I’m having a really odd issue with CIS 5.5.195786.1383 on Win 7 (64).
I’m planning to expose Apache on this box to the Internet so I’m just double checking my firewall settings. The box is behind an O2 Wireless Box II router with port forwarding of port 80 only.
It’s a fresh install of CIS. I have Defense+ set to disabled, Antivirus set to statefull on access scan. Firewall Behaviour Settings are set to Custom Policy. In Network Security Policy the only Global Rules are the predefined ones which block ICMP. I then plan to add specific Application Rules to permit only the access I want, which will be various server systems accessible from the LAN and HTTP access via Apache from the Internet.
The problem I have is that even with absolutely no Application Rules defined whatsoever I can still access the box on the LAN via Remote Desktop! The only way I can get the firewall to disable Remote Desktop is by setting Firewall Behaviour Settings to Block All.
Why is that happening? I expected that the firewall would block Remote Desktop unless I explicitly enable it. It concerns me that this is not the case as I worry about what else might also be being let though.
But it gets odder.
I created a Global Rule to Block TCP and UDP both In and Out with Source and Destination address of Any Address and Source and Destination port of 3389. But Remote Desktop still works. If I check the View Active Connections in CIS it shows nothing occurring, but if I use the Win 7 Resource Monitor to show TCP connections it clearly shows svchost.exe whizzing away on 3389 like a champ.
So what’s going on here?
I know that unless also I configure the router to forward port 3389 then in principle a Remote Desktop connection cannot come through the Internet, but my LAN is shared with my neighbours and the cheap ISP provided router I’m using isn’t without it’s own issues too so I’d like to be assured that my firewall setup is robust.
I’d be most grateful for any insight anyone can provide.