Examined the video. Very cool. One of these days you’re going to have to tell me how you did that. Not to mention: 100:1 compression. >:-D
Sent you PM. Awaiting feedback.
It looks like you have the System component of windows-system-app defined as an individual ruleset. If you delete windows-system-app ruleset, any component thereof will ask for internet access if it needs it.
NOTE: For ANY app whatsoever, if you allow & ‘remember this’ for any IP address connection, a rule gets created for the app attempting IP connection: allow [whatever protool] from IP any dest IP any src port any dest port any. If the app didn’t have a network security policy before that, one gets created on the fly. If there was a pre-existing ruleset, the rule ‘Allow ALL any any’ gets created and placed prior to ALL pre-existing rules. What’s noteworthy is that if you add a rule manually to a pre-existing ruleset, it gets placed last. You may want to drag that rule higher up in the food chain. Keep in mind: all rules for anything CIS are evaluated FIFO, i.e., first condition that fits wins.
So the #1 rule for CIS efficiency is: structure your network & D+ rules w/highest probability of hit w/top down probability (from highest to least probability of hit dictating order).
I guess i will delete the windows-system-app ruleset.. altough i´m not sure about what u mean with "recreating the ruleset using the filegroup" ?
You can recreate the ruleset if necessary to incorporate a bunch of different apps into one overarching security policy by selecting the windows-system-app filegroup in the select dialogue when you use the add dialogue in the network security policy tab. Then you can add the rules you’ve established over time for each individual component back to the original windows-system-app application ruleset (that ONLY if you discover you’ve essentially created rules for all the components of 'windows-system-app ‘). Keep in mind: filegroups do not have an explicit path (apps do). Filegroups are defined in the D+, protected files/folders’groups’ dialogue; filegroups are used throughout CIS.
The way you have System defined now: you’re almost there. Just move it to the very top.
Change all of your existing pre-defined firewall policy to ‘custom’. Make sure the last rule is:
haha that movie thing is quite easy but very usefull & handy:
hypercam + compressing on standart. Then , when you make a .rar archive it will get this nice compression that all… record + .rar it (standart settings)
okay so i deleted the windows-system-app out of the firewall network security policy.
i moved system to the top
for the rest i´m not sure yet which will create the most traffic. i guess downloaders > browser > games > ftp-client > chat-clients
Roger that. Hopefully given our discussion (and by PM), by replacing all predifined security policy with custom, and replacing predefined rules with explicit defined outbound traffic only there should no longer be any blocks logged.
The Maci_Wlan network seems quite alarming to me though. Allowing 254 subnets of 254 nodes each :o to connect to System process :o That’s over 65000 individual IP’s you’re allowing access!!! The only thing you should allow to connect to System are explicitely trusted resources and have a need to connect to your system. The only thing I see remotely trusted is your home network, your two virtual boxes. As far as outbound connections that won’t be done by System in any event. The only thing that ever has needed access to System on my box was the modem. And that onl because its sending the NIC NetBIOS name query packets. Unless I allow that, all sorts of blocked messages show up in the log. But that only because the last rule for every app is block and log in/out from IP any to IP any protocol any. If I took that out I’d never have noticed it.
I doubt lockups and what not are due to volume of blocks, but due to the fact of all the disk activity.
In any case unless you need and trust over 65000 IP I’d scrap that from System access. If that’s a network you need to get onto, you’ll establish that permission per app, e.g., IE, or something (not via System).
So if there aren’t any block & log rules and your log is filling up with blocks CIS is wacked. Do a clean install and try again. If it still cuases propblems like that: there’s an issue with CIS and 64 bit Windows.
well it seems like the block came all through the opened torrent port in my router… i changed my utorrent port and i dont have any blocks (or maybe 3-4 a day). I just wonder why this happens… or what exactly happend. uTorrent wasnt running , the port was opened in my router.
maybe i should make any special settings for uTorrent? Like special application rule? Altough uTorrent always worked well (no slow sped, was able to seed,… )
Not all programs will close the port they opened on the router when they get closed. Or when you close the computer with uTorrent running uTorrent may not have the time to close it. Or may be your computer or uTorrent crashed and that kept the port open…
or will comdo just ask for it and i make a rule and “save forever” ?
that all… record + .rar it (standart settings) 