What are these firewall events? (screenshots)

Do I have the firewall configured wrongly so that it is blocking legitimate activities? I dont understand these events.

[attachment deleted by admin]

god ■■■■■■, thats so unclear. Give me a minute here. …

Trying this …


Ok, wtf?

Trying this …

Still unclear …

Trying not enlarging window …

[attachment deleted by admin]

Ok, that ones good.

So this is basically all I see, every day in the firewall events. This same exact stuff, like, 100 or more a day.

Is this some kind of attack on my windows OS? Is this something (legitimate) my windows OS is trying to do which is being blocked by CFP 3 (which shouldnt be blocked)?

I dont understand these firewall events.

Any help is greatly appreciated.

Someone must know how to figure out what these firewall events mean. ???

Looks like internet noise to me. You are the destination, and not behind a router?. Someone at your ISP (and elsewhere) is a zombie that spends its time looking for recruits. Using Stealth Ports Wizard to block all incoming should at least keep your log a little cleaner.

Correct, I am not behind a router. I just use AOL dial up.

I have it set to block all incoming (steath ports) But everytime I open the steath ports wizard its like I didnt even set it to that setting, is it not keeping the setting?

Check your global rules. The stealth port wizard doesn’t show your status, it just shows the options you can select. Your last global rule should be a block all incoming if it worked correctly last time. And then there should be exceptions above it to allow any incoming you need to use for other purposes.

would that be listed under common or advanced? Im not seeing any thing saying “global rules” or something like that.

You need to add it by yourself (See pic)

[attachment deleted by admin]

I think I found the right menu…

Do I need to change these settings?

[attachment deleted by admin]

Do you have any outbound requests active now?

It just looks as though it has reverted - but only because it’s default location is on “Define a new trusted…”

Not to worry there.

it seems i’m getting the same thing as the other poster but mine are on port 1900 and some times one port 137 & 138 but the rule is in place block ip in and so on is there any other thing that i should block or mod a rule if so can some one post on the steeps to take

“Do you have any outbound requests active now?”

no, dont think so. You would check that in “view active connections” right?

Yes you are right, maybe you should put log on outgoing rules, to maybe see if something “calling” those blocked inbound…

Well it shows I have some legitimate processes listening …

Are these applications being denied legitimate access?

“maybe you should put log on outgoing rules”

how do I do that please?

[attachment deleted by admin]

Edit your first global rule (where all output connection are allowed) like arrow suggested and nothing else (see pic)

[attachment deleted by admin]

I change to this (screenshot) and it prevented any internet connection. I undid the change.

What did I do wrong?

I now am back to original settings (2nd screenshot)

[attachment deleted by admin]

ONLY tick log as firewall event if this rule is fired, other things leave intact on your original 2nd screenshot

…Then you should see all established connection in CFP “firewall events”…