What are all the rules needed to make Windows Live Messenger Remote Assistance work with Comodo Firewall? Be descriptive please.
I have nothing being logged indicating any blocks or issues. It just doesn’t work.
Assuming you have no restrictions imposed by a router or other NAT device, in addition to the standard rules for Windows Live Messenger, you’ll need to cater for msra.exe, which is the key component for remote assistance.
The type of rules you create will depend on you firewall settings and your preference. They may be quite specific or quite generic. If you’re using the firewall in Custom policy mode with the Alert frequency raised, you’ll use the former. I’ve used reasonably specific rules so that you can see how it works:
Application rules for the Outbound PC:
C:\Windows\System32\msra.exe
Action - Allow
Protocol - TCP
Direction - Out
Source Address - Any
Destination Address - Any
Source Port - Any or use Dynamic Ports - 49152 to 65535
Destination Port - Any or use Dynamic Ports - 49152 to 65535
Application name - C:\Program Files\Windows Live\Messenger\msnmsge.exe
Action - Allow
Protocol - TCP
Direction - Out
Source Address - Any
Destination Address - Any
Source Port - Any
Destination Port - 80 and 443 (Use the HTTP Ports Port Set or create your own)
Action - Allow
Protocol - TCP
Direction - Out
Source Address - Any
Destination Address - Any
Source Port - Any
Destination Port - 7001
Action - Allow
Protocol - TCP
Direction - Out
Source Address - Any
Destination Address - 127.0.0.1
Source Port - Any
Destination Port Any
Application name - C:\Program Files\Windows Live\Contacts\wlcomm.exe
Action - Allow
Protocol - TCP
Direction - Out
Source Address - Any
Destination Address - Any
Source Port - Any
Destination Port - 80 and 443 (Use the HTTP Ports Port Set or create your own)
Action - Allow
Protocol - TCP
Direction - Out
Source Address - Any
Destination Address - Any
Source Port - Any
Destination Port - 1863
Application name - C:\Program Files\Windows Live\Installer\wlstartup.exe
Action - Allow
Protocol - TCP
Direction - Out
Source Address - Any
Destination Address - Any
Source Port - Any
Destination Port - 80 and 443 (Use the HTTP Ports Port Set or create your own)
Application name - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
Action - Allow
Protocol - TCP
Direction - Out
Source Address - Any
Destination Address - Any
Source Port - Any
Destination Port - 80 and 443 (Use the HTTP Ports Port Set or create your own)
Application rules for the Inbound PC:
These are the same as those above with one exception, the rule for msra.exe:
C:\Windows\System32\msra.exe
Action - Allow
Protocol - TCP
Direction - In
Source Address - The Address of the connecting PC
Destination Address - Any
Source Port - Any Or use Dynamic Ports - 49152 to 65535
Destination Port - 49152 to 65535
Global rules may or may not be necessary, it will depend on your current settings. If you have a Global rule that blocks IP In, you will need to open the ports needed by the Microsoft Remote Assistant:
Action - Allow
Protocol - TCP
Direction - In
Source Address - The Address of the connecting PC
Destination Address - Any
Source Port - Any Or use Dynamic Ports - 49152 to 65535
Destination Port - Any Or use Dynamic Ports - 49152 to 65535
Unfortunately, if you’re using Vista/Win 7 to Vista/Win 7, msra can use any port from a very wide range, and CIS doesn’t support dynamically negotiated RPC ports, so you really should specify the IP address of the PC making the RA connection, otherwise you’re opening a lot of ‘holes’. Another, potentially better option, would be to use VNC…
If you wish to simply the rules, you can, with the exception of the rule for msra on the PC receiving the RA connection, make them all outgoing only, by using the Predefined Policy rule with the same name. For example:
Application name - C:\Program Files\Windows Live\Messenger\msnmsge.exe
Allow All Outgoing Requests
Block and Log All Unmatching Requests