Ok, I saw the message from “cprtech” and created a “Network Monitor” rule and they have been entered like you said they should be… I found that the Network Monitor rule was already in place only with the full range of addresses and ports.
Now according to AOwL he wanted me to do the same thing PLUS he wants me to do something with “multi-cast” Basically with this machine all I do is multicast… What may help is me telling you what kind of device this machine is talking to. I have a wireless modem by EWIRE model 2700hg-d. This is what Quest set me up with when I got DSL…
I need to be able to to audio\video, I also do msmsgs. So I probably need to make a rule for that too. So I need too make new Network Monitor Rules for these things.
I’m trying to understand what is going on here… It seems like we have two sets of rule making setups, Application and Network monitoring rules… The first Application monitoring seems to be something I would use to set up a rule to allow an application to utilize particular IPs and ports. Its kind of like and association, application X will be associated with IP Y and Port Z… Network monitoring is different in that you specify a Zone Name (and that can be anything) and then you simply open IP(s) or Port(s) but there is no association with anything. The protocol setting seems to be the most important factor in this function.
I want to be able to figure out what to do when I get stuff like this:
Date/Time :2006-12-02 13:32:24
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (IEXPLORE.EXE)
Application: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Protocol: TCP Out
Details: C:\Program Files\a-squared Free\a2free.exe has modified the the User interface of C:\Program Files\Internet Explorer\IEXPLORE.EXE by sending special Window messages…
This seems to be saying that the a2free.exe is messing with IE? Strange!
So I will need help in setting up the IGMP and MsnMsgr rules!
What I’m wondering is when those POPups happen asking permission to do one thing or another when I answer Allow, doesn’t this set up the rules for me? I keep getting all kind of strange popups
Date/Time :2006-12-02 23:47:34Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (IEXPLORE.EXE)Application: C:\Program Files\Internet Explorer\IEXPLORE.EXEParent: C:\WINDOWS\explorer.exeProtocol: UDP OutDestination: 192.168.0.1:dns(53)Details: C:\Program Files\ZipGenius 6\zipgenius.exe has modified the the User interface of C:\Program Files\Internet Explorer\IEXPLORE.EXE by sending special Window messages…
Now what I think this is telling me is that “ZipGenius.exe” messed with IE… Ok its like all kinds of programs mess with IE… It seems that every app that messes with any other app gets flagged…
So do I have to make a rule on this? I answered the pop up allow although I have no idea why Zipgenius would be doing anything at this time… I’ve been using this program for gee maybe 5 years or more… No one has ever said it had SpyWare in it or anything…
So I’m ready to learn how this all works, its interesting and I’ve got the time!