iWarren

Firewall Blocking Internet Connection after Update

Recommended Posts

Last night there was an update that required a restart

I rebooted and there was a notification that i would have to reset some rules.

I'm afraid I didn't get a clear look at the notification so I cant tell you more.

 

After the update though, my internet couldn't connect unless the firewall was disabled.

 

This morning i've spent hours trying to get it back up again, tried exporting/importing

my settings to perhaps re-initalize it, with no success.

 

Then i cleared all settings to factory default. Still it won't connect, I input the same rules

as i always have, and nothing.

 

I started Wireshark to see if I could ascertain what was going on, if I disable the firewall

it connects instantly, and here is a successful connection attempt:

 

0.0.0.0 (68) -> 255.255.255.255(67) (DHCP)

Network Adapter -> BROADCAST

ROUTER -> Network Adapter (ARP)

192.168.0.2 -> 224.0.0.22  (IGMPv3)

Network Adapter -> BROADCAST (ARP)

ROUTER -> Network Adapter (ARP)

192.168.0.2 -> 224.0.0.22  (IGMPv3)

192.168.0.2 -> 224.0.0.22  (IGMPv3)

192.168.0.2 -> 224.0.0.22  (IGMPv3)

192.168.0.2 -> 224.0.0.22  (IGMPv3)

192.168.0.2 -> 224.0.0.252 (5355) (LLMNR)

192.168.0.2 -> 224.0.0.22  (IGMPv3)

192.168.0.2 -> 192.168.0.1 (53) (DNS)

Network Adapter -> BROADCAST

ROUTER -> Network Adapter

 

then it picks up with a series of DNS requests

i see some communications on port 443, i believe thats svchost

establishing a network connection,

 

then its business as usual with some DNS, couple arp packets, and LLMNR (5355)

which i believe is name resolution for the computers workgroup name.

 

With the firewall enabled,  'Network and Sharing Center' indicates "Identifying . . ."

and hangs there for a couple minutes, before connecting... and then 10 seconds later

it drops the connection.

 

I've had a similar situation in the past when svchost wasnt allowed to connect to 80, 443

in the initial stages of the connection attempt.  (not saying thats what it is, but thats what

the situation acts like.)

 

With the firewall enabled this is what happens:

 

0.0.0.0 (68) -> 255.255.255.255 (67) DHCP

Network Adapter -> Broadcast  (ARP)

Network Adapter -> Broadcast  (ARP)

Network Adapter -> Broadcast  (ARP)

Network Adapter -> Broadcast  (ARP)

192.168.0.2-> 224.0.0.22 (IGMPv3)

192.168.0.2 -> 224.0.0.252 5355 (LLMNR)

192.168.0.2 -> 224.0.0.252 5355 (LLMNR)

192.168.0.2-> 224.0.0.22 (IGMPv3)

0.0.0.0 (68) -> 255.255.255.255 (67)

0.0.0.0 (68) -> 255.255.255.255 (67)

0.0.0.0 (68) -> 255.255.255.255 (67)

0.0.0.0 (68) -> 255.255.255.255 (67)

0.0.0.0 (68) -> 255.255.255.255 (67)

Network Adapter -> BROADCAST

ROUTER -> Network Adapter (ARP)  <--- here it finally responds to the arp request.

192.168.0.2-> 224.0.0.22 (IGMPv3)

Network Adapter -> BROADCAST

ROUTER -> Network Adapter (ARP)

192.168.0.2-> 224.0.0.22 (IGMPv3)

192.168.0.2-> 224.0.0.22 (IGMPv3)

192.168.0.2-> 224.0.0.22 (IGMPv3)

192.168.0.2 -> 224.0.0.252 5355 (LLMNR)

192.168.0.2 -> 224.0.0.252 5355 (LLMNR)

192.168.0.2 -> 192.168.0.1 (53) (DNS)

Network Adapter -> BROADCAST

ROUTER -> Network Adapter (ARP)

192.168.0.2-> 224.0.0.22 (IGMPv3)

Network Sharing Center indicates it has a Network+Internet connection at this point.

 

Then it makes about 20 attempts at DNS

then Network Sharing Center drops the connection and goes back to identifying.

 

So its somewhere between the point of DNS and svchost.exe not securing a connection on 443 or 80

is my guess.

 

Also, its not my connection rules because i've tried allowing 0-65535 UDP/TCP and all ICMP

also tried it with factory defaults for all settings.

 

My next option will be to uninstall the application and go from there.

 

I did read another post by a user that perhaps theres a conflict with Emsisoft and Realtek adapters?

 

I know it all stems from that last night update, Got any ideas?

 

By the way... my typical rules i use are:

 

TCP IN 80, 443  (for svchost)

UDP IN 68 (for router)

UDP OUT 53, 67  (for DNS and router)

 

i used to allow 5355 but i discovered it wasnt required.

 

Then i setup 80, 443 specifically for svchost and block 0-65535.

This setup has worked for a long time (until that update)

 

Share this post


Link to post
Share on other sites

I reinstalled and that definitely cleared up some issues,

it told me to install Windows6.1-KB2958399-x86

and then microsoft sent me on a goose chase to find the file.

emailing me a link to their website for download... and then i

kept getting "500 server not found" errors. then an hour later

the file becomes available... and the self-extractor doesn't look

like your typical Windows extraction tool.

All that aside... i can now connect... i tried loading my old settings,

and it started to disconnect again, so i cleared all the settings and

started new. I think part of the problem was... I may have been

blocking Router Advertisements as i wasnt allowing any ICMP's on

a private network.

Private network i assume is defined as 192.168.0.1 and local ip ranges?

Also... i couldn't get it to work without having it allow

TCP/UDP on the Private network, when i try to insert 0-65535 in the blank,

it doesn't seem to work, but when i leave the port rule empty, it seems to work.

at least its working, though i kind of had other plans for my day instead of troubleshooting the firewall :|

Share this post


Link to post
Share on other sites

yeah its still acting up.

 

it connects because i think it isn't blocking anything, and then when i turn the firewall on/off, it starts blocking again.

 

but then after its reinitialized, it kicks me off the internet again.

Share this post


Link to post
Share on other sites

managed to get it to work by loading factory defaults, and then just allowing connection attempts as they arise.

for some reason it didn't like my custom rules... although they appear to be the same as what was set up.

not sure whats going on there.

Share this post


Link to post
Share on other sites

Lets try restoring the default Global Firewall Rules (please feel free to make a backup of your own settings via the import/export settings feature). Here's how to do that:

  • Open Emsisoft Internet Security.
  • Click on Settings in the menu at the top.
  • Click on the Factory defaults button near the upper-right.
  • Make sure that only the option labeled Global firewall rules is selected.
  • Click the OK button to apply the changes.

Share this post


Link to post
Share on other sites

i still don't think the firewall is working correctly... I loaded factory defaults, for Global Firewall Rules

and it was able to connect, asking me for the appropriate allowances to connect

svchost asking for 67-68  and 80,443

 

and then having no rules set....... for MSDTC.exe (which connects to a remote computer) using port 3389

it was still allowing the rule, when it should have been blocked by the first 2 default firewall settings.

 

i deleted the program MSDTC.exe from the list, and let it connect again... which then prompted me if i

wanted to allow/block.  I blocked it, and that seemed to work.

 

I think the issue is, somewhere along the line.. the behaviour blocker isn't deleting the rule in its internal listing,

so it still allows it, even when the rule has been removed from the listing.

 

I can not reproduce the error, but it seems that sometimes what its allowing/blocking isn't always whats being

displayed in the firewall settings.

Share this post


Link to post
Share on other sites

Outgoing traffic is always automatically allowed. If it wasn't, you wouldn't be able to access the Internet at all without creating a bunch of firewall rules or clicking through a bunch of alerts from the firewall to allow access whenever a new program tries to access the Internet.

Share this post


Link to post
Share on other sites

That doesn't really address the problem.

 

That falls into the "automatic rule settings" which i changed to "ask" to prompt me to create the rules.

 

Ever since the update on July 8th,

i've consistently had to reset Factory Defaults, as well as re-initialze the Firewall.

I've had 3 BSOD's (something to do with the kernel_ data) and i've had "Application Rules"

that should have applied, but didn't... and then when i delete the program and added the rule

they seem to work.

 

i also had the GUI crash several times yesterday, once while resetting factory defaults, the app hanged.

and then had an error where i'd click on "Settings" and then on "Protection" and the Settings menu

overlayed on top of the Protection menu.

 

All of these incidents occured after a fresh install, and all of my troubles started from that one update on July 8th

 

I truly appreciate any troubleshooting / tech support you can provide, but please don't respond with an automated

message, as this is not an issue of resetting defaults, restarts or reinstalls. 

Share this post


Link to post
Share on other sites

That falls into the "automatic rule settings" which i changed to "ask" to prompt me to create the rules.

I am not aware of any such setting in Emsisoft Internet Security 10. There were settings like that in version 9, but they were removed in version 10 in favor of the new privacy controls.

As for the other issues, lets try the following:

  • Uninstall Emsisoft Internet Security.
  • Restart your computer twice.
  • Download and reinstall Emsisoft Internet Security from this link.

Share this post


Link to post
Share on other sites

i had uninstalled/installed a couple days ago

and the version i'm using is 10.0.0.5532

 

Protection -> Firewall

at the bottom right is a button that says  "Automatic rule settings"

 

which opens up a window called "Advanced Firewall Settings"

allowing you to Allow/Block/Ask whether a connection is allowed by default.

Share this post


Link to post
Share on other sites

Protection -> Firewall

at the bottom right is a button that says  "Automatic rule settings"

 

which opens up a window called "Advanced Firewall Settings"

allowing you to Allow/Block/Ask whether a connection is allowed by default.

OK, for some reason I thought you meant for the Behavior Blocker. The firewall does have separate settings even though the Application Rules are shared between both components.

We really don't recommend changing the settings for automatic rule creation from the defaults, but if you post a screenshot of your current settings for whether to Allow/Ask then we can try doing some testing to see what happens.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.