Can't connect to i-net with 'block all'-setting despite of firefox exception

Hi folks :slight_smile:

To my system:

  • Windows 7 home premium SP1
  • Firefox 5
  • CIS Premium 5.4

I only have one simple wish:
I want to basically block everything and beyond that add exceptions for
granting a well working system.

In order to acchieve this, I’ve left the default setting after installation by
adjusting CIS firewall on ‘block all’ in the ‘overview main menu’, and then
went to ‘network security policy’ for further changes:

At this spot I’ve seen an exception vor CIS itself and 2 for windows 7;
in a maybe not so smart moment of me, I thought “wtf ?!” and erased
the two windows exceptions; I don’t have a clue anymore, what these
both concretely excepted. Then I’ve added a ‘webbrowser’ exception for
firefox.exe

The first surf attempt afterwards failed.
Then I’ve added a ‘trust all’ exception for this system file called ‘svchost.exe’
within the windows\system32-directory, which caused most traffic before
the changes and seemed to be elementary for everything you do on the pc.
I don’t know if this was necessary, I just acted intuitively and cluelessly.

So, this is how it looks right now:

It still didn’t work; the suspicious thing is, that at this point my
i-net connection was not identified anymore and so couldn’t go online.

So I’ve went back to CIS firewall, and in the ‘overview main menu’
adjusted down from ‘block all’ to ‘secure mode’.

The i-net connection was still not identified, but whenever I let windows 7
repair the connection with this adjusted firewall settings, it works and
I can go online once again.

What am I doing wrong, that ‘all block’ kills my i-net connection itself ?
What do I have to change, in order to acchieve my aim ?
And what concretely is the minimum exception pool one has to install in
‘network security policy’ in order to ensure a working system, which
also is able to enter the www ?

It you select the ‘Block All’ option from the system tray, it will do exactly that, regardless of the firewall rules you may have defined.

If you want so configure you firewall to only allow certain connections, take a look at Re: minimum application rules for connecting to the internet Please understand, that unless there is a rule permitting a connection, the connection will fail. With default settings for your operating system, you will, at the very least, have to allow svchost,exe to use DHCP and DNS, without access to those two services you will have problems. Of course these requiuements can be changed.

Read the information in the link I posted and come back if you have questions.

Thx, dude, as you see, it worked !
I will spread your knowledge as reparation :stuck_out_tongue:

Greetings,
satisfaction