Firewall-unintended IP blocking

My ISP recently signed a cooperation agreement with a commercial portal,which collects info on which sites the user logs on, to,anonymize and passes it to companies so that the user receives those promotions of most interest to him/her. For this scheme to operate,when I want to log on to a website by typing its web address, I am first directed to this site,am asked for Op-in or OP-out then connected to the site I want. I strongly feel that this is illegal nevertheless my ISP is intercepting my attempt to log on to the website of my choosing. The site I am directed to is the familiar http://a.oix.net (Phorm). I wanted to block the IP of this website, 91.205.220.40 so I added an Inbound-Outbound traffic rule to Firewall Traffic Rules. I,however,noticed in the Firewall log that all Microsoft services and Norton's ccSvchst service were being blocked by this rule at computer start-up; for example, the first entry in the log reads "ccSvchst.exe is preparing to access the Internet", the very next entries are " oix rule (the new rule I added) blocked communications" with ccSvchst and other Microsoft services,which also attempted to access the Internet at start-up. So I decided to modify the new rule and configured it only for Inbound communications. Yet this rule continued to block Norton and Microsoft services from accessing the Internet during start-up. I have another computer with 64-bit Windows XP Pro which came with pre-installed Kaspersky Internet Security. I configured this software to block 91.205.220.40 for Inbound-Outbound traffic; I do not observe the same unwanted blockage of Microsoft and Kaspersky services. How can I block this IP so that the rule I will create does not block Norton and Microsoft services at start-up?

Hi,

 

Looks like, all the HTTP/HTTPS traffic from your system are routed through Phorm systems. The rule that you created blocks all  connections(HTTP traffic) irrespective of  which application trying to access. This is the reason Norton/Microsoft apps  are blocked from accessing internet.

 

If you want to block traffic to go thorugh http://a.oix.net while you browse any website , you can create a block program rule (Settings->Smart Firewall->Program rule) for the browser to restrict access to phorm machine.

 

Thanks,

Thank you for the suggestion. But how do I create the program rule to block http://a.oix.net? I only know the name and IP of the this website? There is no Phorm program installed on my computer; I looked in the Program Rules,all are already installed on the computer. It is simply that I am first directed to the Phorm site when I open Internet Explorer,then on to the site I actually wantto log on to. To avoid the above Phorm site I placed its address in the Restricted Sites Zone in Internet Explorer so that the site actually cannot open because of Javascript missing but nevertheless it intercepts Internet Explorer and I have to reload the Website I want.

You can mention IP/Name of the site in the "Computers" section of the rule. 

 

1. Go to program rule UI

2. If rule already exists for the browser, Modify it or Add new rule

3. While adding a block rule , in the "Computers" tab , select option 'Only the computers and sites listed below"

4. Click ADD and mention the site or IP address

5. Also, make sure both inbound/outbound option selected in the "Connections" section.

 

If there are multiple traffic rules exists for browser ( in the modify rules UI), you need to add block rule for phorm site and make it as first traffic rule. Rules are processed in the order shown in the UI.

 

Thanks,

 

Thank you for your suggestion. But could you let me know what program rule UI is? I looked through the contents of Firewall Program Rules,and found only rules governing various services and programs installed.