Jump to content

Surf Protection or Firewall?

Quirky

By Quirky,
in Other Emsisoft products

 Share

Recommended Posts

Quirky

Quirky

Posted
Posted

Hello everyone, a couple of questions:

1. I have a fairly lengthy range of IP addresses (both single addresses and some IP ranges) stored in a .txt file that I want to block. This older post suggests that the Firewall should be used for this instead. Is this still valid? I imported this .txt file into Surf Protection, everything seems fine and the IP's are listed normally. I cannot find something similar (file import) in the Firewall and it'd be impossible to import them one by one. Unless there's another way?

2. About Surf Protection: does it block the list entries globally at OS level or only via web browsers?

Thanks.

Link to comment
Share on other sites
Ken1943

Ken1943

Posted
Posted

Look closer at the Serf Protection. There is a box on the bottom left that says Import Host File. I believe a host file blocks all possible

connections from anywhere. Should be able to test by blocking a program from calling home which depending on that company's

amount of ip addresses. I never tested a host file for a range of addresses.

 

Link to comment
Share on other sites
Quirky

Quirky

Posted
  • Author
Posted

Thanks Ken1943, yes I know about the Surf Protection file import and mentioned it. The main question though is whether the Firewall is supposed to do this instead for better protection and if so, in what way.

Also, other threads suggest that Surf Protection does not work globally and since AppContainer is not supported, I am guessing Windows 8 and especially Windows 10 are not fully covered by Surf Protection (not talking about Edge, but W10 as a whole). I'm not technical on this stuff, just asking.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted

Here's an easy test. Block a safe IP address in the Surf Protection, and then try to visit a website that is hosted at that IP address.

As an example, GT500.org is safe, and is hosted at 74.63.222.170 which you can simply add a Surf Protection rule for, and see if it also blocks GT500.org.

Link to comment
Share on other sites
Dark Star 72

Dark Star 72

Posted
Posted

I have noticed that adding an IP address or www address to Surf Protection only works with a non sandboxed browser. Is this for the same reason that it doesn't work in Appcontainer?   I normally run Firefox under Sandboxie and Surf Protection does not stop connection to any sites on the list or my self entered one's. Is this by design in v12 as I know it worked in previous versions, certainly in v10 and I am sure in v11.

EIS File guard works OK in Sandboxie so I have to assume this is peculiar to Surf Protection.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted

It is possible that our Surf Protection is no longer compatible with Sandboxie on certain versions of Windows, however @stapp would know that better than I would since she uses Sandboxie.

In cases where the Surf Protection isn't working with a sandboxed browser, then you will have to create a firewall rule to block the IP addresses. Note that you can add multiple IP addresses to the same rule, as long as they are separated by commas. The firewall rules should also support IP ranges, as long as you use common ways of expressing them.

Link to comment
Share on other sites
Quirky

Quirky

Posted
  • Author
Posted
3 hours ago, GT500 said:

Note that you can add multiple IP addresses to the same rule, as long as they are separated by commas. The firewall rules should also support IP ranges, as long as you use common ways of expressing them.

Thank you, commas and ranges work fine. Hope you can consider adding an option to export/import Firewall rules only, separate from the Application rules (unless there's a way?).

Firewall rules should be easy to transfer to another PC but with the Application rules included in a2rules.ini, it doesn't seem like a good idea to try (32/64-bit systems/paths, different applications etc.)

Link to comment
Share on other sites
stapp

stapp

Posted
Posted
3 hours ago, GT500 said:

It is possible that our Surf Protection is no longer compatible with Sandboxie on certain versions of Windows, however @stapp would know that better than I would since she uses Sandboxie.

In cases where the Surf Protection isn't working with a sandboxed browser, then you will have to create a firewall rule to block the IP addresses. Note that you can add multiple IP addresses to the same rule, as long as they are separated by commas. The firewall rules should also support IP ranges, as long as you use common ways of expressing them.

I can confirm that Surf Protection does not work when using a browser under the protection of Sandboxie on Windows 7 using EAM.

Works fine when not using Sandboxie.

Will confirm when using Sandboxie with Windows 10 later.

Link to comment
Share on other sites
Dark Star 72

Dark Star 72

Posted
Posted
3 hours ago, stapp said:

To add to the above post, Surf Protection DOES work in a Sandboxied browser when using Windows 10.

But DOES NOT work in a Sandboxied browser using Windows 7

Both operating systems 64 bit, and both using EAM.

Thanks a lot for that info Stapp. I am using Windows 7 64 bit with no intention of upgrading at present so will have a look at creating a firewall rule for the site I need to block.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
21 hours ago, CBMman said:

Thank you, commas and ranges work fine. Hope you can consider adding an option to export/import Firewall rules only, separate from the Application rules (unless there's a way?).

You can export/import firewall rules in the general settings (note these exports/imports are in our own formats, and we don't currently have support for importing lists of rules in other formats):

eam_and_eis_export_and_import_settings.p

 

16 hours ago, Dark Star 72 said:

...will have a look at creating a firewall rule for the site I need to block.

The easiest way is to use the nslookup command in a Command Prompt to get the IP address of the website.

For example, the following: 

nslookup gt500.org

Will return the following: 

Server:  GT500
Address:  192.168.1.1
	Non-authoritative answer:
Name:    gt500.org
Address:  74.63.222.170

Link to comment
Share on other sites
Quirky

Quirky

Posted
  • Author
Posted
2 hours ago, GT500 said:

You can export/import firewall rules in the general settings (note these exports/imports are in our own formats, and we don't currently have support for importing lists of rules in other formats)

 

Thanks GT500, but that includes application rules ("Application and global firewall rules"). From a quick look in the exported a2rules.ini file, the application and firewall rules are mixed so it's not easy to separate them. Perhaps copy/pasting firewall-only rules into a separate a2rules.ini file might work for importing them, I don't know.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
11 hours ago, CBMman said:

Perhaps copy/pasting firewall-only rules into a separate a2rules.ini file might work for importing them, I don't know.

Importing an a2rules.ini that did not include your Application Rules would wipe out your Application Rules. Importing a settings file overwrites any existing settings that the file covers, rather than adding to any rules that already exist.

Link to comment
Share on other sites
xeon

xeon

Posted
Posted
On 1/25/2017 at 5:57 AM, stapp said:

To add to the above post, Surf Protection DOES work in a Sandboxied browser when using Windows 10.

But DOES NOT work in a Sandboxied browser using Windows 7

Both operating systems 64 bit, and both using EAM.

Surf Protection works for me sandboxed, Windows7 64.

2017-01-28 14_03_51-.png

Link to comment
Share on other sites
xeon

xeon

Posted
Posted
9 hours ago, stapp said:

Which browser xeon and which build of Sandboxie?

Cyberfox shown in photo, also Palemoon, SRWare Iron. Do not use IE.

Never had any problems with surf protection no matter what version of SBIE. If I did I would have dropped SBIE.

Now using 5.17.1 (64bit)

Maybe the issue is in newer Firefox versions, which I don't use?

Link to comment
Share on other sites
Dark Star 72

Dark Star 72

Posted
Posted
4 hours ago, xeon said:

You probably have in SBIE "configure/ software compatibility"    Emsisoft A-Squared Anti-Malware checked [+]?

I have the SBIE compatibility checked for Emsisoft  so I unchecked it and  rebooted and Surf Protection still doesn't work under Sandboxie in any of my browsers.

However, I notice in your signature you have the same setup as I do except you list MBAE. I assume that to get MBAE working with SB you have imported the ini. file into SB to make them compatible? If so I wonder if that has opened a path that allows Surf Protection to see the browser.

 

Link to comment
Share on other sites
xeon

xeon

Posted
Posted
2 hours ago, Dark Star 72 said:

I have the SBIE compatibility checked for Emsisoft  so I unchecked it and  rebooted and Surf Protection still doesn't work under Sandboxie in any of my browsers.

However, I notice in your signature you have the same setup as I do except you list MBAE. I assume that to get MBAE working with SB you have imported the ini. file into SB to make them compatible? If so I wonder if that has opened a path that allows Surf Protection to see the browser.

 

You can PM me for the ini. file.

I do not use MBAE anymore replaced with VoodooShield, either way no conflicts.

Link to comment
Share on other sites
xeon

xeon

Posted
Posted (edited)
3 hours ago, Dark Star 72 said:

I have the SBIE compatibility checked for Emsisoft  so I unchecked it and  rebooted and Surf Protection still doesn't work under Sandboxie in any of my browsers.

However, I notice in your signature you have the same setup as I do except you list MBAE. I assume that to get MBAE working with SB you have imported the ini. file into SB to make them compatible? If so I wonder if that has opened a path that allows Surf Protection to see the browser.

 

That might be it. I don't think so.

Give it a try.

MBAE.txt

Edited by xeon
Link to comment
Share on other sites
stapp

stapp

Posted
Posted

This issue started for me around last April.

I don't use MBAE so that is a dead end, in fact I don't have MBAM on this machine at all.

I use VoodooShield but have tested with and without it. I have done every thing I can think of such as uninstalling and then clean installing Sbie and EAM.

I cannot get Sbie to work with Surf Protection on Windows 7 either with SeaMonkey or IE11. (No problem on Win 10)

I use MVSP hosts, I install all Win Updates and run as Admin.

If I download the eicar test for for instance EAM catches it in the Sanbox  (yes I know it's not classed as a privacy risk thing)

However I doubt if Emsisoft will want to put much effort into solving this as I would think the amount of Win 7 +Sbie+EAM  userswill not be many.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
13 hours ago, stapp said:

However I doubt if Emsisoft will want to put much effort into solving this as I would think the amount of Win 7 +Sbie+EAM  userswill not be many.

It also depends on what's involved in fixing it, or if it's even something we can fix (whatever is causing it may not be on our end).

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2022 Emsisoft - 05/19/2022 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...