Faulty internet connection sharing

I have a Windows XP Professional connected to internet via dial-up, which is shared via a home LAN to a Windows 98 system. In my XP, I was using CFP CFP and everything was ok. So I installed CFP Since then, my Win98 can’t connect to internet unless via IP addresses, i.e., it doesn’t get name resolution anymore. Everything gets ok again when I dactivate CFP.

Trying to find the problem, I saw that Win98 uses my WinXP as DNS server (Win98 IP settings are got automatically thanks to WinXP internet connection sharing), but CFP blocks any request Win98 does do WinXP’s port 53.

How can I correct this? Right now, I’ve manually set Win98 DNS to a known remote DNS server. It’s working, but I think it is not the best thing to do.

Thanks for any help,


This is a known bug and is fixed in the new bug-fix release. To get it see:
for a way to receive it.

There is a tip on the V3 beta sign up at top of the firewall section of the forum

In practice you have to delete the updater rule in both :

Firewall>Network Security Policy>Application Rules

and also (whether Defense+ is enable or not)

Defense+ >Computer Security Policy

Thank you very much.

Indeed, once I’ve installed .273 build, it was enough to delete “Windows Updater Applications” rule and to allow incoming DNS lookups for svchost.exe. But I got somewhat worried: the pop up ask me for allowing or blocking and etc; by allowing, the rule automatically created for svchost.exe allows every in/out request for every source/destination IP and port. I had to adjust it manually to restrict the permission for my home LAN. Isn’t the rule automatically created too permissive?


Yes, and the rules that you create to allow only LAN connections in Predefined Policies do not show up on the list of policies on the pop-up. That means that you have to edit any programs that you want to have a different policy from the ones on the pop-up. Also, it is common for people to just click Allow when they first get the pop-up for their Web Browser or Email Client even though the pop-up has the policy for them displayed beside the “Treat this program as…” button. It would be nice if that were the default action for browsers/email clients rather than Allow. A couple of tweaks that should be on their to do list.