Jump to content

OA Premium settings questions


Recommended Posts

OA Premium settings questions

First time user of OA Premium ver5.0.1097 here. Have used an older version of OAfreever3.5 and have used a 30day trial of OA Premium ver4. I see there are a lot of changes done and I'd like to ask a few questions please.

Files and Registry

This is my first time to see this and am happy that u have included this one.

OA allows you to view the contents of the folder that is set at 'blocked'. Isn't that supposed blocked when you click it thereby not permitting the user to see the contents. Why does it allow to let the user view the contents when the whole folder is blocked with slash-asterisk -- KMPlayer\Box_1\* ...?

But, when I create a new rule for a specific folder, like, C:\Documents and Settings\__\My Documents\The KMPlayer\Box_1 and I set it all to Block(For unknown programs/For trusted programs/For not trusted programs in tandem with 'checked' Create/Delete/Modify/Read) some files can still be accessed.

Please see attached images.

- Video that I placed inside Box_1 when double-clicked or dragged onto a media player is blocked.

6f814e3b6a.jpg

- PDF file I placed inside Box_1 when double-clicked is blocked upon launch.

806b490d7c.jpg

- JPEG file when using right-click>Open With>(all other image viewers) are blocked.

17bafc619c.jpg

- same JPEG file when double-clicked and right-click>Open With is 'allowed' to launch and viewed via Windows Picture and Fax Viewer. Isn't this supposed to be blocked? :blink: This should be.

01ab5d13f3.jpg.

How can I add incoming/outgoing block rules for ports in OA Premium?

In reference to this link http://forum.hidemyass.com/showthread.php?tid=1416 I am keen on blocking incoming / outgoing connections from ports 123, 135-137, 138-139, 443,445 and 5900-5903/3389, 5800, 5500 as well. I see that OA has pre-blocked access to some of the ports I want to block. I alsoblocked 445 in the registry. I tried to set a port block for port 443(TCP/UDP) in/out but I can't seem to type '443' only '44'...likewise with '5800' only '58'. Now I am not a techy but try to learn as much as I can through questions.

Creating block rule for applications that frequently calls home

My connection is sometimes flaky and I do not want an application eating up all the precious bandwidth I have. Some that I like to disable are Java update(I download updates and install manually --disabled it in the Control Panel), The KMPlayer, Wondershare products and CyberlinkPowerDVD to name some.

Please see image attached adv.jpg,

257e71f221.jpg

should selecting Program Name>Advanced options>(Block) use DNS API enough? Or, I need to create a rule for the IP address that the program is calling to? Is there a better way of doing this block rule?

I see a "terminate" in the right-click,can I use that to terminate an existing connection?

Please do share any suggestions that you might deem necessary for an OA Premium user. Maybe tips to make me more secure while using it and the like.

Is there a .pdf user-guide or manual I can download so I can read it at my spare time at the office? This really will be a great help to me. Can you point me towards a link for the download please.

I hope you can assist me in my questions for using/setting OA Premium. Newbie here really.

Thank you very much. :D

alexG :D

Link to comment
Share on other sites

Just to start you off alex, to stop programs calling home just untick 'automatically allow trusted to access internet' in OA options-firewall tab. That means first time it tries to call out OA will ask you and you just select block. The program can still run of course, it just cannot call home.

No downloadable pdf just the online help (quite comprehensive) available via right-click on taskbar icon and selecting 'help'

Link to comment
Share on other sites

Files and Registry

This is my first time to see this and am happy that u have included this one.

OA allows you to view the contents of the folder that is set at 'blocked'. Isn't that supposed blocked when you click it thereby not permitting the user to see the contents. Why does it allow to let the user view the contents when the whole folder is blocked with slash-asterisk -- KMPlayer\Box_1\* ...?

But, when I create a new rule for a specific folder, like, C:\Documents and Settings\__\My Documents\The KMPlayer\Box_1 and I set it all to Block(For unknown programs/For trusted programs/For not trusted programs in tandem with 'checked' Create/Delete/Modify/Read) some files can still be accessed.

The Files and Registry Feature is not designed to prevent users from viewing the files or registry keys, it's just designed to stop malware from tampering with them. As such, Online Armor's processes and critical Windows processes (such as explorer.exe which would be what you were using to view the files) are exempt from any file or registry rules :) This also ensures that it isn't possible to unintentionally create rules that would render your system unbootable.

How can I add incoming/outgoing block rules for ports in OA Premium?

In reference to this link http://forum.hidemyass.com/showthread.php?tid=1416 I am keen on blocking incoming / outgoing connections from ports 123, 135-137, 138-139, 443,445 and 5900-5903/3389, 5800, 5500 as well. I see that OA has pre-blocked access to some of the ports I want to block. I alsoblocked 445 in the registry. I tried to set a port block for port 443(TCP/UDP) in/out but I can't seem to type '443' only '44'...likewise with '5800' only '58'. Now I am not a techy but try to learn as much as I can through questions.

Most of these ports are already on OA's restricted ports list, which means these ports are not able to be used for internet connections, only local connections. If you want to add extra ports to this list, you can click the "Add" button. It seems that the cursor for the ports field here defaults to the centre of the field, which is probably why you are having trouble entering the numbers. If you use your mouse to click and move the cursor as far to the left of the field as possible, it will be possible to enter a 4 digit port number :)

I see a "terminate" in the right-click,can I use that to terminate an existing connection?

Which section are you referring to? The firewall status window? There is "Kill process" and "Close connection" option there, but I do not see any "Terminate".

Link to comment
Share on other sites

Hello,

Thanks for the reply. I was really waiting on the reply as I have work tomorrow.

@stapp,

Thanks did that just now :)

@catprincess,

The Files and Registry Feature is not designed to prevent users from viewing the files or registry keys, it's just designed to stop malware from tampering with them. As such, Online Armor's processes and critical Windows processes (such as explorer.exe which would be what you were using to view the files) are exempt from any file or registry rules This also ensures that it isn't possible to unintentionally create rules that would render your system unbootable.

So the files are/or ca be viewed definitely. Hmmm...okay. I'll just change the defualt viewer to one that OA blocks and restrict WPFviewer. Kids you know might see something they must not see. One thing more, if I wanted that particular folder to be blocked and not viewed can OA be set todo that or I'll just use Windows restrictions.

Most of these ports are already on OA's restricted ports list, which means these ports are not able to be used for internet connections, only local connections. If you want to add extra ports to this list, you can click the "Add" button. It seems that the cursor for the ports field here defaults to the centre of the field, which is probably why you are having trouble entering the numbers. If you use your mouse to click and move the cursor as far to the left of the field as possible, it will be possible to enter a 4 digit port number

Okay will try that later and report back here probably tomorrow.

Which section are you referring to? The firewall status window? There is "Kill process" and "Close connection" option there, but I do not see any "Terminate".

Sorry I meant "KILL" in the Firewall status. Got used to the other firewall I am using in my personal pc.

....should selecting Program Name>Advanced options>(Block) use DNS API enough? Or, I need to create a rule for the IP address that the program is calling to? Is there a better way of doing this block rule?

I'd like to ask this one, is this okay blocking it here? Does Advanced options>(Block) use DNS API renders the same function as creating a block rule for apps calling home. I ask because if it ca be done here it's a way a lot safer to teach my eldest about OA Premium(I am starting him off with pc security so I'll not bust my head trying to repair what he breaks. Teaching him about security will make him more sensitive I think).

How about the Performance slider there? What's that for?

Additional please:

About Anti-Keylogger

I do not know why PowerDVD,Rocketdock.exe, DVDFlick are classified as Keyloggers..? It's allowed now but are there any settings (maybe in the Program Name>Advanced options>) that I can do make it safe?

Or is RunSafer the best way to do it?

About Hosts file

I use MVPS hosts file(updated last February 2011 I think), will updating that alarm OA? I manually paste it in the Windows>System32>Drivers>etc.

Sorry for a bunch of questions here. Can't realy ask anybody about OA Premium. Too many pop-ups they say. For me it's just for starters but Learning Mode will cure that after a week. Most of the guys I know are either using the OAfree or Comodo or Outpost or ZoneAlarm.

Thank you and will be waiting for more replies here.

alex :)

Link to comment
Share on other sites

Forgot to ask these two:

About Listening ports

Where do I go to see about what "Listening" ports I have on my connection? I do not see that in the Firewall status window.

About Stealth

While I have just visited GRC ShieldsUP! and got a TruStealth result, where is that setting in OA actualy?

Thanks again :thumbs:

Link to comment
Share on other sites

So the files are/or ca be viewed definitely. Hmmm...okay. I'll just change the defualt viewer to one that OA blocks and restrict WPFviewer. Kids you know might see something they must not see. One thing more, if I wanted that particular folder to be blocked and not viewed can OA be set todo that or I'll just use Windows restrictions.

Sorry, it's not possible to block folders and their files from being accessed by Windows Explorer. The Files feature isn't intended as a form of parental control at all.

Sorry I meant "KILL" in the Firewall status. Got used to the other firewall I am using in my personal pc.

The "Kill process" option will terminate the selected process completely; the program will no longer be running. "Close connection" on the other hand, closes just the selected connection, but the actual program stays running.

I'd like to ask this one, is this okay blocking it here? Does Advanced options>(Block) use DNS API renders the same function as creating a block rule for apps calling home. I ask because if it ca be done here it's a way a lot safer to teach my eldest about OA Premium(I am starting him off with pc security so I'll not bust my head trying to repair what he breaks. Teaching him about security will make him more sensitive I think).

This setting changes whether Online Armor will allow the program to make DNS queries using the DNS Client service. If you have the DNS Client service disabled (people using large hosts files often disable it), it will not be useful though. In Firewall -> Programs, you can also use the "Add" button to add as many programs as you wish and set to them to be "Blocked" for internet access if you don't want to wait for a program to ask.

How about the Performance slider there? What's that for?

This is taken from the webhelp page here http://www.emsisoft.com/en/info/oa/Programs.html#advanced :

Performance (available on 32bit systems only)

These settings change the way that the selected application utilizes your computer’s processor. These settings are intended for advanced users that require this type of control of selected programs.

  • CPU Limit – Malfunctioning programs can sometimes use 100% of your computer's processing power, causing the system to freeze until it finishes (if it ever does).This feature changes the maximum amount of processor power that Online Armor will allow the selected application to use. At 100%, the selected application may use as much of the processor as it needs, but programs can be restricted to as little as 10% of the processor. Move the arrow shaped slider left to lower the setting, and move it right to increase. This feature is set to 100% by default (the right-most end of the slider).
  • Affinity mask – When your computer has more than one processor, a multiple core processor, or a processor with "Hyperthreading", a program may not be able to use the processor(s) correctly or you may wish to choose which processor/core the program uses. This feature changes which processor/core the selected application should use the most, or "favor".

Additional please:

About Anti-Keylogger

I do not know why PowerDVD,Rocketdock.exe, DVDFlick are classified as Keyloggers..? It's allowed now but are there any settings (maybe in the Program Name>Advanced options>) that I can do make it safe?

Or is RunSafer the best way to do it?

Online Armor detects keyloggers based on "behavior", so you may see detections for legitimate programs that aren't keyloggers. Many programs use the same techniques for legitimate purposes such as "Hot Keys". When you see a keylogger alert you need to consider the program involved and whether you trust it. If it's a well known trustworthy program and you received it from a reputable sourcethen you set the program to Trusted to allow it to function normally :)

About Hosts file

I use MVPS hosts file(updated last February 2011 I think), will updating that alarm OA? I manually paste it in the Windows>System32>Drivers>etc.

No, you shouldn't receive any alerts when doing this. If you use a hosts manager to do this and haven't marked it as trusted, then you'd receive an alert, but once allowed, that program would then be able to update the hosts file without further popups.

About Listening ports

Where do I go to see about what "Listening" ports I have on my connection? I do not see that in the Firewall status window.

If you untick "Show only connected endoints", you can see any processes that are in "Listen" state :)

About Stealth

While I have just visited GRC ShieldsUP! and got a TruStealth result, where is that setting in OA actualy?

There isn't an adjustable setting for this in OA. OA stealths by default unless there are rules have been created allowing ports to be open to traffic.

Link to comment
Share on other sites

@catprincess,

Thanks a lot for the reply.

Sorry, it's not possible to block folders and their files from being accessed by Windows Explorer. The Files feature isn't intended as a form of parental control at all.

Okay. Thanks for that. I'll use Windows restirctions instead.

The "Kill process" option will terminate the selected process completely; the program will no longer be running. "Close connection" on the other hand, closes just the selected connection, but the actual program stays running.

Okay. Understood.

This setting changes whether Online Armor will allow the program to make DNS queries using the DNS Client service. If you have the DNS Client service disabled (people using large hosts files often disable it), it will not be useful though. In Firewall -> Programs, you can also use the "Add" button to add as many programs as you wish and set to them to be "Blocked" for internet access if you don't want to wait for a program to ask.

Okay. Understood. I did that when I was on trial with OA Premium ver4.

This is taken from the webhelp page here http://www.emsisoft....s.html#advanced :

Performance (available on 32bit systems only)

These settings change the way that the selected application utilizes your computer’s processor. These settings are intended for advanced users that require this type of control of selected programs.

CPU Limit – Malfunctioning programs can sometimes use 100% of your computer's processing power, causing the system to freeze until it finishes (if it ever does).This feature changes the maximum amount of processor power that Online Armor will allow the selected application to use. At 100%, the selected application may use as much of the processor as it needs, but programs can be restricted to as little as 10% of the processor. Move the arrow shaped slider left to lower the setting, and move it right to increase. This feature is set to 100% by default (the right-most end of the slider).

Affinity mask – When your computer has more than one processor, a multiple core processor, or a processor with "Hyperthreading", a program may not be able to use the processor(s) correctly or you may wish to choose which processor/core the program uses. This feature changes which processor/core the selected application should use the most, or "favor".

Very nice. Thanks there.

Online Armor detects keyloggers based on "behavior", so you may see detections for legitimate programs that aren't keyloggers. Many programs use the same techniques for legitimate purposes such as "Hot Keys". When you see a keylogger alert you need to consider the program involved and whether you trust it. If it's a well known trustworthy program and you received it from a reputable sourcethen you set the program to Trusted to allow it to function normally

Okay. Will check out what can be placed RunSafer or Trusted.

If you untick "Show only connected endoints", you can see any processes that are in "Listen" state

Please see image. Sorry for ignorance...where is "listening" there....?

84ce021947.jpg

There isn't an adjustable setting for this in OA. OA stealths by default unless there are rules have been created allowing ports to be open to traffic

Okay. Understood.

Allow me to make and check my settings and will be back here. Thanks for the help :)

alex :)

Link to comment
Share on other sites

That was fast! Sorry for that I understood it wrongly. Okay I see listening now! Great! :thumbs:

I'll post again when I have regained my wits and read the online user guide. I'll open another topic. You can close this one as "solved".

Nice talking to you there! :)

alex :)

Link to comment
Share on other sites

I notice that in one of your posts you mention that you will leave learning mode on for a week. I personally would not do that.

OA does it's own learning mode for 2 minutes at install and you can always use it, if desired, when installing a new app. Then turn learning mode off. If you leave it on for a week OA will learn the good *and* the bad if you catch my drift.

Link to comment
Share on other sites

@stapp,

Hi, I am not in learning mode now. I forgot to mention it in the last thread and reply to catprincess. Working fine now. Only RunSafer seems not to wok smoothly for Opera 11.01..observed that it freezes for about 5-8seconds at intervals especially when there is a lot of mouse movement...still observing though. Saw it in FF4.01 also..same but again still observing.

Have removed Chrome browser in Sandboxie and used RunSafer instead to eliminate the on-going Chrome/OA/SBIE problem.

Printed the user-guide via PDFXchange viewer lite. Whole user-guide..whew..and it's 17mb all in all...tsk. I really hope a downloadable pdf file will be made available. Not everyone is always online..that's just peanuts to Emsisoft, other's have it available, why not OA?

Saw a post of <snip> "majik" about the Blackday stuff. I still am to read the links but I'd like to ask, am I safe from that. I see that Comodo flunked it bigtime. :)

Edited by catprincess
removed offensive references
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...