Why when blocking applications KillSwitch Portable (inbound / outbound..

Why when blocking applications KillSwitch - portable (inbound / outbound), it still goes on the Internet. Or rather when to starts a “KillSwitch” - “System” starts (inbound / outbound) IP-related Google INC (74.125.232.193 and other) and www.rr.com (173.194.47.233…),www.akamai.com (77.67.29.160…)

Please explain? That blocking does not work for her?

Thanks.

Up-“System” also not block. ???

Edit: Block Up- “System” only IP. (CIS (FW does not block :frowning: :cry: ).

Why “System” goes to the Internet (for example: the sites Google Inc, on startup KillSwitch)?
I do not understand?

Waiting for an answer. Any ideas. Thanks. :THNK

Do you have CIS running also? If so what version? Are you trying to block using Killswithch or CIS?

Thanks for the reply EricJH.

I use a KillSwitch (Portable).

CIS 5.10 Full. (Proactive)

Blocking by FW.

CIS to works too and I can see the traffic.
But it is not long. Exchange data.(About 10-15 seconds).

Edit: Here’s a screenshot.
This a blocking is (KillSwitch) based on IP.
There is only outbound from the System.
But I have noticed sometimes a inbound.

[attachment deleted by admin]

As for system, try blocking port 137 for inbound and outbound inside CIS firewall rules

jay2007tech Thanks for the tip. :-TU

Blocked the port Globally rules. Rule moved up- System. So far so good.

But the question remains. Why when you start KillSwitch - System goes to these IP? ??


Can you show a screenshot of your Global Rules? Are you behind a router?

This ADSL internet.
One computer before the ADSL modem.

[attachment deleted by admin]

Is the IP address of your computer in the 192.168.x.y range? I cannot tell from the picture you posted in your second post.

I see in your Global Rules that there are two zones allowed (it’s in Russian but I assume that is the rules are for). Can you post the IP address of these two zones? They can be found in Network Zones.

UDP via port 137 is NetBIOS Name Services (NBNS) it’s a little like DNS for NetBIOS names. With Windows based Operating systems, when a connection is attempted, they use a variety of methods to try and resolve a name , if one method fails another is attempted.

Strictly speaking, there’s no need for these queries to leave your subnet, but if you’re having problems with DNS, it may be a reason for seeing these.

If you’re not using file and printer sharing, disable NetBIOS on the properties of the network adapter. If you are using file and printer sharing, create application rules for the system process that allows NetBIOS (TCP/UDP ports 137 to 139) to and from the LAN and block all other NetBIOS connections. Once done, delete the global rule you’ve created.

Thanks EricJH.

Yes it is both ■■■■■. Home#1 and Home#2.
When connecting the first request is made to 169.254.x.x
The second request 192.168.x.x
They are locked. This does not matter with a direct connection only via ADSL. These rules for the network do not have to look. I just left them.
They do not matter.(repetition).

Thanks Radaghast.
Yes I know that the 137 port for NetBios. Thank you.

I’ll see your advice. No I have no printers on the network this place.

Edit: By the way. The new version of CIS 6, I can not just to close the first a window - query network.

??? This is bad. (In older versions, you can close the first request.

Choose your IP and turn not to define the network.) He no longer asks for 169.254.xx

[attachment deleted by admin]

Radaghast.

Thanks for the great help. :-TU
NetBios disabled.

Rule deleted. No a problem (with a traffic “System” ) at startup KillSwitch.

Also, all those who responded. Thank you. :-TU