I have decided to turn off automatic program control and go with a manual. Recently just discovered that when assigning an inbound block rule for skype it changes to automatic. Is it ok or do I have a problem?
Win xp sp3 NIS 2009 16.5.0.135
Hi -
I noticed your post.
Is Smart Firewall turned on or off?
Yes it is. Further to be specific problem occurs only if skype tries to accept inbound communication and I chose to manually set up a blocking rule for that particular communication. However if I chose to block it once without setting up a rule seems to me working just fine.
Hi -
Just to be clear ...
"Yes it is. Further to be specific problem occurs only if skype tries to accept inbound communication and I chose to manually set up a blocking rule for that particular communication. However if I chose to block it once without setting up a rule seems to me working just fine."
Does this mean the Smart Firewall is turned "on?"
Please give me a bit more detail, thanks.
Yes it is on. Also advanced events monitoring is on and automatic program control off. Only alg.exe is set on auto rule. Other programs are set to either block or custom with outbound allowed.
Hi -
I have been thinking about this.
Since, APC is off - have you tried an inbound block rule for another program?
If not, try it.
If yes, does the setting "stick?"
Can you be more specific on what kind of inbound block rule you are creating? How are you creating it? Manually in program control or via a popup alert when Skype is trying to accept an inbound connection?
Thanks,
/Chester
Yes I can. Mostly when I stop calling through skype or do sign in after closing skype I receive a NIS security popup alert of inbound connection from skype(skype is attempting to listen from other computers) in a form of a TCP https local comp. 0000,443 or www-http local comp 0000,80 or TCP Port 49113 all inbound connections. Well and I can choose from four options as always.
Sorry I meant from five options.
Which option did you choose? Please be as specific as possible with all steps/configuration so that I can help you troubleshoot the issue :)
If you select "Block Always", a block all rule will be created for all types of traffic for Skype. The program control will then show "Block" in the skype entry.
Also, you mentioned you have advanced events on. You may get (many) extra alerts when this option is on.
Thanks,
/Chester
Well after the popap to chose the action " comes" the above mentioned of setting up or creating a rule manually to block that particular inbound connection. After creating a blocking rule I look into the program control setting or to history to verify it instead of seeing a blocked connection rule I have just created I see an automatic rule for skype which I don't understand how it got there because automatic rule creation is off as I mentioned.
I neve ve tried to select block always because I do not want to block skype from using it.
Have a same problem with windows live messenger.
Hi,
I was able to reproduce the behavior you described with the following steps:
- Turn off Automatic Program Control
- Run the application that listens for an inbound connection (ie: skype)
- When the alert pops up, select "Manually Create a Rule"
- Select "Block" as the action, and finish the rule creation wizard. (This creates a block rule for just this traffic only)
In program control, you will see the program set to "Auto" and within the rules, you will see the block rule that you created plus an additional allow rule with the same traffic parameters. The block rule will still take precedence over the allow rule so the behavior remains correct. The "Auto" setting has no affect on behavior and is only used to display how the last rule was created for the application.
Thank you for identifying this issue and we will look to address these in a later patch.
In the meantime, you should be able to manually delete the extraneous "Allow" rule and everything should be correct.
Thanks,
/Chester
Message Edited by ChesterK on 03-27-2009 06:20 PM
Hi Chester -
Thanks for all your help with this!
Compumind.
Thank you ChesterK. However after manually deleting the extraneous allow rule I had to repeat all the steps when I was signing in again with a skype or with a wlmessenger. Extraneous rule you referring it is the one that creates itself and allow in and out traffic. With other words the outbound traffic rule I have created changes itself to that extraneous rule. When I delete that rule as you recommended all what I will see within the rules are blocking rules. For that I have to deal with the alert popups after signing in again with applic.
If I understand rules handle communication in a way that a rule that appears above ones overrides those rules. So for now I dealt with the problem in this way: I created an outbound TCP and UDP rule for application for examp.win live messen.than I made sure that it is all the way up and have a priority than removed a mark from it on a left side. After I created outbound rules and placed it between or under blocking rules and not removed a mark from them.
For now it is working and there are no popups.
Hi Drejwithyou,
I guess I am not sure what you are trying to do :) You want to block part of skype traffic yet allow skype traffic for other ports? Please be specific which traffic/ports you want to block and which to allow. If you let me know what exactly you are trying to do, perhaps I can help you configure it correctly.
Thanks,
/Chester
Hi
My goal is to let skype work by allowing just outbound traffic .Skype need unrestricted outgoing access for TCP destination ports 1024 and above or 80 and 443.at least.
Thankx for trying to help me.
I'm not familiar with Skype's traffic patterns, but I'd assume it'd need a listening port to receive calls. If you are creating block rules for certain traffic and you are still getting alerts for other traffic, it means you haven't covered all the ports that Skype uses. From your description, you'd want 2 rules in the following order:
1) Allow, outbound, all computers, TCP, ports 80, 443, 1024-65535
2) Block, inbound & outbound, all computers, TCP & UDP, all ports
Note: There's no guarantee that Skype will work fully with this configuration. You'll have to experiment for yourself.
/Chester
Hi
For now I went back to set program control on automatic. After it did set itself up with rules I turned it off and set the advance events monitoring on. But thanks to ChesterK for his input and hope this issue will be resolved in a next update.