Vista Firewall Issue

Posted: 01-02-2008, 04:51 PM
Happy new year everyone, I'm using the 64bit version of Vista Ultimate, I
have an ethernet connection to a cable modem & no home network, IPv6 is
disabled.

When I set the firewall to block all outbound connections but allow a few
exceptions, the programs exempted from this rule can't access the internet
any longer for example Internet Explorer, Windows Mail etc, irrespective of
what profile they're under e.g. public ,private or domain.

The problem persists even if I change the network location type from public
to private in the Network & Sharing Center, is there a way to resolve this
without having to set 'Outbound connections that do not match a rule are
allowed' in Windows Firewall with Advanced Security?.

--
Message posted via http://www.windowskb.com

Vista Firewall Issue


Responses to "Vista Firewall Issue"

Antius
Guest
Posts: n/a
 
Vista Firewall Issue
Posted: 01-02-2008, 04:57 PM

Happy new year everyone, I'm using the 64bit version of Vista Ultimate,
I have an ethernet connection to a cable modem & no home network, IPv6
is disabled.

When I set the firewall to block all outbound connections but allow a
few exceptions, the programs exempted from this rule can't access the
internet any longer for example Internet Explorer, Windows Mail etc,
irrespective of what profile they're under e.g. public ,private or
domain.

The problem persists even if I change the network location type from
public to private in the Network & Sharing
Center, is there a way to resolve this without having to set 'Outbound
connections that do not match a rule are allowed' in Windows
Firewall with Advanced Security?.


--
Antius
Jesper
Guest
Posts: n/a
 
RE: Vista Firewall Issue
Posted: 01-02-2008, 06:26 PM
Don't set a "block all" outbound rule. It is virtually impossible to do that
on a general purpose system, and it provides virtually no security. You would
need to permit all ports between 1024 and 5000 for your apps to function.

What *specific* threat are you trying to mitigate?
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Antius" wrote:
>
> Happy new year everyone, I'm using the 64bit version of Vista Ultimate,
> I have an ethernet connection to a cable modem & no home network, IPv6
> is disabled.
>
> When I set the firewall to block all outbound connections but allow a
> few exceptions, the programs exempted from this rule can't access the
> internet any longer for example Internet Explorer, Windows Mail etc,
> irrespective of what profile they're under e.g. public ,private or
> domain.
>
> The problem persists even if I change the network location type from
> public to private in the Network & Sharing
> Center, is there a way to resolve this without having to set 'Outbound
> connections that do not match a rule are allowed' in Windows
> Firewall with Advanced Security?.
>
>
> --
> Antius
>
Antius
Guest
Posts: n/a
 
Re: Vista Firewall Issue
Posted: 01-02-2008, 07:22 PM

Thanks for your prompt response Jesper, I want to block programs that
I'm unaware of from making outbound connections since the Vista firewall
doesn't seem to warn me of these events in real time.


--
Antius
Hatter
Guest
Posts: n/a
 
Re: Vista Firewall Issue
Posted: 01-02-2008, 10:27 PM
Then what you might want is 3rd party firewall that does alert you when a
program makes an attempt.

I was using AVG Suite and found it useful, but switched to another product.

Also, you can set up rules to monitor, log and block services from your
router.

"Antius" <Antius.32kpvz@no-mx.forums.net> wrote in message
news:Antius.32kpvz@no-mx.forums.net...
>
> Thanks for your prompt response Jesper, I want to block programs that
> I'm unaware of from making outbound connections since the Vista firewall
> doesn't seem to warn me of these events in real time.
>
>
> --
> Antius
Jesper
Guest
Posts: n/a
 
Re: Vista Firewall Issue
Posted: 01-02-2008, 11:48 PM
You are really setting yourself up for a world of hurt. First, you cannot
block a program from making outbound connections. Any program that wishes to
do so can without your noticing. There is no way, including with third-party
firewalls, to effectively block one program from making outbound connections
as another program running in the same user context. Third party firewalls
can be set up to notify you when programs that chose to not be stealthy try
to connect outbound, but they cannot stop malicious programs that do so.

Second, when you use that functionality in third-party products you will be
notified incessantly because the programs can use any port they want to
communicate out. The usual response is to disable the notifications for
particular applications, which completely obviates any value in the feature.
Since it provides no security value the Vista firewall does not include the
notification functionality.

In other words, attempting to block outbound unapproved traffic provides no
additional security whatsoever, but is often used as a selling point by
vendors who either do not understand security, or are trying to make money by
misleading customers. If you want that type of functionality, you need a
third-party firewall from one of those vendors. My advice would be to focus
on things that actually will improve your security instead.

Having now tried to dissuade you from the entire project, the Vista firewall
can be used to create a "block all" rule and permit only certain programs.
More than likely you have a rule that does not permit the program to
communicate on all ports to all ports, for all users. If you configure the
firewall log to log dropped packets you will get log events like this one:
2008-01-02 15:40:00 DROP TCP 1.2.3.4 65.99.255.140 52969 80 0 - 0 0 0 - - -
SEND

That will at least tell you what the firewall saw even though it does not
tell you which application made the connection. Notice the source port:
52969. Client apps can use any port they want for the source port, and you
need to permit all 64,000 of them. Might that be what is blocking your
traffic?

There is more information about troubleshooting the Windows Firewall here:
http://technet2.microsoft.com/Window....mspx?mfr=true. It may be useful to you.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Antius" wrote:
>
> Thanks for your prompt response Jesper, I want to block programs that
> I'm unaware of from making outbound connections since the Vista firewall
> doesn't seem to warn me of these events in real time.
>
>
> --
> Antius
>
Straight Talk
Guest
Posts: n/a
 
Re: Vista Firewall Issue
Posted: 01-03-2008, 05:58 AM
On Wed, 2 Jan 2008 16:27:32 -0600, "Hatter"
<hatter@msnews.microsoft.com> wrote:
>Then what you might want is 3rd party firewall that does alert you when a
>program makes an attempt.
Host based outbound control is an illusion.
DevilsPGD
Guest
Posts: n/a
 
Re: Vista Firewall Issue
Posted: 01-03-2008, 07:32 AM
In message <fbuon3lj2fif4aero3rr6ip355ce5sh2ub@4ax.com> Straight Talk
<b__nice@hotmail.com> wrote:
>On Wed, 2 Jan 2008 16:27:32 -0600, "Hatter"
><hatter@msnews.microsoft.com> wrote:
>
>>Then what you might want is 3rd party firewall that does alert you when a
>>program makes an attempt.
>
>Host based outbound control is an illusion.
Not necessarily. If you're a limited user, and don't elevate or
otherwise give admin access, you can trust host-based solutions.

Otherwise, they're just snakeoil.
Antius
Guest
Posts: n/a
 
Re: Vista Firewall Issue
Posted: 01-03-2008, 12:31 PM

Hello again Jesper, you mentioned that 'the Vista firewall
can be used to create a "block all" rule and permit only certain
programs' can you give some examples of how to configure that setup?,
none of my specific outbound rules have been overridden by a block rule,
all apps are allowed to communicate from any local address or source
port to any remote address or port for any user but I have restricted
the protocol to TCP.


--
Antius
Nick /////
Guest
Posts: n/a
 
Re: Vista Firewall Issue
Posted: 01-03-2008, 02:03 PM
"Antius" <Antius.32kiy5@no-mx.forums.net> wrote in message
news:Antius.32kiy5@no-mx.forums.net...
>
> Happy new year everyone, I'm using the 64bit version of Vista Ultimate,
> I have an ethernet connection to a cable modem & no home network, IPv6
> is disabled.
>
> When I set the firewall to block all outbound connections but allow a
> few exceptions, the programs exempted from this rule can't access the
> internet any longer for example Internet Explorer, Windows Mail etc,
> irrespective of what profile they're under e.g. public ,private or
> domain.
>
> The problem persists even if I change the network location type from
> public to private in the Network & Sharing
> Center, is there a way to resolve this without having to set 'Outbound
> connections that do not match a rule are allowed' in Windows
> Firewall with Advanced Security?.
>
>
> --
> Antius
As other have pointed out value is questionable and pain and agro is high.

If you must then:

www.sphinx-soft.com Vista Firewall Control will do what you want far more
easily than you trying to configure yourself.

Nick /////

 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Vista Firewall issue with 2 active Networks looplocal Windows Vista Security 0 03-16-2007 12:51 PM
Firewall Issue with Vista Lonnied Windows Vista Networking & Sharing 0 02-09-2007 10:36 PM
Firewall information issue Nadir Windows XP WMI 1 05-15-2006 03:02 PM
Firewall issue Valerie Windows XP Network & Web 0 08-27-2003 06:20 PM
RPC problem (not the same old same old) and Firewall issue Brendan Windows XP Performance & Maintenance 1 08-12-2003 01:38 PM