I am using Cis 4 and I have 1 question. Why in network defence I have 1284 blocked things and all are from Windows operating system? How can I stop blocking this ? This is increasing almost every 10 seconds. Settings are: antivirus-on access, firewall-safe mode(in firewall settings alerts on medium adn on advanced all things are checked), defence+ is safe mode.
Edit by EricJH: reverted from all bold to regular case
What is your global rules and what exactly does the blocked events say, such as the protocol (tcp,udp,icmp), source port (if any), destination port (if any), source IP address. Im willing to bet its related to p2p/torrent though.
ok dont worry about this its i block my system for more secure if your firewall is on safe mode and its blocked system it means that it was necessary
why should you want to stop this being blocked?
thats the totally use of a firewall. it blocks traffic that you didnt initiated. its not your system which is blocked, it is your system what is PROTECTED from answering to an not-initiated connection FROM the internet.
whenever theres not a specific program getting this connection, it is named “windows operating system” in the log.
your log tells you: firewall does its job. its a bit funny, that people think they have a problem, when a firewall log shows blocked elements.
btw, do you want your operating system to make connections to the internet? your operating system should work ON your pc, not in the internet. only exception might be updates, but not the whole system.
and for the future: look what the destination IP was. and what the source IP was. when your adress is destination, you have been protected.
when your IP was source, then maybe the firewall protected you from a program sending content from your machine to the internet. or you know, that you should allow a program, when it doesnt work as you want it to work.
My global rules are:
1.Block Icmp out from IP to any IP Any Where ICMP message to protocol unreachable
2.Block Icmp out from IP to any IP Any Where ICMP message is 17.0
3.Block Icmp out from IP to any IP Any Where ICMP message is 15.0
4.Block Icmp out from IP to any IP Any Where ICMP message is 13.0
5.Block Icmp out from IP to any IP Any Where ICMP message is ECHO request
I didnt configure Global rules , I only change settings in firewall and defence+, I change at firewall alert settings to medium and on advanced I check all things. Defence+ is on safe mode and I check block all uknown requests if aplication is closed.
And firewall logs says that is blocked Windows operating system, protocol is in most cases TCP, source IP is not always the same, destination IP is 78.0.244.195 or 93.136.225.220.
yes, so even with not using the stealth port wizard, your windows operating system is protected. the adresses should be controlled by yourself, if they are YOURS under destination OR source. then you will see, that it is most usually YOU who is the destination.
if you are the destination, you know, that you DIDNT requested anything, but got something. as you dont need it, it is luckily blocked by the firewall.
its a good idea to use the stealth port wizard.
when one day nothing stands in your log, then i would be a bit worried. but not IF there is something standing in the log, while all works fine.
PS: source or destination shows you, what was blocked. if you are destination, it wasnt YOUR windows system what have been blocked. it was something that tried to get TO your windows system. without any request from your side.