Puzzled i am!. My firewall in beta 4 is continously blocking the windows operating system. What can i do to stop this guys?.At the mo its in safemode, and stealth ports wizard is set at define a new trusted network. I tried also to put windows operating system under trusted and still it gets blocked.
Need help here guys. Os is windows 7 32 bit.
Well. I thought i would have had some help with this one by now ( Please). I have played around with the various firewall settings and still no joy. Its blocking windows operating system and is annoying.
Its got to be a bug or something and for now i have disabled it and gone back to Windows 7 Firewall until maybe i receive some help on this one or there is a new beta to try.
Are these logs for incoming alerts? When there is no program listening to incoming data CIS will report that WOS is catching it. WOS is a pseudo process like system idle process in Task Manager.
I have a similar problem. I guess its because it is a beta, and a fairly early one, so the default settings are not yet finalised.
In my case it is logging a router (to judge by the IP, 192.168.1.20) in my network sending messages to port 553 my PC 192.168.1.10, which ought to be allowed as the router is internal to my home network. Eric’s explanation re receiving process seems right in my case. Blocking the message might make sense I guess, as another router, which is not the local gateway, could prove a security hole. But the log entry could give more info (Windows System is confusing - Windows IP stack/process perhaps?). Also I am not sure why the messages on my machine are not covered by my home network’s IP mask 255.255.255.0 - so maybe this should be raised via a bug report?
If you need to suppress the log entries now, perhaps you could post a screen shot of the logged messages?
(Eric, is there any way of suppressing this particular class of log entry in CIS 4 - there do seem to be a huge number of them on my system. CIS 3 did not seem to log them?)
Hope this is of some help
It is odd indeed that this particular port is blocked. If I understand things correctly you have a trusted network set up as 192.168.1.x/255.255.255.0? When using the Stealth Ports Wizard it will both add the network to the Global Rules as well as to the application rule for System. How did you define your trusted network?
You can make globl rules to allow traffic on that port coming from that address. It is analogues to this tip by Badfrogger; read the points 11- 13 in his post.
Sorry for delay - away for a few days.
You are quite correct in your assumptions. Network was set up initially through detection, and subsequently over-written by imported tailored settings. I have edited it since manually to try IP ranges instead of masks, but nothing stops those log entries!
Both application rule and zone rule seem correctly in place. I will have a look at BadFroggers post, and try what you suggest. I guess that would be to create a rule that’s a subset of an existing allow rule, so it shouldn’t work, but maybe it will!
Many thanks for your help