I installed the Sunbelt-Kerio personal firewall. I selected the default install settings. I was surprised that it didn’t ask me about different avast programs trying to access the interent. Come to think of it, it didn’t ask permission for any other apps to connect to the internet. Is there something I’m missing here? Thanks.
Which applications asked for connection?
Do you use any proxy application (like annonimizers)?
Into the firewall settings, the following programs should be allowed to connect:
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service)
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup (avast! Update executable). This is a temporary file that just appears when an update (check) is about to launch, and disappears again afterwards.
Don’t need rights to connect:
C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service)
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Update Service)
The default for Kerio is easy mode, which doesn’t check outgoing connections. You will need to switch to advanced mode, as described here:
This is ridiculous imho…
Why don’t use just the Windows XP SP2 firewall then? :
Yes, that is sure pretty ridiculous.
The defaults of sunbelt kerio are not very good.
Frank is very helpfull telling his exprence with that.
Unfortunately kerio 4 is filled with bugs.
Kerio 2.1.5 is a very nice packet filter. But kerio 4 is not even with that.
Anyone interested to get in touch with kerio 2.1.5 should know that when windows vista is on your computer, that great program will be gone.
I am considering of buying a new puter with XP installed, so i can continue with kerio 2.1.5. Not with Comodo or any other.
I checked my settings and “Enable network security module” is already checked. I have the latest version, just downloaded it yesterday.
Tech,
I do not use proxy. So far, Kerio hasn’t asked to allow any programs to connect.
I think I figured it out. In the Network Security tab on the left side of Kerio, select the Application tab on the top. Then, select “Any other application” in the list and click on EDIT. In the next window, there is a section headed “Connections from/to Internet”. Under “Outgoing connection”, select “Ask user”.
I will see if there is anything else needed. It is strange that this isn’t set as default.
Thanks.
My experience with Comodo, although it is not perfect, it’s not that bad.
It’s a good and serious firewall.
I think I figured it out. In the Network Security tab on the left side of Kerio, select the Application tab on the top. Then, select "Any other application" in the list and click on EDIT. In the next window, there is a section headed "Connections from/to Internet". Under "Outgoing connection", select "Ask user".I will see if there is anything else needed. It is strange that this isn’t set as default.
Yes, that is the one, you finally found it.
Easy allows everything out, so I see not much advantage to XP SP2 firewall.
What was most disgusting was, helpfile did not tell explicitly what it was, but glad you found out the correction (disabling that allow anything outbound rule).
If i remember right that was the only thing that was different with that “easy” and “advanced” or whatever they were called.
Sunbelt Kerio should be fine, but it is not. It does not log all the rules set to or alert in the version I used. Serious memory leaks I think. And the usability also not as flexible as with kerio 2.1.5.
Tech, I did try Comodo. For most part it was ok. And I don’t deny it might be a good protection. With those added HIPS features.
What was lacking was rulemaking and logging. They are not very intuitive and functional.
Also some HIPS thing that required reboots to get blocked pages working.
Rules should have been implemented in a file instead registry. I would need a file to have my settings read from, in case registry gets corrupted. A file to save them by a name I choose.
To me it was using a firewall in a straightjacket.
Have found much easier to use a kerio 2.1.5 and separate HIPS software.
Protection may not be on par with Comodo ran with most tight settings, but not many people do that. Something to say also of a surfing experience without all them popups
EDIT
This thread really should have been in the general topics forum, but here it is, so I hope it does not bother other readers.
I see. I don’t use that much the logging feature, but you’re right, Kerio shows it much better.
Which one?
Which one?
Well, I have used Processguard free, that has a basic application control.
Then more advanced is SSM (free) in that it has parent-child relationships, same as I think Kerio 4 has too in it’s application behaviour blocking. It is currently installed on my system.
Currently I am only running Cyberhawk real time, that is a behaviour blocker and also some sort of community based HIPS.
Plus Sandboxie that can be defined as a hips program too, too not same kind as SSM or PG or CH. It isolates your system/programs from malware. Allows to run malware in a “virtual” sandbox, that can be deleted when one wishes.
All these are free programs.
I’ve used Processguard free too. But it becomes instable and too much resources to protect just one process.
I’ve used SSM (free) too. A very huge protection, but too many resources consummed compared to WinPatrol, which is simpler and lighter.
I’ve stoped using Kerio 4 when it was sold to Sunbelt…
I’ve downloaded Cyberhawk but I’ve real bad press on uninstalling it. I even tested it…
Sandboxie is waiting for installation in my computer… resting. I’ll try it soon.
I’m also trying CyberHawk, first impressions are I’m undecided what it really does. The one thing I don’t like is it tries to phone home and I can’t see any configuration that I might change it to manual check for updates, etc. I hate programs that automatically try to dial out (as a dial-up user) and I can’t control this.
I would appreciate links to this bad press info about uninstalling, so I might be prepared should I decide to part company from it.
Search the board for Cyberhawk ;D
http://forum.avast.com/index.php?topic=25046.msg205222#msg205222
http://forum.avast.com/index.php?topic=22501.msg186481#msg186481
http://forum.avast.com/index.php?topic=20803.msg174131#msg174131
But I’m sure I’ve read something about… maybe Comodo forum :
I've used Processguard free too. But it becomes instable and too much resources to protect just one process.
With my system PG free was very stable. It also protects all the processes set so against termination, unlike what has been the old news of only one single process still in the even PG forum.
There has been some heated debate in wilders PG forum about new things able to pass it’s protection.
I run currently (not realtime) SSM free instead. However one should know that it has no protection against process termination. That option means the process in question itself is allowed to terminate others. That in itself brings though some protection if one keeps tight allowances and does not run in a learning mode constantly.
Cyberhawk gives me false positives when starting or terminating Skype only, sometimes. That is the only thing it does, to know it exists, besides calling home, hehe Someones with malware, should know it exists, I hope.
Too bad it automatically starts with bootup and can be only “suspended”.
I too am worried if it uninstalls cleanly.
Thanks for the feed back, I will check out the links and als do an uninstall and see if there are any issues. If so I can restore the weekly image I made just before installing it.
It also protects all the processes set so against termination, unlike what has been the old news of only one single process still in the even PG forum.
There has been some heated debate in wilders PG forum about new things able to pass it’s protection.
I didn’t know that PG free protects more than one process. Thanks.