Why active connections when program not in application rules

riggers · November 29, 2007, 9:01pm

Hi, i was just wondering if someone could tell me why i have active connections form :-

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
tcp listening #### on 3 x ports

When i have no such program listed in application rules?The reason i ask is that after going through the(what do these settings do) help section it states that for data to be allowed out of my computer it must first pass the application rule then proceed if it also passes the global rule.

Surely if a program is listening it must have passed through the firewall ok.I know only data requested by this program should be allowed back but i would rather the ports be closed(not listening).

I have tried to" terminate connection" when in view active connections section of the firewall interface but to no avail. 88)

Any advise on why these ports are listening(no bytes sent or received since v3 installation 21-nov) and how i may close the ports used would be much appreciated.

Aside form this issue i am finding v3 an excellant program and reading through the forums this past week has been a real learning opportunity,so kudos to all admin + mods :-*

Kind regards Matty

WIN XP PRO SP2/COMODO V3/COMODO BOCLEAN/AVIRA AV/SPYBOT S+D

AnotherOne · November 30, 2007, 7:06am

That program probably is a known “Safe” program that comes with the database that CFP uses to set itself up with. If you want to shut down the connection, you can close all connections from the Summary window (Stop all activities). Otherwise you would have to add the program to the Network Security Policy and write rules to control its permissions.

system · November 30, 2007, 7:40am

Hi riggers.

As you probably know cli.exe is the ATI catalyst Driver. If you have an ATI graphics card in the catalyst group, you should leave it running.

As for the connections, a couple of questions:

How are you viewing the listening connections?
Is the address associated with the connection(s) 127.0.0.1 or localhost?

As far as I know, cli.exe only needs loopback 127.0.0.1 and does not actually connect outside.

riggers · November 30, 2007, 2:34pm

Thanks for helping guys,i dont really want to stop all activities but cant find any referance to this path in the Network Security Policy so how can i apply a rule for it.

To toggie:

I am viewing the listening connections by opening-firewall/common tasks/view active connections.
Cant see any address associated with the connections is there a way i could find out.

Is this program using explorer.exe as a parent to access the net? the parent/child aspect seems to have gone in this version or am i just being a “fool” and cant find it.

Kind Regards Matty

system · December 1, 2007, 2:22am

Hi riggers

Open a command prompt (start/run/cmd [Enter]) and type netstat -anob > netstat.txt This will create a text file called netstat.txt in your \Documents and Settings(your name) folder. You can view the contents of the file with notepad.

Find cli.exe and see what information it has about the address.

gordon · December 1, 2007, 11:12am

May I suggest :

Recommending netstat to somebody who needs to ask how to see local connections ? hmm …

riggers · December 1, 2007, 2:19pm

Muchos thank,for the help guys i`ve used your info and found out cli.exe was as you said using loopback 127.0.0.1

I set up some rules for the application in defence+ and it seems to have done the trick.

Cheers for the link to the sight Gordon, it gives a good insight into whats going on.Its with the help of folks like you two that im learning something new everyday.

Thanks again Matty