If you have an application that was causing or having conflicts with CFPv3, and have figured out a method to avoid those conflicts by changes to Firewall or Defense + rules or settings, please post those specific details here for the benefit of other users.
-
Avast web shield - Cannot load Webpages
This AV is almost compatible with V3. Set HTTP Proxy to 127.0.0.1:12080 In your Web browser.
Useful Firewall rules and policies.
Firewall\Common Tasks\My Network Zones
[li]Local Area Network
IP in [your network IP Mask (eg 10.0.0.0/255.0.0.0)]
IP 0.0.0.0
IP 255.255.255.255
-
Internet-wide Multicast
IP in 224.0.1.0-238.255.255.255 -
Special & Local Multicast
IP in 224.0.0.0-224.0.0.255
IP in 239.0.0.0-239.255.255.255
Firewall\Advanced\Predefined Firewall Policies
-
LAN
Allow IP In From In [Local Area Network] To IP Any Where Protocol Is Any
Allow IP Out From IP Any To In [Local Area Network] Where Protocol Is Any
Allow IP In From In [Special & Local Multicast] To IP Any Where Protocol Is Any
Allow IP Out From IP Any To In [Special & Local Multicast] Where Protocol Is Any
Block and Log All Unmatching Requests -
LAN & Outgoing
Allow IP In From In [Local Area Network] To IP Any Where Protocol Is Any
Allow IP Out From IP Any To In [Local Area Network] Where Protocol Is Any
Allow IP In From In [Special & Local Multicast] To IP Any Where Protocol Is Any
Allow IP Out From IP Any To In [Special & Local Multicast] Where Protocol Is Any
Allow TCP or UDP Outgoing Requests
Block and Log All Unmatching Requests -
Web Browsers with FTP capabilities by georgeB
Allow Outgoing TCP Requests
Allow Outgoing DNS Requests
Allow Incoming FTP-DATA Requests
Block and Log All Unmatching Requests -
Ftp Clients by georgeB
Allow Outgoing TCP Requests
Allow Outgoing DNS Requests
Allow Incoming FTP-DATA Requests
Block and Log All Unmatching Requests
Firewall\Advanced\Network Security Policies\Application Rules
- Svchost - LAN & Outgoing
- System - LAN & Outgoing
- Explorer - LAN
Firewall\Advanced\Network Security Policies\Global Rules
- Allow and Log TCP or UDP Out From IP Any to IP Any Where Source Port Is In [Privileged Ports] And Destination Port Is Any
- Allow TCP or UDP Out From IP Any to IP Any Where Source Port Is Not In [Privileged Ports] And Destination Port Is Any
- Allow IP out from Any IP to Any IP where the protocol is GRE
- Allow ICMP Out From From IP Any to IP Any Where ICMP Message Is ECHO REQUEST
- Allow ICMP In From From IP Any to IP Any Where ICMP Message Is ECHO REPLY
- Allow ICMP In From From IP Any to IP Any Where ICMP Message Is TIME EXCEEDED
- Allow ICMP In From From IP Any to IP Any Where ICMP Message Is FRAGMENTATION NEEDED
Last Step Should be to use Firewall\Common Tasks\Firewall Stealth Configuration and Choose “I would like to be completely visible from whitin a trusted network” and allow [Local Area Network] and [Special & Local Multicast]
NOTE: When you add your private IP range to yout [Local Area Network] Zone don’t forget to add Your Network Address (usually ending with .0) and Brodcast Address (usually ending with .255) Using IP Masks or IP Ranges
eg: Network Address: 10.0.0.0, Brodcast Address: 10.255.255.255
IP Mask 10.0.0.0/255.0.0.0
IP Range 10.0.0.0-10.255.255.255
PS: ICMP In From From IP Any to IP Any Where ICMP Message Is FRAGMENTATION NEEDED is currently blocked by V3 and it is not possible to allow it .
[/li]
-
CFP Password Crash CFP
Use CFP Fix to reset the password
CPF fix need Windows Script 5.6 -
Cannot disable CFP Image Execution Control
Use CFP Fix to disable CFP Image Execution Control
CPF fix need Windows Script 5.6
[attachment deleted by admin]