Firewall not blocking some apps (18.309)

Firewall set to Custom Mode. Very few application rules in the Network Security Policy. I have noticed two applications connect to the internet now, seemingly bypassing CFP v3. Internet Explorer is one. The other is Zoom Player Pro WMV. Neither have any application rules in NSP. There are only three default rules in Global Policy. The one blocking IGMP and two set up by CFP allowing LAN communication.

Anyone have any idea how this could be happening? Or is there a possible bug? Makes me wonder what the hell else is coming in and out.

Hello cpf3user,

Does “Block All Mode” stop the traffic from leaving your system?

Could it be that these application’s traffic is being intercepted by some sort of anti-virus software you have installed (check the View Active Connection window when IE / Zoom Player make a connection - any other process’ activity there?)

Hi MaratR,

They are indeed going through the AV. So I have this whole “AV proxy through the firewall” issue. My AV is Kaspersky AV without the network defense module.

I have spent an hour or two looking at the the various threads. Just detecting loopback alerts doesnt seem good enough for reasons mentioned elsewhere. So it seems the only solution for me is to disable the scanning of traffic on various ports. (KAV doesnt have an option to scan only specified application traffic as opposed to port traffic.)

My question is, and forgive me if this isnt really the place to ask, do I still have the same protection turning off the traffic scanning in the AV? It would seem that since its still the same AV with the same signature database, it doesnt really matter if I switch it off. Instead of detecting something while its being transfered, the AV will now have to wait until it gets written to disk. But it should still detect it all the same and prevent it from running, right?

But then what is the point of the option to scan traffic then. Surely Im missing something? I guess I should also ask at the Kaspersky forums.

Yes, I’ve had similar issues with KAV, and the only way to regain application-level firewall control was to disable the traffic scanner module.

What about JavaScript? I don’t think that running a script embedded into a web page is the same as downloading it, saving it to the disk and then running it from there. And then, most browsers can be specifically instructed not to cache some parts of the downloaded page (especially when secure communication takes place). Whatever you download don’t necessarily get to your hard drive (where it can be ckecked by the on-access file scanner) before execution. So, I don’t think you will enjoy the same level of security with the traffic scanner module turned off.

Hmm. So is there an answer? I dont know what to do now. I see you use AntiVir. Whats the situation there?

The free version of AntiVir I’m using doesn’t scan traffic, so there are no firewall issues. I’m not too worried about that, as I mostly visit the web-sites I trust.