|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
01-02-2008
| #1 (permalink) |
| Member | Vista Firewall Issue Happy new year everyone, I'm using the 64bit version of Vista Ultimate, I have an ethernet connection to a cable modem & no home network, IPv6 is disabled. When I set the firewall to block all outbound connections but allow a few exceptions, the programs exempted from this rule can't access the internet any longer for example Internet Explorer, Windows Mail etc, irrespective of what profile they're under e.g. public ,private or domain. The problem persists even if I change the network location type from public to private in the Network & Sharing Center, is there a way to resolve this without having to set 'Outbound connections that do not match a rule are allowed' in Windows Firewall with Advanced Security?. |
My System Specs |
|
01-02-2008
| #2 (permalink) |
| Guest | RE: Vista Firewall Issue Don't set a "block all" outbound rule. It is virtually impossible to do that on a general purpose system, and it provides virtually no security. You would need to permit all ports between 1024 and 5000 for your apps to function. What *specific* threat are you trying to mitigate? --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "Antius" wrote: Quote: > > Happy new year everyone, I'm using the 64bit version of Vista Ultimate, > I have an ethernet connection to a cable modem & no home network, IPv6 > is disabled. > > When I set the firewall to block all outbound connections but allow a > few exceptions, the programs exempted from this rule can't access the > internet any longer for example Internet Explorer, Windows Mail etc, > irrespective of what profile they're under e.g. public ,private or > domain. > > The problem persists even if I change the network location type from > public to private in the Network & Sharing > Center, is there a way to resolve this without having to set 'Outbound > connections that do not match a rule are allowed' in Windows > Firewall with Advanced Security?. > > > -- > Antius > |
| My System Specs |
|
01-02-2008
| #3 (permalink) |
| Member | Re: Vista Firewall Issue Thanks for your prompt response Jesper, I want to block programs that I'm unaware of from making outbound connections since the Vista firewall doesn't seem to warn me of these events in real time. |
| My System Specs |
|
01-02-2008
| #4 (permalink) |
| Guest | Re: Vista Firewall Issue You are really setting yourself up for a world of hurt. First, you cannot block a program from making outbound connections. Any program that wishes to do so can without your noticing. There is no way, including with third-party firewalls, to effectively block one program from making outbound connections as another program running in the same user context. Third party firewalls can be set up to notify you when programs that chose to not be stealthy try to connect outbound, but they cannot stop malicious programs that do so. Second, when you use that functionality in third-party products you will be notified incessantly because the programs can use any port they want to communicate out. The usual response is to disable the notifications for particular applications, which completely obviates any value in the feature. Since it provides no security value the Vista firewall does not include the notification functionality. In other words, attempting to block outbound unapproved traffic provides no additional security whatsoever, but is often used as a selling point by vendors who either do not understand security, or are trying to make money by misleading customers. If you want that type of functionality, you need a third-party firewall from one of those vendors. My advice would be to focus on things that actually will improve your security instead. Having now tried to dissuade you from the entire project, the Vista firewall can be used to create a "block all" rule and permit only certain programs. More than likely you have a rule that does not permit the program to communicate on all ports to all ports, for all users. If you configure the firewall log to log dropped packets you will get log events like this one: 2008-01-02 15:40:00 DROP TCP 1.2.3.4 65.99.255.140 52969 80 0 - 0 0 0 - - - SEND That will at least tell you what the firewall saw even though it does not tell you which application made the connection. Notice the source port: 52969. Client apps can use any port they want for the source port, and you need to permit all 64,000 of them. Might that be what is blocking your traffic? There is more information about troubleshooting the Windows Firewall here: http://technet2.microsoft.com/Window....mspx?mfr=true. It may be useful to you. --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "Antius" wrote: Quote: > > Thanks for your prompt response Jesper, I want to block programs that > I'm unaware of from making outbound connections since the Vista firewall > doesn't seem to warn me of these events in real time. > > > -- > Antius > |
| My System Specs |
|
01-03-2008
| #5 (permalink) |
| Guest | Re: Vista Firewall Issue On Wed, 2 Jan 2008 16:27:32 -0600, "Hatter" <hatter@xxxxxx> wrote: Quote: >Then what you might want is 3rd party firewall that does alert you when a >program makes an attempt. |
| My System Specs |
|
01-03-2008
| #6 (permalink) |
| Guest | Re: Vista Firewall Issue In message <fbuon3lj2fif4aero3rr6ip355ce5sh2ub@xxxxxx> Straight Talk <b__nice@xxxxxx> wrote: Quote: >On Wed, 2 Jan 2008 16:27:32 -0600, "Hatter" ><hatter@xxxxxx> wrote: > Quote: >>Then what you might want is 3rd party firewall that does alert you when a >>program makes an attempt. >Host based outbound control is an illusion. otherwise give admin access, you can trust host-based solutions. Otherwise, they're just snakeoil. |
| My System Specs |
|
01-03-2008
| #7 (permalink) |
| Member | Re: Vista Firewall Issue Hello again Jesper, you mentioned that 'the Vista firewall can be used to create a "block all" rule and permit only certain programs' can you give some examples of how to configure that setup?, none of my specific outbound rules have been overridden by a block rule, all apps are allowed to communicate from any local address or source port to any remote address or port for any user but I have restricted the protocol to TCP. |
| My System Specs |
|
01-03-2008
| #8 (permalink) |
| Guest | Re: Vista Firewall Issue "Antius" <Antius.32kiy5@xxxxxx-mx.forums.net> wrote in message news:Antius.32kiy5@xxxxxx-mx.forums.net... Quote: > > Happy new year everyone, I'm using the 64bit version of Vista Ultimate, > I have an ethernet connection to a cable modem & no home network, IPv6 > is disabled. > > When I set the firewall to block all outbound connections but allow a > few exceptions, the programs exempted from this rule can't access the > internet any longer for example Internet Explorer, Windows Mail etc, > irrespective of what profile they're under e.g. public ,private or > domain. > > The problem persists even if I change the network location type from > public to private in the Network & Sharing > Center, is there a way to resolve this without having to set 'Outbound > connections that do not match a rule are allowed' in Windows > Firewall with Advanced Security?. > > > -- > Antius If you must then: www.sphinx-soft.com Vista Firewall Control will do what you want far more easily than you trying to configure yourself. Nick ///// |
| My System Specs |
|
01-03-2008
| #9 (permalink) |
| Guest | Re: Vista Firewall Issue All you do is set the firewall to block all outbound traffic. Then you create an outbound program rule. In my case I permitted Internet Explorer (%programfiles%\Internet Explorer\iexplore.exe) to communicate out over all protocols and all ports. After that IE could browse the web but Firefox could not. I just tested it and went through the wizard clicking Yes on most everything. Start with that very open rule. Then start putting in more restrictions until you see what breaks. I still question the need for this exercise, BTW. --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "Antius" wrote: Quote: > > Hello again Jesper, you mentioned that 'the Vista firewall > can be used to create a "block all" rule and permit only certain > programs' can you give some examples of how to configure that setup?, > none of my specific outbound rules have been overridden by a block rule, > all apps are allowed to communicate from any local address or source > port to any remote address or port for any user but I have restricted > the protocol to TCP. > > > -- > Antius > |
| My System Specs |
|
01-04-2008
| #10 (permalink) |
| Guest | Re: Vista Firewall Issue On Thu, 03 Jan 2008 00:32:03 -0700, DevilsPGD <spam_narf_spam@xxxxxx> wrote: Quote: >In message <fbuon3lj2fif4aero3rr6ip355ce5sh2ub@xxxxxx> Straight Talk ><b__nice@xxxxxx> wrote: Quote: >> >>Host based outbound control is an illusion. >Not necessarily. If you're a limited user, and don't elevate or >otherwise give admin access, you can trust host-based solutions. outbound control. Various IPC methods still apply. Quote: >Otherwise, they're just snakeoil. |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Vista Firewall Issue | Vista security | |||
| Linksys Router & Vista Firewall Issue | System Security | |||
| Serious firewall Issue | Vista General | |||
| Vista Firewall issue with 2 active Networks | Vista security | |||
| Firewall Issue with Vista | Vista networking & sharing | |||
