Quirky

Surf Protection or Firewall?

Recommended Posts

Hello everyone, a couple of questions:

1. I have a fairly lengthy range of IP addresses (both single addresses and some IP ranges) stored in a .txt file that I want to block. This older post suggests that the Firewall should be used for this instead. Is this still valid? I imported this .txt file into Surf Protection, everything seems fine and the IP's are listed normally. I cannot find something similar (file import) in the Firewall and it'd be impossible to import them one by one. Unless there's another way?

2. About Surf Protection: does it block the list entries globally at OS level or only via web browsers?

Thanks.

Share this post


Link to post
Share on other sites

Look closer at the Serf Protection. There is a box on the bottom left that says Import Host File. I believe a host file blocks all possible

connections from anywhere. Should be able to test by blocking a program from calling home which depending on that company's

amount of ip addresses. I never tested a host file for a range of addresses.

 

Share this post


Link to post
Share on other sites

Thanks Ken1943, yes I know about the Surf Protection file import and mentioned it. The main question though is whether the Firewall is supposed to do this instead for better protection and if so, in what way.

Also, other threads suggest that Surf Protection does not work globally and since AppContainer is not supported, I am guessing Windows 8 and especially Windows 10 are not fully covered by Surf Protection (not talking about Edge, but W10 as a whole). I'm not technical on this stuff, just asking.

Share this post


Link to post
Share on other sites

Here's an easy test. Block a safe IP address in the Surf Protection, and then try to visit a website that is hosted at that IP address.

As an example, GT500.org is safe, and is hosted at 74.63.222.170 which you can simply add a Surf Protection rule for, and see if it also blocks GT500.org.

Share this post


Link to post
Share on other sites

I have noticed that adding an IP address or www address to Surf Protection only works with a non sandboxed browser. Is this for the same reason that it doesn't work in Appcontainer?   I normally run Firefox under Sandboxie and Surf Protection does not stop connection to any sites on the list or my self entered one's. Is this by design in v12 as I know it worked in previous versions, certainly in v10 and I am sure in v11.

EIS File guard works OK in Sandboxie so I have to assume this is peculiar to Surf Protection.

Share this post


Link to post
Share on other sites

It is possible that our Surf Protection is no longer compatible with Sandboxie on certain versions of Windows, however @stapp would know that better than I would since she uses Sandboxie.

In cases where the Surf Protection isn't working with a sandboxed browser, then you will have to create a firewall rule to block the IP addresses. Note that you can add multiple IP addresses to the same rule, as long as they are separated by commas. The firewall rules should also support IP ranges, as long as you use common ways of expressing them.

Share this post


Link to post
Share on other sites
3 hours ago, GT500 said:

Note that you can add multiple IP addresses to the same rule, as long as they are separated by commas. The firewall rules should also support IP ranges, as long as you use common ways of expressing them.

Thank you, commas and ranges work fine. Hope you can consider adding an option to export/import Firewall rules only, separate from the Application rules (unless there's a way?).

Firewall rules should be easy to transfer to another PC but with the Application rules included in a2rules.ini, it doesn't seem like a good idea to try (32/64-bit systems/paths, different applications etc.)

Share this post


Link to post
Share on other sites
3 hours ago, GT500 said:

It is possible that our Surf Protection is no longer compatible with Sandboxie on certain versions of Windows, however @stapp would know that better than I would since she uses Sandboxie.

In cases where the Surf Protection isn't working with a sandboxed browser, then you will have to create a firewall rule to block the IP addresses. Note that you can add multiple IP addresses to the same rule, as long as they are separated by commas. The firewall rules should also support IP ranges, as long as you use common ways of expressing them.

I can confirm that Surf Protection does not work when using a browser under the protection of Sandboxie on Windows 7 using EAM.

Works fine when not using Sandboxie.

Will confirm when using Sandboxie with Windows 10 later.

Share this post


Link to post
Share on other sites

To add to the above post, Surf Protection DOES work in a Sandboxied browser when using Windows 10.

But DOES NOT work in a Sandboxied browser using Windows 7

Both operating systems 64 bit, and both using EAM.

Share this post


Link to post
Share on other sites
3 hours ago, stapp said:

To add to the above post, Surf Protection DOES work in a Sandboxied browser when using Windows 10.

But DOES NOT work in a Sandboxied browser using Windows 7

Both operating systems 64 bit, and both using EAM.

Thanks a lot for that info Stapp. I am using Windows 7 64 bit with no intention of upgrading at present so will have a look at creating a firewall rule for the site I need to block.

Share this post


Link to post
Share on other sites
21 hours ago, CBMman said:

Thank you, commas and ranges work fine. Hope you can consider adding an option to export/import Firewall rules only, separate from the Application rules (unless there's a way?).

You can export/import firewall rules in the general settings (note these exports/imports are in our own formats, and we don't currently have support for importing lists of rules in other formats):

eam_and_eis_export_and_import_settings.p

 

16 hours ago, Dark Star 72 said:

...will have a look at creating a firewall rule for the site I need to block.

The easiest way is to use the nslookup command in a Command Prompt to get the IP address of the website.

For example, the following:

nslookup gt500.org

Will return the following:

Server:  GT500
Address:  192.168.1.1
	Non-authoritative answer:
Name:    gt500.org
Address:  74.63.222.170

Share this post


Link to post
Share on other sites
2 hours ago, GT500 said:

You can export/import firewall rules in the general settings (note these exports/imports are in our own formats, and we don't currently have support for importing lists of rules in other formats)

 

Thanks GT500, but that includes application rules ("Application and global firewall rules"). From a quick look in the exported a2rules.ini file, the application and firewall rules are mixed so it's not easy to separate them. Perhaps copy/pasting firewall-only rules into a separate a2rules.ini file might work for importing them, I don't know.

Share this post


Link to post
Share on other sites

If you import a set of rules that only contain firewall rules, do those get added to whatever was already there, or replace what was already there?    If it's 'replace', would that implicitly delete one's pre-existing application rules?

Share this post


Link to post
Share on other sites
11 hours ago, CBMman said:

Perhaps copy/pasting firewall-only rules into a separate a2rules.ini file might work for importing them, I don't know.

Importing an a2rules.ini that did not include your Application Rules would wipe out your Application Rules. Importing a settings file overwrites any existing settings that the file covers, rather than adding to any rules that already exist.

Share this post


Link to post
Share on other sites
On 1/25/2017 at 5:57 AM, stapp said:

To add to the above post, Surf Protection DOES work in a Sandboxied browser when using Windows 10.

But DOES NOT work in a Sandboxied browser using Windows 7

Both operating systems 64 bit, and both using EAM.

Surf Protection works for me sandboxed, Windows7 64.

2017-01-28 14_03_51-.png
Download Image

Share this post


Link to post
Share on other sites
9 hours ago, stapp said:

Which browser xeon and which build of Sandboxie?

Cyberfox shown in photo, also Palemoon, SRWare Iron. Do not use IE.

Never had any problems with surf protection no matter what version of SBIE. If I did I would have dropped SBIE.

Now using 5.17.1 (64bit)

Maybe the issue is in newer Firefox versions, which I don't use?

Share this post


Link to post
Share on other sites

Very interesting. :)

I am using SeaMonkey. Perhaps it's some kind of setting I have that stops surf protection working on my Win 7 machine.

Will look deeper !!

Share this post


Link to post
Share on other sites
4 hours ago, xeon said:

You probably have in SBIE "configure/ software compatibility"    Emsisoft A-Squared Anti-Malware checked [+]?

I have the SBIE compatibility checked for Emsisoft  so I unchecked it and  rebooted and Surf Protection still doesn't work under Sandboxie in any of my browsers.

However, I notice in your signature you have the same setup as I do except you list MBAE. I assume that to get MBAE working with SB you have imported the ini. file into SB to make them compatible? If so I wonder if that has opened a path that allows Surf Protection to see the browser.

 

Share this post


Link to post
Share on other sites
2 hours ago, Dark Star 72 said:

I have the SBIE compatibility checked for Emsisoft  so I unchecked it and  rebooted and Surf Protection still doesn't work under Sandboxie in any of my browsers.

However, I notice in your signature you have the same setup as I do except you list MBAE. I assume that to get MBAE working with SB you have imported the ini. file into SB to make them compatible? If so I wonder if that has opened a path that allows Surf Protection to see the browser.

 

You can PM me for the ini. file.

I do not use MBAE anymore replaced with VoodooShield, either way no conflicts.

Share this post


Link to post
Share on other sites
3 hours ago, Dark Star 72 said:

I have the SBIE compatibility checked for Emsisoft  so I unchecked it and  rebooted and Surf Protection still doesn't work under Sandboxie in any of my browsers.

However, I notice in your signature you have the same setup as I do except you list MBAE. I assume that to get MBAE working with SB you have imported the ini. file into SB to make them compatible? If so I wonder if that has opened a path that allows Surf Protection to see the browser.

 

That might be it. I don't think so.

Give it a try.

MBAE.txt

Edited by xeon

Share this post


Link to post
Share on other sites
11 hours ago, xeon said:

That might be it. I don't think so.

Give it a try.

MBAE.txt

I already have link to the ini. file but don't see any point in installing MBAE as EIS now covers that sector. Will wait and see if Stapp comes up with any thing.

Share this post


Link to post
Share on other sites

This issue started for me around last April.

I don't use MBAE so that is a dead end, in fact I don't have MBAM on this machine at all.

I use VoodooShield but have tested with and without it. I have done every thing I can think of such as uninstalling and then clean installing Sbie and EAM.

I cannot get Sbie to work with Surf Protection on Windows 7 either with SeaMonkey or IE11. (No problem on Win 10)

I use MVSP hosts, I install all Win Updates and run as Admin.

If I download the eicar test for for instance EAM catches it in the Sanbox  (yes I know it's not classed as a privacy risk thing)

However I doubt if Emsisoft will want to put much effort into solving this as I would think the amount of Win 7 +Sbie+EAM  userswill not be many.

Share this post


Link to post
Share on other sites
13 hours ago, stapp said:

However I doubt if Emsisoft will want to put much effort into solving this as I would think the amount of Win 7 +Sbie+EAM  userswill not be many.

It also depends on what's involved in fixing it, or if it's even something we can fix (whatever is causing it may not be on our end).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.