In v2.4, CPF alerted me whenever an appliction attmpted to create a tcp or udp listening socket. I’ve installed v3 and I cannot seem to find or activate that feature. Is there something I need to enable in order to make CPF alert me before it allows a program to create a listening socket?
I have set the Firewall Behaviour Settings, ‘Firewall Security Level’ to Custom Policy Mode and set the Alert Frequency Level to Very High.
The Network Security Policy application rules I have do allow specific apps tcp and udp ports out (but not in)…
Anybody? I don’t have any ideas here.
In v2 that “act as sever” alert thingy usually is associated with internal loopback connections. In v3, I think it got transfered in under Defense+ category:
D+ > Advanced > Computer Security Policy > double click / edit an item > Loopback Networking
But it might also relate to:
Firewall > Advanced > Firewall Behavior Settings > Alert Settings > Enable alerts for loopback requests
Anything else about this, I don’t know.
Thanks for the suggestions. Allowing a program to create a listening socket isn’t something that is restricted to loopback connections. An application can elect to listen on 0.0.0.0 which usually represents all configured addresses on a system, or it can listen on a specific ip address only.
I don’t’ recall how granular the filtering was in 2.4, but it had the ability to let you know when something was trying to listen on a particular port.
This was a handy feature to have that would instantly alert you when a rouge application tried to start listening on a particular port.
Nevertheless, I’ve looked at the loopback networking options in Defense+ and confirmed that the applications in questions are set to Ask. I’ve also confirmed that Enable alerts for loopback requests is enabled…
Still no joy. I find it hard to believe that the developers would remove such a feature, however I’m a loss to figure out how to enable it.
Hopefully someone out there has some idea as to what’s going on.
My guess is the alerts were annoyingly unnecessary for the majority, so they suppressed them ???
I agree that getting the server request helps to alert about a rogue application. Now something could sit inoccuous on one’s system without it being noticed (and reported). I assume here that D+ warnings were ignored.