Firewall Settings ISSUE

big problem here. i’m fairly new to firewall configurations – this is my first 3rd party firewall. i wanted to lock my computer as tight as i could figure out how to, so i tweaked the CPF settings for a while till i was satisfied. i ran a few leak tests and passed them all (:CLP), including the Shield’s Up test on the web (which i finally got a “True Stealth” rating – never got that before due to port 113 blocking connections instead of remaining silent to them.) i was very pleased with the firewall except for the fact that things seemed too tightly locked and i was having some trouble doing some things i wanted to do on the internet. (go figure!) After more experimenting, I discovered that the Component Monitor was blocking my access. Off mode let me do what i wanted, Learn mode/On mode did not. So I began tweaking the permissions for individual components to find the culprits. After some time I came up with a minimal list of all the components that HAVE to be allowed on my system to browse in both IE7 and FireFox 2. Plus I left all the components for my other security apps allowed, which are all the progs i have on my system as of yet (coming off a clean install). I thought everything was as good as could be, but alas, today i kept having select problems accessing the internet, getting updates for AVG, checking mail, even coming to this forum! i played with it some more till it got old, and so i decided to just re-allow all the components. but that STILL didn’t fix things unless i switched OFF Component Monitor. :frowning: i then thought it might just be best to start over with NO components (and just re-allow them when prompted), so i removed all the components from the list in a frustrated swoop. but the firewall did not ask me again if i wanted to allow or deny them! i figured it would since they were no longer in the “list”. thinking i may have messed things up, i just decided to uninstall and re-install the firewall to return everything to baseline. which i did, but still no components are listed in the Component Monitor nor am i being asked to allow or deny any of them! ??? in addition, i’m not being asked to allow or deny things like svchost.exe like i was, nor any of my security programs. after my first install of CPF, i had a whole list of components and plenty of stuff i was asked to allow or deny, but on this second install (and now third…), i get none of that. so i’m sitting here with no components in my list and my firewall has been active all day and i’ve accessed the web with all my applications without being prompted. what’s going on – any clues??
i have a couple possible scenarios in mind, maybe longshots:

  1. uninstalling CPF left something behind (registry data?) that remembered that i had removed the components, and that stuff was applied that to the second install (weird)
  2. (possibly in addition to #1) the program remembers that my last selection for every component was “Allow” before i removed them all, and now keeps that setting without displaying it in the list (thus no new prompting)

anyway, the program is working right now i guess and i’m SURE it’s great, but i no longer pass the Shields Up test with a “True Stealth” rating, which was cool. at one point their test couldn’t even detect my IP correctly – i’d like to try to get that back. but most of all i’d like to understand what is going wrong here.
thanks for reading this looong scenario. please help if you can.

Hi swimupstream, welcome to the forums… again. ;D

CFP is referred to as a software firewall. Hardware firewalls are… well… hardware. They are found in routers and other such comms kit.

Firstly if you have a hardware firewall or NAT, then when you run a web-side port scan, such as GRCs Shields-Up, then you’re actually testing the Hardware Firewall rather than CFP (the software firewall)… unless the hardware firewall is set to pass-through, DMZ, etc… CFP only sees what a hardware firewall allows it to.

Check CFPs Log (Activity tab). If CFP is blocking something then it will log the block unless it has been told not to. The Log is a good guide to what you need to do. Also check CFPs Summary page & see what CFPs Status is.

BTW CFPs Log can be Exported to an HTML file (right-click on the Log). Open the HTML file with your default browser and use a simple click-drag-select & Copy ‘n’ Paste to post examples of the Log entries here.

Hi Kail,

Thanks for the insight. Well, as it turns out all my default settings in the Component Monitor seem to have reappeared and everything seems okay. I have it on Learn Mode and thus far all the Components are “Allowed”. Maybe it just took a day or so to get back to normal or something. I’m going to leave it alone for now before I make another mess. (:SHY) (Although I know I don’t need ALL those components to be allowed and it’s going to bug me that they are.)

The Application Monitor looks pretty good too, nothing strange. The Summary page shows “Excellent” protection strength – that’s good. And as far as the Network Monitor, I have set up only two rules per the animated tutorial I found a link to on another thread:

  1. all outbound connections that I INITIATE are allowed (and responses to them are allowed)
  2. all inbound connections that do not satisfy rule 1 are BLOCKED.

My PC connects to a wireless router then to a non-wireless router. I’m not really part of a “Network”, but I think the network rules I’ve set up should suffice. Please tell me what you think.

I do have one recurring item showing up on the CPF Log. It reads:

Date/Time :2007-07-14 15:42:11
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.0.1:upnp-mcast(1900)
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 1

This entry shows up in the log every minute or so while I’m connected. What’s it mean? That’s my own IP that’s trying to connect in. HMM…could it be because I have Plug-N-Play service disabled (upnphost)?

OK, fair enough.

Source: 192.168.0.1:upnp-mcast(1900)

What they are depends on who or what this LAN IP is? Your system, another system or your router maybe?

BTW Do you still have the final Block & Log rule in the Network Monitor?

sorry forgot to check for your reply for a couple days.

What they are depends on who or what this LAN IP is? Your system, another system or your router maybe?

My router’s IP I suppose – any computer at this house will show that IP, or one very close to it anyway. I’m guessing it’s something I don’t need to worry about.

BTW Do you still have the final Block & Log rule in the Network Monitor?
Yes I still have the 2 same rules in the Network Monitor. Why?