What are these firewall events? (screenshots)

[Guest]

[salmonela]

"Do you have any outbound requests active now?"

no, dont think so. You would check that in "view active connections" right?

Yes you are right, maybe you should put log on outgoing rules, to maybe see if something "calling" those blocked inbound...

[LirvA]

Well it shows I have some legitimate processes listening .... 

Are these applications being denied legitimate access?




"maybe you should put log on outgoing rules"

how do I do that please?

[salmonela]

Edit your first global rule (where all output connection are allowed) like arrow suggested and nothing else (see pic)

[LirvA]

I change to this (screenshot) and it prevented any internet connection. I undid the change.

What did I do wrong?

I now am back to original settings (2nd screenshot)

[salmonela]

EDIT:
ONLY tick log as firewall event if this rule is fired, other things leave intact on your original 2nd screenshot

...Then you should see all established connection in CFP "firewall events"...

[LirvA]

Oh, ONLY CHANGE the "log as firewall even if fired" (screenshot)

Resulting in (2nd screenshot)

Is this correct?

[salmonela]

Yes

[LirvA]

Now Firewall events shows (3 screen shots)

(first 2 in this post)

[LirvA]

(3rd screenshot)

All screenshots combine to show all firewall events.

[LirvA]

Ahh. Thank you very very much. Much appreciated.

What will be the result of this edit? Will this lower the firewall events? Anything beneficial?


Also, in 3rd screenshot (after edit) it shows some things blocked, just like in my original screenshot (following screenshot)

Are these events like port scans or ping attacks or something?

[salmonela]

Do you know what are your internet providers DNS servers?
On third screen you have blocked (cant see, is it svchost.exe?) on Domain Name Server port 53 on remote 205.188.146.
If this is true and your DNS IP is 205.188.146. (cant see last number) then you should enable it...

[salmonela]

 what are you have in "your network zone"? (firewall -  common task - My network zones)

[LirvA]

"Do you know what are your internet providers DNS servers?"

No, but I can possibly find out if I need to. ......




"On third screen you have blocked (cant see, is it svchost.exe?) on Domain Name Server port 53 on remote 205.188.146."


Yes, the path is as follows:

C:\WINDOWS\system32\svchost.exe - Source IP: 172.167.102.167 -
source port: 2028 - Destination IP: 205.188.146.145 - Destination port 53


"If this is true and your DNS IP is 205.188.146.Huh (cant see last number) then you should enable it"

I need to allow this then? Do I need to contact my ISP (AOL) real quick?



"what are you have in "your network zone"? (firewall -  common task - My network zones)"


One moment, I'll fetch a screenshot.

[LirvA]

My Network Zones ....

[salmonela]

Ahh. Thank you very very much. Much appreciated.

What will be the result of this edit? Will this lower the firewall events? Anything beneficial?

You now see more firewall events

Are these events like port scans or ping attacks or something? 

your first picture on this tread is "fishy"

[Tags:]