sded

Member
  • Content Count

    79
  • Joined

  • Last visited

Everything posted by sded

  1. Are you interested in the WebrootSecureAnywhere beta incorporating Prevx? There are some known and potential issues there with OA in the Webshields. Haven't heard of anything with Webroot AV and OA++.
  2. Are you using a HOSTS file in windows/system32/drivers/etc? What does the first entry say? Does the National Geographic address appear somewhere?
  3. What program is listed as generating these connections? The picture shows lots of http connections (port 80) successfully being generated by some process in your computer. Each connection requires a local endpoint, thus the successive ports on your side use a one-up-counter.
  4. If you disable OA it will turn the Windows firewall on automatically if you have that option checked under options/firewall. It will disable the Windows firewall again when you restart OA. Should be no problem.
  5. I don't use Skype, but the green messages generally say you should approve the connection and make a rule so the popup goes away. Since Skype incorporates VOIP, I suspect it uses a local proxy (localhost) to communicate with the rest of your system.
  6. localhost, 127.0.0.1, is your computer, and has nothing to do with the HOSTS file. It is the internal loopback network connection used by many processes to communicate with each other. See http://en.wikipedia.org/wiki/Localhost for more information. You should allow it, and have "intercept loopback interface" checked under options/firewall in OA.
  7. sded

    ICMP

    I agree; OA seems to have added just confusion with this implementaion. Once you get past 0,3,8,11 the other stuff is mostly for detailed network management in a more benign environment than the internet. After all, Unix and TCP/IP Networking were there first. 11 is used for Tracert, but you only need to receive it. OA shouldn't allow 0, 3, 11 out unless you check them. Incoming ICMP packets that are not responses to requests should be discarded. So the defaults allow you to ping and tracert others, for example, but don't let others ping/tracert you. The idea is to keep you from responding to probes. And I did get a rule made for Ping-see attachment. Since RAW includes all protocols except TCP and UDP, this column is useless. Some firewalls allow you to enter protocol numbers allowed (for things like Protocol 41 for IPV6)-I have never seen a blanket allow of RAW before. And would have no idea how to use it. When I used Kerio 2.1.5 the world was sure a lot simpler in a sense.
  8. sded

    ICMP

    Wikipedia actually has a pretty good brief overview of how ICMP is used at http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol . What OA does by default is allow your system to send out requests for information and receive certain system error messages, but not allow you to respond to requests for information or provide error indications. Besides the defaults I also allow "destination unreachable" since otherwise your log can end up being filled with reattempts. Some of the later table is very strange as you said. But another question remains: What does the ICMP column mean under Firewall/Programs when these are OS messages used to monitor networks? I never got an answer. Programs don't ping other programs, for example; they invoke Ping in the OS which sends an ICMP Echo Request to the Host IP indicated and waits for an Echo response to see what the round trip travel time is. The RAW protocol column gives me similar consternation-looking at http://en.wikipedia.org/wiki/List_of_IP_protocol_numbers , why is the column even there for user applications? I never got an answer befvore, but maybe some Emsi expert can clarify a bit.
  9. Echo request setting just allows you to ping someone else. I took a quick look at a manual, and under firewall settings/denial of service there is a setting "discard ping from WAN". This setting should be on to not respond to ping requests. Looks like a quality router. Your router is in front of OA in the datastream, so anything it does can't be undone by OA.
  10. What kind of router do you have? Usually there is a setting to turn ping on and off. Often good to have it on for setting up a network, but not usually desirable or necessary for operations.
  11. Are you using a router? Most likely your router reporting in. You can check under firewall/icmp to see that echo replies are not allowed by OA.
  12. Do you have avast! excluded from OA? I run them together that way with no issues. The two webshield functions are quite different. The OA webshield validates your DNS results and allows you to block (or allow) specific domains. It has no AV properties. The Avast! Webshield is an actual AV that checks your web links for viruses. So they should not be competing to perform the same functions on your web interfaces
  13. Like most of these block recommendations, you should block it if you don't know what it is. But it is in the right place for Google updates, And you are using Google products, so is an FP in that sense. Don't know why OA recommends a block. I have it exluded.
  14. What Google does is download the upgrade installer, do the upgrade, and doesn't always remove the installer even though you are finished with it. Some Microsoft products work this way also. You should be able to just move it to the recycle bin.
  15. Did you look for it with Explorer in the location recommended for exclusion? No reason it should be in the locations you mention after it is installed. Google also seems to erase some of the updates when they are finished being installed.
  16. Try adding "C:\Program Files (x86)\Google\Update" to the options/exclusions tab. There are different versions of this file with different Google downloads.
  17. Observation using reset list to initiate the "discovering" dialog was that toggling the "trusted" checkmark in the first image a few times causes the "found new network" popup to appear more rapidly, and the computers to then appear in image 2. Does this not work for you? Would help flesh out a bug report.
  18. Sorry; no I can't see that. They do not appear muted on the graphic I looked at headlined firewall settings /interfaces.
  19. I can replicate the behavior using "reset list". This causes the "discovering" dialog to occur, and toggling the "trusted" status will show the proper "found new network" dialog. Unchecking "trusted" and hitting "OK" lets the discovering dialog terminate and the network setup to complete.
  20. Jose_Lisbon, are you running Avast! also? I hadn't run the leaktests for a while, then remembered the combination killed off the leak tests silently for some reason. If you are using Avast!, disable the shields temporarily and try again. I hope they kill real leaks as effectively.
  21. I have the same problem as Jose_Lisbon. Fig 1 shows the first popup asking to allow or block. When I allow, the process is killed. And the "Programs" tabs shows a red "allowed" as in fig 2. I can get it to run by trusting it, but then OA will fail. Latest beta of OA++, W7x64SP1. Similar behavior with clt; allow and die.
  22. One thing that is worth looking at is http://uninstallers.blogspot.com/ . If you have used any of these security products in the past, you may find that the using the custom uninstallers helps speed things up. After running them, uninstalling, rebooting, and reinstalling OA can further improve performance.
  23. What was your previous firewall and how did you uninstall it? There may still be residue present that is incompatible with OA. These are not common problems.
  24. Suggest you go to options/exclude in OA and add the Avast! folder to the list of exclusions. Avast! updates dynamically enough that sometimes OA doesn't recognize that it is dealing with the same element.
  25. Do you have XP SP3 installed? What firewall were you using before OA and how did you uninstall it? What was/is your other security software?