Jimbo 0 Report post Posted May 16, 2013 When I connect to http://www.bing.com/ OA reports multiple iexplorer.exe/TCP connections are opened. These connections remain even if IE 8 is closed. (This is on a Win XP system, hence IE For example. edge-star-shv-03-ash5.facebook.com Both of the following have been entered in OA Domains with a status of "Blocked" but the connection is still made. edge-star-shv-03-ash5.facebook.com *.facebook.com Closing the connection in OA does nothing. Anyway to block such connections? Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted May 17, 2013 You'll have to block the IP address rather than the domain name. The reason why has to do with the way TCP/IP and domains names work, and I can do my best to explain it if you want me to. The IP address for edge-star-shv-03-ash5.facebook.com is 173.252.112.23 from what a quick ping is telling me. The IP address for facebook.com is 173.252.110.27 (if you want to block both of those addresses, then you will have to block both IP addresses). Quote Share this post Link to post Share on other sites
Jimbo 0 Report post Posted May 17, 2013 Thank you for responding! Ok, you did a ping to get the IP address of edge-star-shv-03-ash5.facebook.com getting 173.252.112.23. In the OA firewall I found the url in the Remote address field, noted the "local address", then unchecked "Resolve Addresses." OA lists the IP address in "Remote address" as 69.171.242.27. The latter address actually resolves to out.edge-star-ecmp-02-ash3.facebook.com. Both addresses will be added. I *THINK* this is done via a blacklist. However, I have tried to find how to create a blacklist. OA Help says to select a blacklist and "edit". So, an empty file was created called "OA Blacklist.txt" but OA says it is not a black list. Nor, does it allow entering a file name after clicking Add. An internet search turns up addresses to download a blacklist, which seems dangerous! Would you mind pointing me to instructions on creating a blacklist? Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted May 17, 2013 I would believe what you are looking for is the Restrictions tab in the Firewall. The information at this link says "The Restrictions tab allows you to restrict connections by IP address/range and by Country." You should be able to add IP addresses to that list to be blocked, however please note that this functionality requires Online Armor Premium. Quote Share this post Link to post Share on other sites
Jimbo 0 Report post Posted May 20, 2013 The first thing I looked at was the restrictions tab. Assuming this is the tab to use then (1) "All Connections" would have to be set "Allowed" and every connection to be prevented would have to be listed. Presumably the current setting is denying some connections and allowing those probably wouldn't be a good idea. (2) Since the current setting for "All Connections" is "Denied" then the connection being discussed would have been denied or the firewall is failiing. Thus, I don't think this is the right location. Quote Share this post Link to post Share on other sites
Jimbo 0 Report post Posted May 20, 2013 You stated: please note that this functionality requires Online Armor Premium. Per the status page I have: Emisoft Online Armor version 6.0.0.1736 Premium edition Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted May 22, 2013 (1) "All Connections" would have to be set "Allowed" and every connection to be prevented would have to be listed. ... That would be the best way, unless you want to deny every incoming connection except for those from the IP addresses you specify. Quote Share this post Link to post Share on other sites