OS: XP SP2 32bits
CPF: 3.0.13.268
Firewall: Train with Safe Mode
Every time when I execute tracert.exe, CPF will add a network security policy for C:\windows\system32\tracert.exe, allow ICMP out for any, even there’s a rule exist, it will still add a same rule to it.
But it won’t get any reply packet, even create a rule for it to allow all ICMP packet in/out. I need to create a rule in global rule table, then tracert.exe will get the reply packets. But… it still append a new rule to tracert.exe when I execute tracert.exe.
So I’ve rule for tracert.exe like the attachment. I think this is a bug of CFP3.
I have Vista and Tracert works without any rules. Do you have any global rules for ICMP (besides blocking echo requests in) ? If so, remove them for now.
Let’s try to force Tracert to run by default.
Put the rules under Tracert only: (we can refine them later, but Tracert is not usually running to get ICMP in anyway)
Allow all ICMP out and log
Allow all ICMP in and log
Block all else in and out and log
Then go to Defense+ and define Tracert as a “trusted application”
Let us know what happens. I have no idea why Tracert works perfectly for me under Vista Ultimate with no rules and causes problems for so many others, but this should help get us some data on what is happening.
If you are referring to another topic report to moderators function will help to find those topics and merge them. If you are affected as well please add your system specs (just copy& paste your signature if all relevant info is there).
I found there’s a rule in my global rules ‘block and log in from ip any where protocol is any’, if I remove this, tracert.exe will work fine. (but still add duplicated rules if no rule for tracert.exe at beginning and I never change the rule after learned and add the rule)
But this global rule is not added by me, I think it exist after I install, should I remove this global rule? will that cause any security issue if I remove it? but why for other program, no any problem even this rule exist?
cpf3_tracert_global_rule.jpg is my global rules.
cpf3_tracert_rule.jpg is my rule for tracert.exe
cpf3_tracert_log.jpg is log for above rules.
case 1:
with above global rules and rule for tracert.exe, the tracert.exe will get request time out (but I found it still reach the final destination ip after server hops (because it will show the last reach message, but before that, always show request timeout).
case 2:
remove the block rule from global rules, with above tracert.exe rule, tracert.exe will work fine without any problem.
case 3:
remove the block rule from global rules, without any rule for tracert.exe at beginning. in learn with safe mode, tracert.exe will work fine, but cpf3 will add an duplicated rule for tracert.exe every time.
you only need to add 3 global rules before the block one.
Allow icmp out echo request
allow icmp in echo reply
allow icmp in time exceeded
The block all rule block all traffic that was not allowed by previous rule.
It secure your pc better but you need to look at the log to allow blocked traffic you need.
add ICMP rule in global rules will make tracert.exe work (that’s my solution before).
but, if there’s no rule for tracert.exe in application rules, and in learn with safe mode, CFP3 will add a new entry as ‘Allow ICMP Out From IP Any To IP Any Where ICMP Message Is Any’ when I execute tracert.exe, it will duplicate the rule every time.
If I modify the rule for tracert.exe manually, change it to ‘Allow ICMP In/Out From IP Any To IP Any Where ICMP Message Is Any’, then CFP3 will work fine, stop to add the new rule for tracert.exe.
Don’t know why you are having this particular problem, but Gibran has the right rules required for Tracert. Try moving these rules to Tracert.exe, eliminate the global rules like you did before. This just refines a bit the “allow all” type rules you used successfully in your example.
Maybe is a bug but you need to provide more info about your security softwares you run along with cfp.
this way it would be possible to spot software conflicts when other user have the same issue.