In v2.4, CPF alerted me whenever an appliction attmpted to create a tcp or udp listening socket. I’ve installed v3 and I cannot seem to find or activate that feature. Is there something I need to enable in order to make CPF alert me before it allows a program to create a listening socket?
I have set the Firewall Behaviour Settings, ‘Firewall Security Level’ to Custom Policy Mode and set the Alert Frequency Level to Very High.
The Network Security Policy application rules I have do allow specific apps tcp and udp ports out (but not in)…
In v2 that “act as sever” alert thingy usually is associated with internal loopback connections. In v3, I think it got transfered in under Defense+ category:
D+ > Advanced > Computer Security Policy > double click / edit an item > Loopback Networking
But it might also relate to:
Firewall > Advanced > Firewall Behavior Settings > Alert Settings > Enable alerts for loopback requests
Thanks for the suggestions. Allowing a program to create a listening socket isn’t something that is restricted to loopback connections. An application can elect to listen on 0.0.0.0 which usually represents all configured addresses on a system, or it can listen on a specific ip address only.
I don’t’ recall how granular the filtering was in 2.4, but it had the ability to let you know when something was trying to listen on a particular port.
This was a handy feature to have that would instantly alert you when a rouge application tried to start listening on a particular port.
Nevertheless, I’ve looked at the loopback networking options in Defense+ and confirmed that the applications in questions are set to Ask. I’ve also confirmed that Enable alerts for loopback requests is enabled…
Still no joy. I find it hard to believe that the developers would remove such a feature, however I’m a loss to figure out how to enable it.
Hopefully someone out there has some idea as to what’s going on.
I agree that getting the server request helps to alert about a rogue application. Now something could sit inoccuous on one’s system without it being noticed (and reported). I assume here that D+ warnings were ignored.