Symantec Firewall Blocking Practally Everything, Why?

Windows XP Home (SP1) Symantec Client Firewall Version 8.6.2.133 (came with anti-virus

10.0.2.2000) Security is On Client Firewall is On Intrusion Protection is Off Privacy Control is Off Ad Blocking is Off

The machine was functioning fine using ZA firewall, Microsoft Windows Defender (Beta) anti-spyware, and AVG anti-virus (all free versions).

But I get tired of the same old programs running year on end; maybe I'm missing out on something. Actually, I haven't been running MS Defender for long, but you get the idea.

After reading the spyware shootout:

formatting link
the Slashdot response:
formatting link
liked the idea of anti-spyware and anti-virus combined. Why scan your computer twice? Symantec combines them and also did the best in detection in the competition. The Symantec package comes with a firewall (SCF) too. So I figured I might as well run that and give ZA a break.

I blocked my old programs from starting up at start-up but I still have them. And of course I could revert, but I want to figure out what's going on with Symantec Client Firewall.

Everything worked for a day or so. Then I awoke to find SCF blocking browser web traffic for practically all sites. I by chance discovered I could get to

formatting link
(In FireFox, Reload (override cache) Ctrl + F5 gets the page, so I'm not getting it from the cache) I don't know what makes that one different. (Maybe it's the https? I'm going to research that, but I want to post this first.) Email and news work okay too. I can ping any site via the CMD prompt without trouble too.

When I disable the SCF, I can connect normally with browsers. That's how I'm operating now except I have XP's ICF going.

So how can I figure out what's wrong with SCF? They don't have a forum as I can see (is there one?). At least ZA has a good forum. A question never goes unanswered there.

Reply to
Nehmo
Loading thread data ...

My advice here would be to get rid of it if it's giving you that much trouble. :)

Duane :)

Reply to
Duane Arnold

Getting a stable setup is easy, but I want to figure out what's going on. Lots of people use that firewall, don't they?

There must be some way of determining what SCF is doing.

Reply to
nehmo54

In comp.security.firewalls snipped-for-privacy@hotmail.com wrote: ["security" in yellow boxes]

And thousands and thousands of them are coming into news-groups and forums asking all this question ;-)

Yours, VB.

Reply to
Volker Birk

I use the corporate version of SCF. Can't you take a look at the firewall logs and see what's going on?

Right click on the SCF icon in the task tray, select options, check "Log Viewer", click OK. Next, right click again on the SCF tray icon, select log viewer. The answer lies somewhere in there.

Lance

*****

Nehmo said the following on 12/12/2005 21:23:

Reply to
Lance

It would be hard in my opinion to fault find SCF if you've just disabled ZA but still have it installed.There could be low level conflicts even if its disabled.It would be better to un install and registry clean each firewall before trialing. me

Reply to
bassbag

Ask your question on comp.security.firewalls.

Shneor

Reply to
Shneor

It's already crossposted to that NG. Considering that Symantec bundles the apps, I also posted to the other NGs in the hope of finding someone familar with the program.

Reply to
nehmo54

Thanks, I didn't realize there was a log, but now that I'm looking at, it's not giving me much help. Web History is blank. Configuration does note when I change the configuration, but that's all. Alerts shows when I changed to permit (I permitted all extended protocols). System shows when I turn on or off the firewall or "internet security". Intrusion Protection shows when it was turned on or off and what sig files it now has, but that's off anyway. Content blocking, Privacy, and Privacy info are all blank Connections does show activity, but I'm not clear when something shows up. Firewall seems to be the key. It shows when disabled and enabled. It also notes "Firewall configuration updated: 625 rules." How can I view these rules?

Reply to
nehmo54

Start up SCF, highlight "Client Firewall", click on the yellow "Configure" button on the right side of the window.

The rules are organized by Programs, Networking, Location, Advanced.

Lance

*****

snipped-for-privacy@hotmail.com said the following on 12/13/2005 15:13:

Reply to
Lance

I still have ZA installed, but it isn't running at all. No process associated with it is running either. But these things are so mysterious, you may be right anyway. However, SCF ran okay for a day or so. So that means something happened. I don't remember exactly; maybe SCF failed after I rebooted and I didn't notice it till much later when I began to use the internet. Maybe at that time, ZA was still in the start up list. Then it's possible they fought each other when both were running.

I looked all over the firewall configuration. I have the defaults everywhere I can. And there's no setting that looks unusual or over-protective. I even set the slider to low level.

I tried a repair-install too. That didn't work either.

Main window > Options > Protocal Filtering I don't really understand, but I have that set to Permit all extended protocols.

I exported the settings, and then opened the xml with Firefox. It's a bunch of incomprehensible alphanumerics.

Reply to
blad54

I doubt it.

It's more complicated than it's worth.

What repair install? What is that?

What is an extented protocol? It seems to complicated for use.

The xml are parameters that control the program and is not meant for you to intrpret.

Do yourself a favor and get a NAT router if you can and put the machine behind it. The NAT router is a plug it up and go device that needs little or no configuration on your part and provides instant protection from the Internet. A good one on sale *cheap* cost a much as a 3rd party personal FW solution and is a lot less complicated and doesn't run with the computer's O/S which the PFW can be attacked just like the O/S can be attacked.

Duane :)

Reply to
Duane Arnold

- Nehmo - Then it's possible they [ZA and SCF] fought each other when both were running.

- Duane Arnold -

- Nehmo - Well, I doubt it too, but basbag seems to think it were possible, and I noticed I was prohibited (which is not normal) from stopping the ZA process Vsmon.exe. (It?s in System32; I rebooted into safe mode and then renamed it; then it didn?t start; that?s how I stopped it) while SCF was running.

- Nehmo -

- Duane Arnold -

- Nehmo - In Add or Remove, there?s two buttons with SCF, one of them is like a repair install; it says it fixes stuff.

- Duane Arnold -

- Nehmo - I?m not clear. When I look it up

formatting link
, I don?t get a simple answer.

- Duane Arnold -

personal FW

computer's

- Nehmo - I?ll probably get one sooner or later. Steve Gibson likes ?em

formatting link
.

I uninstalled Symantec Security and went back to ZA, AVG, and MS anti-spy. If I can?t get an app to work in three days of play, unless I really need it or it provokes my interest, I move on.

Next time look into Symantec, I might just separate the anti-virus and just use that.

Reply to
Nehmo

Don't rely too much on anything Gibson says [1]. I would agree with him on the firewall appliance part, but you don't need ZA or any other personal firewall.

[1]
formatting link
cu 59cobalt
Reply to
Ansgar -59cobalt- Wiechers

If this is an NT based O/S you're talking about, then there is no way those two programs are going to confilect as to not being able to stop a program. If anything, the two PFW(s) running together might block traffic from reaching the machine that was suppose to reach it.

Don't base that on what that *clown* has to say.

I use IPsec to supplemnt BlackIce on my laptop while on the road. You can use it if you're using any one of the O/S(s) in the link. I use the AnalogX IPsec rules that have been implemented on the XP O/S with one minor rule adjustment that stopped BI from barking all the time.

formatting link
And I did somethings in the link below to protect the machine that has a direct connection to the Internet (machine is not behind a router).

formatting link
Duane :)

Reply to
Duane Arnold

Reply to
Sanderson Trothall-Nibberkeck

Reply to
Uriah Schlomberg

Reply to
Nilikuacha Wakamfuata

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.