I’m trying to run an NTP client (not just a time-setter) called socketwatch from http://www.robomagic.com/. It runs without problems once enabled with the Windows (XP Pro SP3) firewall and with at least one third-party firewall (Avanquest/ SystemSuite Netdefense). I can’t seem to get your firewall set up so that it lets this application obtain time over UDP. I’ve gone into the global rules settings and established
Allow all IP requests (any source, any destination, any protocol)
Allow TCP/UDP (any source, any destination, any source port, destination port 123)
But all I get are timeouts on all time servers whose addresses can be determined from the DNS , indicating that you are blocking things somewhere else (or that I don’t understand how to set things up)
Allowing TCP/UDP on all destination ports (otherwise as above) doesn’t seem to make any difference.
Those were application rules. The only global ones are the default IP ones. But, oddly, I rebooted the machine an extra time and things seem to be working now as I’d expect. I want to play with narrowing the rules, but think I’m on the right track.
I see lots of entries in the log for it for “Access Memory” and “DNS/RPC client access”. Nothing explicitly indicating sandboxing, but I may still not understand the significance of the log entries and relationships.
FWIW, I’ve got around forty years of experience with the ARPANET/Internet architecture and protocols. I’m very impressed with the apparent quality, capabilities, and ability for granular control of this firewall product. But, while it may be just my mindset, the user interface seems unnecessarily impenetrable. I’ve adjusted to far worse, but appreciate your patience while I do so.
Defense+ will protect certain programs, among which CIS of course, against memory access from other programs. Some programs may act adversely to that; I recall certain touchpad drivers f.e…
Blocks of the "DNS/RPC client will deny programs access to the web and local network.
I see DNS/RPC entries in the log for this NTP program, which might mean that it was blocking (I’m still not sure how to read the logs). There are no current entries indicating that the program was sandboxed, and there are no recent entries of that type, but that may be because I got fed up and disabled Defense+ because I couldn’t figure out how to control it. The NTP client is working now.
My current theory is to make sure that everything is working with Firewall protection on and D+ protection disabled, then turn D+ back on and, as necessary, start debugging the rules for that.
The D+ logs will only log when it is blocking or asking something. In your case D+ was blocking the access of the DNS/RPC client. Once you allow your NTP program to access it then it should start working.