Sign in to follow this  
nzcoaster

Confusing Overriding firewall Rule happening

Recommended Posts

Hi support people,

I am having a problem with online armour in its firewall settings

The problem is that Online Armour automatically allows a connection to a specific pc on my network and if I distrust it it will allways come back as allowed on next reboot or the someother time

I like to have all other computers on my network in a distrust or non allowed setting and Online Armour correctly leaves other computers in an unapproved state or yellow.

I Run windows 7sp1 all updated and have run deep scan ( no malware)

Why does it auto trust allow this network against my settings

I have remote desktop turned off I have turned of Ipv6 and turned of file and printer sharing so my network adapter only shows OA and ipv4.

The connection that is allowed is going to my sons pc through a wireless connection which has hamachi on it skype and is running XP sp3 with avast free and standard windows firewall

In My Router settings I have all connected devices on fix or reserved ip addresses my sons pc fixed on 192.168.1.6

I even changed my router Access ip address but nothing I can do seems to keep his ip adress from being not allowed or distrusted

Any help is appreciated

Share this post


Link to post
Share on other sites

Hi support people,

I am having a problem with online armour in its firewall settings

The problem is that Online Armour automatically allows a connection to a specific pc on my network and if I distrust it it will allways come back as allowed on next reboot or the someother time

I like to have all other computers on my network in a distrust or non allowed setting and Online Armour correctly leaves other computers in an unapproved state or yellow.

I Run windows 7sp1 all updated and have run deep scan ( no malware)

Why does it auto trust allow this network against my settings

I have remote desktop turned off I have turned of Ipv6 and turned of file and printer sharing so my network adapter only shows OA and ipv4.

The connection that is allowed is going to my sons pc through a wireless connection which has hamachi on it skype and is running XP sp3 with avast free and standard windows firewall

In My Router settings I have all connected devices on fix or reserved ip addresses my sons pc fixed on 192.168.1.6

I even changed my router Access ip address but nothing I can do seems to keep his ip adress from being not allowed or distrusted

Any help is appreciated

I have just discovered SSDP Service Discovery enabled and through firewall log could see it trying to connect to my sons pc through 192.168.1.6

I have disabled SSDP service andthat in turn disables UPNP so I think I have found out where its coming from but I am left wondering what and why SSDP was allowing online armour to accept as allowed allways 192.168.1.6

UDP 5355 and port 138 was trying to get to the same ip address.

Sorry if this isnt the right way to amend my original post

Share this post


Link to post
Share on other sites

Hi nzcoaster,

Just to clarify a few things regarding the problem you are experiencing -

Is the computer with the IP 192.168.1.6 set to "Not Trusted" in the Firewall -> Computers section?

Are you saying that rules are automatically being added to the Firewall -> Ports section for UDP 5355 and UDP 138 each time you reboot and that if you delete or block these rules they are readded as allowed without asking on the next reboot?

Assuming the computer with IP 192.168.1.6 is set to "Not Trusted", are you seeing an actual connection to this computer via the aforementioned ports occurring (either in the firewall logs or in the Firewall status window)? Or is a process just "listening" on these ports, but not actually in a state of being "connected"?

Share this post


Link to post
Share on other sites

Thakyou for replying

Yes I had set to not trust all the computers on the network except to my router gateway and the firewall status window would except the settings on all pcs including the 192.168.1.6 one, untill a reboot then the status would show as allowed 192.168.1.6

and anoy the hang out of me ( i have up to 6 pcs or networked devices connecting to my router and any one time)

I have done a new win 7 install as of yesterday and havent yet put Emsisoft Internet Security back on yet

One thing I had noticed that one of the users of my pc each with there own account had hidden was a remote desktop connection and I had done some snooping around the household pcs and I disabled ssdp service on my sons xp machine and remote desktop support

I think he had been trying something out as he likes to try experiment.

On my Fresh install of Win 7 and setting up and restoring others user accounts I have ssdp service started and my other users have admin accounts also (not wise I know)

I am going to make sure all there programs work then set all other users to standard accounts so they cannot poke around to much with Online Armour and Emsisoft Antimalware and if I need to once I test it all out with Fresh install of Emsisoft I may need to disable ssdp service on my machine

Sorry if this sounds confusing, I hope to have it sorted soon ,I'm also probably going to disable netbios in the adapter settings as I like to keep this main machine secure as i can whilst retainging functionality. I can use usb to transfer if needed to give or recieve files

Regards

nzcoaster

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.