Windows Update

Discussion in 'LnS English Forum' started by Neggy, Jul 22, 2005.

Thread Status:
Not open for further replies.
  1. Neggy

    Neggy Guest

    I can not update via http://update.microsoft.com when I have LnS on.

    It works fine when I switch it off.

    Do I create a rule for this? What about Automatic Updates?

    Where do I check...in the Log?

    Cheers

    Neggy
     
  2. Neggy

    Neggy Guest

    I had about 10 different things in my log when I tried to update.

    I chose to create a rule for the last one.

    ICMP: Allow Type 3 This rule allows your computer to send a receive packets of type 3 on ICMP protocol.

    Now update works fine.

    Is this all I need t do.

    Is it safe?

    What is ICMP?

    What are Type 3 packets?

    Any advice would be appreciated.

    Neggy
     
  3. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Neggy :)

    You can create 4 rules for Windows Updates:
    for the applications : Generic Host Process and Internet Explorer.

    All those rules have as Source your IP
    local ports 1025 to 5000 , protocol TCP

    Destinations:

    1- IP address range 206.24.0.0 to 206.24.254.254 port 80
    2- IP address range 66.77.0.0 to 66.77.254.254 port 80
    3- IP address range 207.46.0.0 to 207.61.254.254 ports 80 and 443
    4- IP address range 64.4.0.0 to 64.254.254 ports 80 and 443


    You must check in IE to put the security level to default values.
    Be sure there is no malwares glued in that IE otherwise they may
    prevent WU ...

    (A good idea is to used IE only for MS stuff such as W updates
    and surf on the web with an alternate Browser such as Firefox or Opera...)

    Thoses rules must be placed after Allow internet standards programs
    or the equivalent in your rule set.

    Works with WU v.5 V. 6 and Microsoft Updates for office pprducts (WU 6
    option)

    :)
     
  4. Neggy

    Neggy Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    73
    Location:
    England
    Thanks you for your reply.

    Does this mean what I have done is (as above) is wrong?

    Neggy
     
  5. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Neggy :)

    Used one of the 2 rules set provided by L'n'S
    and add the 4 rules i gave you after allow standard internet stuff...

    I joint the rules here in a text file.
    Change the extension for .rie then import the rules in your Firewall ...

    :)
     

    Attached Files:

    • WU.txt
      File size:
      4.8 KB
      Views:
      82
  6. Neggy

    Neggy Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    73
    Location:
    England
    Hi Climenole,

    I deleted the rule I created and inmported the 4 rules you sent me.

    But Windows update still didn't work?

    I added the rule I mentioned in my previous post and it works again?
     
  7. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Neggy :)

    Very strange ...

    What is your Operating system ?

    W xp or ... ?

    But, first thing first.
    In my previous post I stated that those 4 rules was ok for WU :
    this was uncorrect !
    those addresses ranges must also to be added :
    66.71.*.* and 208.72.*.* ... remote port 80.
    and the protocols are TCP and UDP not only TCP like I said... :-(
    Sorry for this mistake.

    Please note that those rules must included as authorized applications
    Internet explorer (iexplore.exe) and Generic Host Process (svchost.exe)

    Now about the ICMP Protocol.

    In the beginning of the rules list you must block
    the incomming ICMP code 0 type 10


    In the section of ICMP protocol such as the one in standard
    rule set provided by L'n'S you must have those 4 rules:
    (They comes with rules sets provided by L'n'S...)

    1- allow outgoing icmp code 0 type 8 "echo"
    This allow your system and application to send a "ping" when needed.

    2- Allow incoming Icmp code 0 type 0 "answer to echo".
    This allow your system and application to received the answer to their "ping".

    3- Allow outgoing and incomming Icmo code 0 type 11. This is "Tracert".
    This allow you to trace all computers between your PC and the target.

    4- Last but not least :
    Block all other Icmp signals.

    With thoses rules I can update Windows and Office 2003...


    Suggestion :

    Create a single temporary rule for internet explorer and svchost
    with no restrictions (all ports on both side) and set it to log all access.

    Then run Windows Update ...
    (The service Windows Uopdate must be started and in automatic mode :
    start | run | services.msc ...)

    When WU will be finished check in the log for all entries related to
    Windows Updates : port in , port out, IP address etc.

    That way you will be able to create your own rules...

    Don't forget to remove the temporary "allow all" rule after this check up. ;-)

    Examples:

    http://cjoint.com/?hzg7frzysl
    http://cjoint.com/?hzhaayb5tz

    Hope this help.
    Let us know.

    :)
     
  8. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
  9. Neggy

    Neggy Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    73
    Location:
    England
    Thank you for your reply.

    This doesn't seem very simple for me. :doubt:

    I will need to take my time to learn.

    Do you know if Phant0ms rule set has the WU included?

    https://www.wilderssecurity.com/showthread.php?t=86193

    Which rule set would you advise me on using ....enhanced or phant0m?

    Thanks again

    Neggy
     
  10. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Hi Neggy,

    I've never had problems using WU with Phant0m's ruleset (or Enhanced set) :)
    Phant0m's ruleset is more restrictive then the Enhanced set. This means that using Phant0m's set could give some extra protection, at the expense of ease of use for some programs.
     
  11. Neggy

    Neggy Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    73
    Location:
    England
    I have also posted this one Phant0ms forum.....

    Hi,

    I've just load on Phant0ms V6 rule set.

    https://www.wilderssecurity.com/showthread.php?p=516876#post516876

    I can't connect any of my progs to the internet yet is this because I need to complete the 4 rules which say 'Rule needs modification before activating'?

    Where can I find out what I need to write for each....


    Or is there something else I should be doing?

    Thanks

    Neggy :(
     
  12. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Neggy :)

    Phat0m's Rules eh ?

    Keep things simple please.

    You put yourself in trouble by using this complex rules set...
    They are interresting but not the last word about the best rules set...
    (A last word do not exist.)

    To be very clear about this issue, this rules set included many useless rules
    for the vast majority of users and it's,in my humble opinion, a little bit
    botched job...

    When you asked some informations about thoses rules Mr. Phant0m keep
    silence and disappear ... as a phantom ;-)
    May be he's a Firewall Guru ... (I don't care of this!).

    Why apply a rules set if your only justification is because
    some Phant0m's groopies say it's the "best in the west" o_O
    Don't be victim of the "False Authority Syndrom" please.

    The enhanced rules are provided by the developpers of Look'n'Stop:
    I guess they know what they are doing...Right ?
    Did you agree ?

    Used the Enhanced rules provide by Look'n'Stop which are
    enough for a new user and add the rules I gave you to
    allow Windows and Office updates .

    That's work with WU v. 5 and WU v.6 in manual or automatic updates modes
    in W xp sp2.

    Put thoses rules after the rule "Autorize Standard Internet Services".

    They works well in my PC and there is no reason to be different in yours.

    If they won't works may be it's a problem :
    1- with the W xp services parameters
    2- with the Internet Explorer parameters
    3- with some malwares hijacking your PC

    Hope this help.
    Let us know.
    :)
     
  13. Neggy

    Neggy Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    73
    Location:
    England
    Hi Climenole,

    Thank you for your response again.

    (I have XP SP2)

    ok ..... I will use the Enhanced Rules....

    I'm not sure what you mean by
    Is there not somekind of rules file that I can just import like you sent me before?

    This all seems quite advanced for me? o_O

    Neggy
     
  14. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Neggy :)

    Hum.. I try to be as simple as possible.

    1- Try to makes Windows Updates with only the Enhanced rules set.
    Normally WU works with those rules.

    2- If you would like to have a more "sophisticated" rule set
    you can add those "updated" rules ...

    (In my first post I stated that my 4 rules was ok. That's not correct.
    Two more are needed AND all of thoses rules must be set for TCP and UDP protocol. Not only TCP...)

    I joint the rules set.

    You must import those rules,
    placed them after the "Allow standard Internet Services" rule
    Check if the rules are set for Internet Explorer and Generic Host Process
    -> svchost.exe
    Save and apply.

    Sometimes it's necessary to reboot to be sure the new rules are
    accepted...

    Try a manual Windows Update from the applet in Control Panel.
    and check in the firewall log to see if it's working and if it's blocked somewhere.

    Please note that the service Windows Updates must be started and in automatic mode even you make a manual update...

    Let me know if it's now working.

    :)
     

    Attached Files:

    • WU.txt
      File size:
      7.2 KB
      Views:
      25
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Neggy

    In regards to the WU problem, what do you ‘switch off ‘ for WU to work? Application Filtering? Or Internet Filtering? Properly configured rule-set (or look ‘n’ Stop pre-bundled EnhancedRulesSet) WU should not be a problem unless you made modifications to its Internet Filtering rules, and if you know you hadn’t, I would consider the Application Filtering layer at fault for WU problems.


    Climenole,

    You say rule-set is complex, yet you belittle and make incorrect statements, the rule-set is only complex for those who don’t have understanding of security or firewalls in general, and obviously you fail to have an understanding.

    No, the vast majority are the ones to benefit from the rule-set, but you are entitled to your ~snip....Bubba~ opinions. And as for “botched job” I like to see you do better, until then these sorts of remarks are meaningless.

    Climenole I suppose you wanting an apology from me? I apologize for discontinuing my dedicated assistance which I had been giving for many years to Look ‘n’ Stop product and its customers, and I apology for my informational websites that had all went down (which I had no control of) which supported Look ‘n’ Stop software and its customers, informational area where Phant0m``s Rule-set Guide could have been located to aid with the necessary setup (which made it far less complex for users). It was beautiful and I don’t regret the time I spent, volunteering, however I’m 23 and it were about time I started doing things that benefited my future. And so therefore I do apologize also for not sitting around the board waiting for questions to be asked, or coming around and going through many of posts and respond.

    Whether my Rule-set is the best or not, I’m yet to see you poster link to something else better offered to the Look ‘n’ Stop community.

    You can continue to degrade the rule-set because it being of complexity, requiring some configuration on the user part, but if you are smart you would know, if you want something good, it doesn’t always come easy.
     
    Last edited by a moderator: Jul 26, 2005
  16. Neggy

    Neggy Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    73
    Location:
    England
    With the Enhanced Rule set I get [Error number: 0x80072EE2] and can not get WU.

    My Log shows about 20 logs of....
    ICMP : All ICMP types (nukes, ...)
    Internet >> PC
    00:0F:B5:B0:4D:AC
    00:0E:35:FC:E5:C6
    IP
    [XX2.16X.0.X]
    LocalPC
    ICMP
    576
    38926
    0 0
    0
    255
    3 : Destination Unreachable
    4 : fragmentation needed and DF set
    00 00 05 B2 45 00 05 DC 0F 3A 40 00


    WU works if I quite LnS.

    WU also works if I create a rule for the above log.

    I have imported the 4 rules in the above post but these don't seem to help (unless In am doing something wrong?)

    Neggy
    :doubt:
     
  17. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Phant0m,

    The vast majority using your rules set do not understand thoses rules...
    and , yes, the Enhanced rules set provided by Look'n'Stop give a reasonable
    protection for their PCs.

    A too much complex rules set is useless for a newbie.

    "Entities should not be multiplied beyond necessity".

    The interest in your rules set is in the similarity to the ones
    in the Unix IPTables (TCP packet with various flags...).
    The others are the equivalent of other rules set for
    rules based firewall under Windows...

    But my opinion is not important since :

    I'm an ignorant, I don't understand security,I don't understand firewalls
    and you are the 23 year's old Guru of the Look'n'Stop Community...
    How you "know" this about me o_O ;-)
    Let me laugh :-D

    I understand that young poeple are sometimes a bit arrogant.
    I don't care of this.

    My principal design is to help poeple, not to feed my self-esteem
    and inflate my head.

    Drink a fresh glass of water, keep calm and go to play outside boy.

    :-D
     
    Last edited by a moderator: Jul 26, 2005
  18. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I agree it is complex rule-set for most to comprehend, take NOD32; you don’t need to know the technical inner workings to know it’ll protect. As for complex, I bet if you were to ask majority of the Look ‘n’ Stop users about the EnhancedRulesSet rule-set, I bet you also see vast majority whom are confused to the purpose for its rules in this rule-set.

    EnhancedRulesSet does offer reasonable protection, no debating there. But it sounds like you type of person who always goes the easy root, who doesn’t like to work to achieve something good. And that being said, I see why you are ignorant to many things, things you discuss about.

    I don’t agree that complexity is a downfall for newbies, and it has been proving long before your butt ever got here that people can apply and operate the rule-set. I also have always been the one to say, when time permits, try to understand the rules in your rule-set better.

    You can say whatever you like in attempt to degrade the rule-set, like it or not you are far from the truth. My rule-set with information I had on my previous webpages informs people about the necessity of rules in the rule-set, what is offered to the rule ordering is vital bit of knowledge which you obviously cannot comprehend. –

    If you think I multiplied and created bunch of useless rules, which not serve a purpose, let’s see them, poster these here or in PM.

    In addition; I’m still waiting to see you create something better, or merely link to someone else’s better creation for the Look ‘n’ Stop community.

    Anyways, if this was anytime before, I would love to sit here and debate with you, but I do have a life and I don’t feel like wasting it on you, and your silly games.

    Regards,
    Phant0m``
     
  19. Neggy

    Neggy Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    73
    Location:
    England
    o_O

    .....anyway I still can't connect to WU with LnS Enhanced or Phant0m rules....but I can without LnS.

    I am sure LnS is the best firewall and I want to keep it but if I don't get this sorted by the time the trial ends I won't.

    :'(
    Neggy
     
  20. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hi Neggy

    Launch the Look 'n' Stop main window, access "Application Filtering" and (temporarily) uncheck 'Application filtering enabled', try WU.

    If the problem still persists, re-enable Application filtering, simply check that box again and go over to 'Internet Filtering' screen and (temporarily) uncheck 'Internet filtering enabled', try WU again.

    Let me know the results, thanks
     
  21. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    What type of connection you have? And are you running behind a Router?
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    The reason I ask, this problem is known to happen while with some Routers using MTU size (default setting) ‘1500’, the MTU size should be changed on the Router to ‘1492’.
     
  23. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Sorry for hijacking this thread, but since Phant0m is present, may I ask him if he plans on releasing the update to his ruleset, as mentioned in a previous thread/post ?
     
  24. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Neggy and Phant0m :)

    Phant0m : I don't want to argue with you about the rules sets...
    I believed that things must be kept simple to help Neggy to
    make a WU with L'n'S firewall. My aim is to find a solution for Neggy.
    That's all. :)

    Neggy :
    Is it possible to send us the rules set your are using ?
    Export the rules set, change the extension to .txt and
    upload it here.

    I'm looking at it and I hope somebody else also.
    More than one advice is better ? Right ?

    Don't worry : WU works with L'n'S and it will work for you soon.

    :)
     
  25. Neggy

    Neggy Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    73
    Location:
    England
    WU doesn't work :'(

    It works! :)

    At the moment I am behind a Netgear Router. But I get the same results with my Vodafone 3G datacard on GPRS.

    Thanks

    Neggy
     
Thread Status:
Not open for further replies.