Jump to content

qwerty

Member
  • Posts

    87
  • Joined

Posts posted by qwerty

  1. I have just re-installed IE8 and having since checked my OA History, I think it has blocked part of the installation.

    Although I shut down all programs (including OA) before installing IE8, it needs to complete installation after a reboot and I think it's at this point that OA blocked spupdsvc.exe and iedkcs32.dll.

    I'm pretty sure it's screwed the installation, because (apart from the fact that it wasn't able to complete) IE is running very slowly, which can occur when dll's fail to get registered.

    Why would it do this and is there any way to fix it? I'd rather not re-install IE again because it's taken all day to install and update once already.

    Thank you.

    P.S: One other thing I noticed in the History was that the firewall had made an automatic decision to allow iexplore.exe to change. Why was this? Is it just because it had changed from one whitelisted file to another whitelisted file?

  2. Jack, I may be completely wrong (I'm just starting out with OA myself), but I think if you go to the "Programs" list, find FreeRapid, then right-click and choose advanced options. Here there will be a setting for "create executable" click "More" and choose to allow all. If this doesn't work, you could try selecting "Installer" from the advanced options.

    Just to be clear, you will be, arguably, lessening the security provided by the program guard, for this program. However, if this is a program that you know and trust, that shouldn't be too much of a problem.

  3. Not that I'm aware of. If you enable Debug mode, there is a "Diag" tab though, that shows network related information for OA's firewall component which support may sometimes request you provide if you are having problems with the firewall component.

    Hmm, that's an interesting little section, although (unsurprisingly, I'm sure) it brings a few more questions.

    What is "Service binary exists:", and why does it say both "False/True"?

    What is "Service current state 4/4"?

    And, most pertinently, "IM driver is not installed". I thought this might be important, but I notice in the corresponding screenshot for the web help, it also says this, so presumeably, it isn't that unusual.

    Thank you again catprincess.

  4. If you are working in Advanced mode, you can control ICMP and RAW per program by toggling the setting displayed in Firewall -> Rules -> Program Access. Just click the appropriate cell to toggle between Ask/Block/Allow.

    So the block rule for TCP/UDP ("Both") is global, but ICMP and RAW have to be configured for every single program individually? Is there no way to set a global rule, as with TCP & UDP?

    There isn't currently a way to allow ICMP or RAW only for certain IP addresses. To control the ports ICMP uses, you can select the types you want to allow from Firewall -> ICMP :) This setting is global and affects all programs.

    Yes, this seems to be a recurring issue with OA. I've noticed that under all protocol dropdowns, there are only ever options for "TCP", "UDP" or "Both". It's sorely lacking an "ICMP", "All" and possibly even "Other".

  5. It seems I used poor wording :(

    Forget it. Just a case of "Lost in (internet) translation".

    I suppose it could be possible that your driver, rather than being missing, is instead corrupted in some way. If that's the case, uninstalling, rebooting twice and reinstalling should fix it. However, taking the full details of the problem you are having into consideration, I really don't think this is very likely at all or I would have mentioned it before. I wouldn't want to waste your time with something that is very unlikely to be the cause. You are of course welcome to try it though :)

    This is what I was wondering. Does OA have any way of verifying that everything is installed and running correctly? (A bit like the SFC for Windows) I know Comodo has some sort of feature like this (although I don't know specifically what, or how, it checks).

  6. You can preemptively create a rule to block all inbound either for a selected program, or for all programs. In the Firewall Rule Editor, just select "All ports", set Protocol to "Both", Direction to "In" and choose the program or all programs using the radio box under the title "Program Control".

    If I select "Both" for protocol, that covers TCP and UDP, but what about ICMP and RAW?

    How would I go about setting an exception to this rule, for a certain IP address or port (or both)?

    Thank you for your always prompt replies, catprincess.

  7. Unless you are seeing in the Firewall status window, "No active interfaces" in the graphs column then this is a different issue to the one you are having. Since the driver wasn't installed in Lord of Pine's case, the information couldn't be displayed. In your case, you are seeing information displayed but you don't feel it's accurate which is a different issue.

    I know it's a different issue, but it's similar. Although it doesn't say "No active interfaces", it is failing to detect one of my interfaces. Most importantly, no-one seems to know what my "issue" is, so anything I can do to help narrow it down (even if it's just ruling something out), I would like to do.

    Finally, to say that I "don't feel" that the information is accurate is quite patronising. The information is incorrect.

  8. Is it correct that a standard home computer (that won't be running and kind of server) should have all incoming connections blocked? I have used other firewalls that provide this functionality.

    If so, does Online Armor (Premium) perform this by default, and if so, where can I check the setting/enable/disable this function?

    If not, would I manually configure this by creating a rule?

    Thank you.

  9. When responding to keylogger popups you need to consider the context of the alert. If you recognise the program and know it's legitimate (from a trustworthy vendor or downloaded from trustworthy website and not some crack site) then you should Allow it and preferably just Trust the program to avoid unnecessary alerts like this in future. IE for example, is a trusted program. I'm assuming you have untrusted it because keylogger alerts are suppressed for trusted programs. If you were just browsing the internet and suddenly got a keylogger alert out of the blue for an unrelated program, then it might be cause for concern.

    I think I know the series of events now. Earlier, I had replaced the iexplore.exe file with another program as a means of testing the firewall. When I then tried to run it, OA immediately noticed that the file had changed (as you would hope) and asked me if I wanted to allow it (to run, I think. If I had said yes, would it have also asked me if this new program could access the internet?) Because I said no, presumeably, that then set the program to "Untrusted", even after I had put the original iexplore.exe back.

    Does that sound correct?

  10. OA has started saying that Internet Explorer 8 is a keylogger, and do I want to allow this? If I say to block, then IE won't load.

    I've just tried deleting iexplore.exe from the program list and after that, the next time I ran IE, Online Armor said it was automatically trusted.

    Is IE a keylogger, or is it a false positive?

    Thank you.

  11. I opened a support ticket about this two days ago, how long should it take before I get a reply?

    Each support request will be answered as soon as possible, usually within less than 24 hours. The Emsisoft team prides itself on its response speed.

    I don't think so. I must have been at this forum for a week and I've had no responses from Emsisoft. I also sent them an e-mail a few days ago and have had no reply.

  12. I'm also curious about this.

    I downloaded and installed 4.5.1.431 (and that's what shows in the GUI). A couple of days ago I did an update and quite a few files were downloaded and installed (even requiring a restart), but the version number hasn't changed.

    This could be awkward when asking for technical support, as you are asked (for very obvious reasons) what version you are running when you start a ticket. I'm running a version of 4.5.1.431, but I can't be any more specific. Is there anywhere else to look for the version number?

  13. I really don't know how it works then. If you have to be connected to the dialup first in order to connect to AOL, then it would seem to all be going through the dial up connection anyway. Perhaps AOL connects you to a VPN when you go through them and that's what the interface is for.

    No, neither do I! And apparently, neither does OA, which is why I came here.

    I think you're right about everything going through the dial-up connection, because if that isn't connected, then nothing happens.

    What brought me to the interfaces tab and the realisation that the AOL connection wasn't being detected, was the problem I've already mentioned where the majority of internet traffic seems to be going "around" the firewall. When I looked at the downloaded data for the dial-up and the AOL connections, I saw that the dial-up was slightly larger and (perhaps coincidentally) it was by about the same amount as OA was reporting. So, to my (admittedly ignorant) eyes, it looks as though the data that goes purely through the dial-up is detected by OA, but the data that goes through the other connection (even though it is actually going through the dial-up, as you say) is completely missed by OA.

  14. Those columns are a bit confusing sometimes...

    They are green when the network interface is active or connected. If you untick the first column (active), then both columns ("Active" and "Address, Mask") will change to grey colour (which stays for interface "disabled").

    I can't untick the box in the "Active" column. I've tried left-clicking and right-clicking, but nothing happens. Should I definately be able to? Or am I missing something?

  15. I'm not sure if this how your AOL connection works, but I found a little about it here http://navigators.com/aol.html If your connection is like the AOL connection described there, it seems that it uses a proprietary protocol to connect to AOL, rather than the Standard TCP/IP protocol that is used for a regular connection to an ISP. Perhaps this is why OA can't display any details for this interface.

    It isn't really like that, as the machine doesn't have any special AOL hardware, just a standard modem. It's the AOL software that creates the second connection. I believe the dial-up uses the standard TCP/IP protocol like all dial-up connections. Also, if I look in the properties of the second connection, on the "Networking" tab, it says "This connection uses the following items:" and "Internet Protocol (TCP/IP)" is there.

  16. Sorry, I didn't explain this well. The yellow colouring in the "Active" and "Address, Mask" columns only indicates that the interface is set to the default setting (the setting it was automatically set to when the interface was first detected). The default setting of an interface can be either Trusted on Untrusted. The "Trusted" column and the "Description" column show the actual Trust status of the interface (ie green for Trusted or Red for Untrusted). If the user has changed the setting from it's default setting, the "Active" and "Address, Mask" columns will no longer be yellow; instead they will just match the colour of the "Trusted" and "Description" column.

    I'm not sure what exactly was going on your interface though. If the "Trust" and "Description" columns were green, then the Trust column should have been ticked but you said this wasn't the case. In any case, you should now be able to tick or untick the Trusted column and all the columns should then turn green or red accordingly.

    That's strange because I think it's doing the opposite of what you say. I didn't explain it very well either. The "Active" and "Address, Mask" columns are green, the "Trusted" and "Description" columns are yellow and the box that is inside the "Trusted" column is not ticked

    You don't connect to AOL through the dialup connection then?

    Sorry, this is confusing as well. It used to be the case that we would run the AOL software, choose to connect and it would dial and connect through the software. A while ago it changed. Now there is a standard dial-up connection in "Network Connections" which, when run, dials and connects to the internet. OA detects this "Interface" and shows it as I've just described. To check e-mail, browse the web or use other functions of the AOL software, the AOL software has to be loaded and then "Sign in" selected. Once it verifies username and password, it loads and another connection appears under "Network Connections". This new connection is what OA seems to struggle with. As explained above, it says that a new network is detected, but the details box is completely blank and nothing appears on the Interfaces tab.

  17. In the Firewall Rule Editor, you can add all ports to a rule by right clicking in the "Ports list" box and choosing "Add all ports" from the context menu.

    Endpoint restrictions can be set using the "Endpoint Restrictions" tab in the Firewall Rule Editor (this tab is only visible in Advanced mode). Untick "Use global restrictions" and under the title "Allow connections", select the radio box for "only to the following endpoints", click the "Add" button and then enter the appropriate IP address (in your case 127.0.0.1) into the IP address field and then click "OK".

    The section on creating Firewall rules here http://www.online-armor.com/webhelp3/FWCRules.html includes images and might also be helpful if you haven't seen it yet.

    Ah, right click in the box, thank you. I haven't managed to read all of the web help yet, I downloaded it to read offline, but the side menu wouldn't appear, so I ended up just reading the pages in alphabetical order (which wasn't ideal).

    So, I've put 127.0.0.1 into the IP address boxes, but what about "Mask"?

  18. It wasn't automatically trusted. The yellow colouring indicates the default Trust status (ie, the status that was assigned either during installation or when the interface was first detected). In your case, the default Trust status of this interface is "Untrusted".

    I really don't understand this (I'm sure you can tell). I thought you just said that the yellow colouring meant it was automatically trusted, and then you say it is untrusted, in the same post. Plus, the web help says that untrusted is marked red. Is there any other documentation I could read to help me understand this?

    What kind of connection is this that OA isn't seeing? A regular LAN connection? Bluetooth? Mobile broadband?

    I'm not sure. It's something that appears when I connect to AOL.

    Thank you for trying to explain all of this to me.

  19. Whenever I open IE8, it tries to make a UDP connection to 127.0.0.1 on a random port.

    Firstly, I assume this is normal (is it?) because I understand that ths IP address doesn't refer to the internet, but is simply within this machine, right?

    Secondly, does anyone know what this does?

    Finally, assuming this is perferctly normal, how do I create a rule to allow this? If I select to create a rule when I allow it, it seems OA makes a rule to allow allow UDP out from that specific port, to any IP address, which is the opposite of what I want. I think I want to create a rule that allows UDP out from any port to a specific IP address. In Comodo, I would create a rule for iexplore.exe to allow UDP out, to 127.0.0.1 from any port, but I'm not sure how to do this is OA.

    Thank you.

  20. The image of the interface in the webhelp shows it as appears when it's trusted by default. Your interface seems to be untrusted by default (I don't have a dial up connection but this is likely normal).

    So, if it's yellow and green, it's automatically trusted, but if it's all green, it's manually trusted? Also, how can it be automatically trusted, yet the "Trusted" option is not ticked? Which is correct?

    Finally, how can I get OA to see (and firewall) my other Interface?

    Thank you.

  21. When I connect to my dial-up account, it appears in the "Interfaces" tab of Firewall settings (and according to the online help, is therefore firewalled), but when I connect to a secondary network connection, OA doesn't detect it and add it to the Interfaces. It does bring up an alert about detecting a new network, but it is blank, there is no information in the details section. I then press "OK", but nothing appears in the Interfaces section. How can I bring this other network connection into OA (why isn't it automatic?) I do have "New networks discovery" enabled.

    Also, I read on the online help that "The Interfaces list is color coded to indicate automatically Trusted (yellow), manually Trusted (green), Not-Trusted (red), or disabled/not applicable (grey)." The interface on this machine, however, is both green and yellow (like the picture in the online help). The first column is green, the second is yellow, the third is green and the fourth is yellow. Also, the "Trusted" option is not ticked. So, I'm not sure if this is automatically trusted, manually trusted (I haven't done anything) or not trusted. Finally, should it be trusted or not? Surely not, because it's the internet.

    Thank you.

×
×
  • Create New...