I noticed that under the summary page of CIS 4.x.828 it says “the firewall has blocked 0 intrusion attempts so far” normally its racking up intrusion attemps by the second. I also noticed that the firewall events has not had an entry in several days…again, it usually has many each day.
This makes it seems like its not working (again, I noramally have many intrusion attempts each time im on) but I went to shieldsup.com and did some port scans witch all came back as invisible.
Uhhh…shouldnt the firewall be logging something and at least letting me know its working?
It’s not rare at all for me to go a day or two with zero intrusions (I have zero today in fact). What are your CIS settings? What are you used to seeing it block so many times a day? The port scan I can’t really help you with, but I’m sure someone who knows more about that can.
I have CIS set to proavtive, the firewall is in safe mode, with medium alerts ( im in class right now so I dont remember every setting). I dont always check to see how many intrusion attempts I am blocking, but when I do happen to look it is usually lots and increases 1 or so per second ( im in a dorm if that makes any difference). Since I am used to seeing a high amount of intrusions being blocked (when I do happen to look) I thought it was odd to see 0 for so long.
You may be seeing the 8 million “windows operating system” block I was seeing at an earlier date. Look in your log and see if this is the case. This seemed to be even worse when a P2P was going on (UTorrent in my canse). Do you use P2P? With CIS set to Proactive/Safe/Safe I see very little intrusions. I also have stealth port wizard set to “alert me…”
Have you had any problems with malware? Also, does CIS report you as having incoming connections when you do have them? The reason I’m asking is that you seem to be having some of the same problems I did. My FW was blocking every second or 2 like you say yours is and now it’s not doing that anymore but my FW is still working.
I have no malware issues (i ran a squared free, CAV, windows defender, and malwarebytes). I also have no inbound connections. When I do see a high number of intrusion attempts being blocked I usually have a few inbound connections so that may explain something. I also looked at the firewall logs and it does look like they were mainly windows OS items being blocked. And I do not use P2P.
Since I started using CIS back in June of last year, I have never seen a single intrusion attempt in my logs with the Firewall on safe mode except for the uTorrent connections that got blocked by the silly block all incoming rule in CIS4. Since I deleted that rule, there has been nothing logged just like it always was with V3.xxxx. I don’t think there’s any need for concern if you don’t see anything. It just means you’re browsing safely and are sufficiently protected otherwise.