewall and DSL modem compatibility) check box.
    Click OK.
    Internet Explorer behaves as a Standard mode FTP client if you select the Enable folder view for FTP sites check box, even if you also select the Use Passive FTP check box. If you clear the Enable folder view for FTP sites check box and then select the Use Passive FTP check box, Internet Explorer behaves as a Passive mode FTP client.

    HERE'S HOPING!
     
  9. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Thanks all,
    I usually come here so all can share in the knowledge, there maybe others that have the same or similar problem. All can benefit from the solution.

    Now as for the problem the settings are already as you have described and I still have the problem :(.
    Edit:
    Despite the fact I have the settings as you described. I think you are still correct in what you are saying, because just for the heck of it I went to your update website location and clicked on the downloader there. Same problem unable to display ftp failure in firefox and IE not found. Turn off Win. FW does it's thing proceed to load on C: we all know the drill worked like a charm. Must be a setting somewhere. Simple solution for me may be just to turn off the firewall and manually download. But these these things bug me o_O I do not know why. I like the automatic updates on all my stuff. ;)
     
    Last edited: Aug 5, 2005
  10. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Suggest you turn off windows firewall and leave it off since you have a router anyway. I can't see where you are getting much benefit from it.
     
  11. passing thru

    passing thru Guest

  12. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Hammer,
    I do understand your point but it makes for a nice back up should something get past my router FW. Back when I had ZoneAlarm I would check the inbounds just to make sure they were ZERO which was proof positive that my router was working as it was suppose to. Just me I guess.

    Passing thru,
    Thanks I will check this link out. Making a hole in port 113 may be a viable solution as well, given what I know and Hammer has said, after all it is just a backup protection from incomings.

    I will post back and let all know how this comes out. :) ;)
     
  13. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Just thought I would pass this along. For the time being I will just manually update. Drop the firewall click update. Get the update. Turn the Firewall back on. Whoopie. Whole process might take 15 seconds. As for the hour by hour potential update releases that I might miss. The safe surfing habits will take care of that, eventually I'll figure it out, but there is no hurry for now.

    Just wanted to post back as I always do my best to keep my promises. ;)
     
  14. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    It is the firewall in my router which does not let BOClean bring back the update on auto. I have to log into my router and go down a setting in my router firewall & collect the update manually.
    I have Outpost configured to allow which it does but other than I have to lower my router firewall for the seconds it takes to update and then back to my secure setting.

    My friend has another router and thought BOClean was updating on auto for the first while until he discovered when he checked manually the updater was bringing back the updates at all.
    Love the program and Wilders provides the info when there is an update which is when I tweak my router to collect it. I prefer to keep my router firewall setting high for the rest of the time.
     
  15. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi mercurie

    From Robyn's post/experience have you checked your router logs for any indication of something being blocked?

    Regards,

    CrazyM
     
  16. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Robyn and CrazyM,
    When I had ZoneAlarm on this machine before I decided to get rid of it and just use windows FW. It worked fine. Also my other PC on the network behind the router running Out Post FW works fine too get the Auto updates no problem. I have by process of elimination gotten it down to something on this machine and when I drop WinFW I can get it just fine. I think it has to be something here.

    I am checking logs but reading the things especailly Win FW logs :p makes my head spin. :doubt:
     
  17. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Maybe the ZoneAlarm uninstall left some stuff behind or the problem is something messed up in the windows firewall. I have BOClean behind a router and previously used ZoneAlarm before I got the router. I get auto updates just fine as I often manually check via the BOClean menu. Have you checked for ZoneAlarm files left behind? I read on Wilder's where someone had a similar problem getting updates for their AV and solved it by reinstalling Windows SP2.
     
  18. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    All,
    I have an update for you. The problem described above was on let's call it pc2.

    Today on pc1 o.k. with me. I wanted to upgrade to latest OutPost version. Clean uninstall and wipe out configuration files. Standard for me. Reboot as instructed most know the routine. I think hmmm I want to do a test. Enable WinFW. Open up Boclean update. NO Problem! o_O My problem is unique to machine number 2. :eek: .

    I will now look for some ZoneAlarm trash. As Hammer has suggested. ;)
     
  19. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Hows it going?
     
  20. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Still working on it. I also forgot I had done a Totally Uinstall process for this to monitor loading. :)

    Used it to clean some registry keys out. ;) Except for that. I must have done a good job. Because I searched high and low. No Zone Alarm trash could be found. I used Hoov's uninstall process which has always done pretty good.

    Any way it made no difference BoClean still will not update unless I drop the Winfirewall. That is the bad news.

    The good news... I ain't giving up. :D
     
  21. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Hows Sygate 5.5 working out?
     
  22. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    First time I've used it. Sygate was a real close second to Zone Alarm when I was a newbie.

    The depth and detail to the logging and control is remarkable for a freebie.

    It solved my BoClean update problem that's for sure! :D

    If I comment any more I will start a new thread. It appears this one has now out lived it's topic. The solution was to dump Windows SP2 Firewall. :p
     
  23. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Well a new thread may soon be necessary as you may need a another firewall due to Symantec purchase of Sygate.
     
  24. CrystalSky

    CrystalSky Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    6
    Yes, the solution IS to drop Windows Firewall as I found out through a few days of head banging:

    Note: BOClean; FTP + Windows Firewall Users
    http://www.dslreports.com/forum/remark,14195544

    Keep in mind that my Symantec rapidrelease.bat updater also fell prey to this new anomaly and gaining any direct browser access to FTP sites.

    Originally I thought it was caused by the 9 August 2005 Windows Updates, but since this thread began six days prior that throws my theory out the window along with the firewall! NIS does fine alone.
     
  25. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    CrystalSky,
    Thanks for the post and sharing your experience. Our problem was exactly the same (two days behind), our attempts to correct the problem almost exactly the same and I am sure we are not alone. My goal was to help myself and help others.

    Glad I could be of help or at least let you narrow the problem down. ;)
     
Loading...
Thread Status:
Not open for further replies.