BitDefender Firewall

Jimbo Kern

I recently purchased Bitdefender Internet Security for the all-in-one package. I'm very disappointed with the performance of the firewall application. It doesn’t seem to pass any leak test that I run. Any configuration suggestions? I'm thinking of returning it since I also have the Anti-Virus version without the firewall and picking up a better firewall.

cberneanu

Leak tests are overrated. If you are already infected, there is no point in trying to prevent it from hijacking other legitimate applications and sending data over the network. It will only give you a false sense of protection and the necessary hooks will only slowdown your system. Any malware that gets inside your computer will be blocked by the virus shield.

Jimbo Kern

Don't get me wrong.. I love Bitdefender, the virus shield is top notch IMO. My computer is clean as a whistle, I also run Spyware Doctor 5 in addition to Bitdefender, but are you telling me I shouldn’t be concerned by my firewall failing leak test? What about an application that sends personal info that the virus shield doesn’t pick up? There are some leak tests that Bitdefender won’t run because the virus shield picks it up which is great, but what about the ones that don't get picked up and are allowed through?

Thanks for the help....

alexcrist

Hi Jimbo Kern,

Try ShieldsUP!

It's the best Firewall tester out there. If you configure BD correctly, it should pass on every test. I too have BD 10IS, and I'm 100% protected by the firewall (it passed ShieldsUP! with flying colors).

If your BD fails one of the tests there, post here and I'll help you configure BD so that you take advantage of full protection.

Cris.

Jimbo Kern

Cris thanks for the suggestion. I'll do that and I appreciate the help.

Jimbo Kern

So I went to ShieldsUp and Bitdefender passed every test. I’m curious though about the test ran at this site:

http://www.firewallleaktester.com/categories.htm

Specifically this area of test:

"LAUNCHER

Description The program access to the Internet in launching an authorized application and in goingtrough it

Leaktests Tooleaky, FireHole, WallBreaker, Ghost, Surfer"

Now some of these test the virus shield picks up, but others seem to get through the Bitdefender firewall without a problem. Should this be an issue or am I not understanding the test correctly? I want to be sure I can trust the firewall with Bitdefender or if I should go another route. The virus shield I have no issues with.

Thanks for the help guys....

EDIT: Re-installed Bitdefender and now it passes all firewall test and the ones that it doesnt pass the virus shield catches......Excellent!! Don't know what the original problem was but maybe I did something or something... but now it works great! Thanks again!!

khufu

Hi

Take a lookhere and here

Jimbo Kern

Thanks... Always willing to learn.

Escalader

Hi Jimbo Kern,

Try ShieldsUP!

It's the best Firewall tester out there. If you configure BD correctly, it should pass on every test. I too have BD 10IS, and I'm 100% protected by the firewall (it passed ShieldsUP! with flying colors).

If your BD fails one of the tests there, post here and I'll help you configure BD so that you take advantage of full protection.

Cris.

Chris:

I have a H/W firewall and a ethernet router all hard wired. I have ZA Pro as it is providing me some level of outbound control at an application level and OS compoents level. My concern is to ensure no packet leaving my computer as opposed to in bound!

What are BD FW strenghs and weaknesses on outbound?

Jimbo Kern

Try ShieldsUP!

It's the best Firewall tester out there. If you configure BD correctly, it should pass on every test. I too have BD 10IS, and I'm 100% protected by the firewall (it passed ShieldsUP! with flying colors).

It seems my computer passes these tests with flying colors whether Bitdefender is running or not. I wonder how I could pass these tests with no active firewall running unless my ISP has one.

alexcrist

My concern is to ensure no packet leaving my computer as opposed to in bound!

What are BD FW strenghs and weaknesses on outbound?

Hi Escalader,

When someone (or something) tryes to probe your computer for open ports, BitDefender does not send (and does not allow your PC to send) any kind of information.

This is the report from ShieldsUP!

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

@Jimbo Kern: If by "whether Bitdefender is running or not" you mean that you closed BD Management Console (right click on the BD icon in the tray and click Exit), then BD's Firewall was still enabled (also every other module of BD, like AV, AS, etc...). To stop the firewall, you have to disable it from the Managemet Console.

If you disabled the firewall correctly and you still passed the ShieldsUP! tests, then yes, maybe your ISP has a firewall which protects you.

Cris.

mihai_romanian

Hi Escalader,

When someone (or something) tryes to probe your computer for open ports, BitDefender does not send (and does not allow your PC to send) any kind of information.

This is the report from ShieldsUP!

@Jimbo Kern: If by "whether Bitdefender is running or not" you mean that you closed BD Management Console (right click on the BD icon in the tray and click Exit), then BD's Firewall was still enabled (also every other module of BD, like AV, AS, etc...). To stop the firewall, you have to disable it from the Managemet Console.

If you disabled the firewall correctly and you still passed the ShieldsUP! tests, then yes, maybe your ISP has a firewall which protects you.

Cris.

Dudes i don"t get half of the ###### you are all sayıng.Too much for me to understand but i will suggest this to you:no antivirus keeps up with the new viruses that come up every day so my solution to all of your problems is to save your favorite programs on dvd-s and have an windows or w/e installation CD.As for the antivirus just get BD antivirus 10 and set it to default on all levels but the scans(full system scan for example).

i have visited all dangerous sites possible on the internet and i"m still here wıthout reinstalling windows

BD has a greate live support on the officiall website.Check it first then post your problems here if the support team doesn"t crack the problem(which is a rare thing for them,they are all brainiacs

Well no ones perfect so remember no antivirus can guarantee full protection against all type of harmfull programs besides ıf you don"t update your antivirus all the time however good it might be it will get it"s ###### kıcked by the new viruses/warms/malware/ad-ware/spyware et cetera.

mihai_romanian

Hmm forget about this .

My problem with BD Antivirus plus vs10 is the never dying never solved problem of the bdmcon error message that says a resource was unavailable.İt"s pretty serious and it makes my computter slower stopping me to run programms that on my PC ran as far as a month ago with eas(easily).

The diagnosys kıtts that i got from the live support (3 of them)did not help the support team in anyway.

My problem is not unique,i know other dudes had the same problem and in my oppinion it might be caused by a program confict or a bugg.

PS:bdmcon=bıtdefender console

alexcrist

@mihai_romanian:

First of all, stop using the dirty language you're using. Those words won't even appear in your post. WATCH YOUR TONGUE!

Second, you already started a thread with your problem. You really don't need to post your problem in all the threads!

Third: even if you don't like/want to learn how to protect your PC (as I understood, your strategy is get an AV, and if I get infected I just format my HDD and reinstall everything), there are people who actually want to know how to protect themselves so they won't need to waste time reinstalling Windows.

Fourth: In my opinion, it's better to use the Forum instead of LiveSupport, because in the Forum, users having the same problem can find a solution a lot more easier then if they contacted LiveSupport. Furthermore, solutions are found faster here, because everyone comes with ideas/suggestions, and there are BD Officials who answer the problems.

Cris.

P.S.: bdmcon = BitDefender Management Console.

BitDefender Console is another thing (is the BD version which can be used in Windows Safe Mode. It's found here: C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdc.exe)

khufu

Hi all,

i have to say some this:

1. leaktests and port scan are 2 different things

2. if you firewall does not have a good outbound control is useless to pass port scans

3. some post in this tread have been removed, not a good behavior

4. Bd firewall needs improvements

Escalader

Hi Escalader,

When someone (or something) tryes to probe your computer for open ports, BitDefender does not send (and does not allow your PC to send) any kind of information.

This is the report from ShieldsUP!

@Jimbo Kern: If by "whether Bitdefender is running or not" you mean that you closed BD Management Console (right click on the BD icon in the tray and click Exit), then BD's Firewall was still enabled (also every other module of BD, like AV, AS, etc...). To stop the firewall, you have to disable it from the Managemet Console.

If you disabled the firewall correctly and you still passed the ShieldsUP! tests, then yes, maybe your ISP has a firewall which protects you.

Cris.

Thanks for this Cris. So let me summarize the point you made, BD FW will not send any packet outbound on a probed open port. This is good.

Now my next question, can I set any application let say a game so that it will not accept incoming packets or send outgoing packets on any port, closed or open?

alexcrist

Now my next question, can I set any application let say a game so that it will not accept incoming packets or send outgoing packets on any port, closed or open?

Hi Escalader,

Yes, you can fully configure the connections for any application you want. You can restrict connections by source/destination port, source/destination IP, protocol (TCP,UDP,ICMP, IP).

You just have to be very patient about it.

To do that, open BD Management Console, go to Firewall and either double click an existing rule or create a new one.

In that window (New rule or Change rule) you can set any combination of ports/IP/protocols you want for one or all applications.

Cris.

Escalader

Hi Escalader,

Yes, you can fully configure the connections for any application you want. You can restrict connections by source/destination port, source/destination IP, protocol (TCP,UDP,ICMP, IP).

You just have to be very patient about it.

To do that, open BD Management Console, go to Firewall and either double click an existing rule or create a new one.

In that window (New rule or Change rule) you can set any combination of ports/IP/protocols you want for one or all applications.

Cris.

Ah yes, patient like all good IT guys!

Thanks for answering my question.

My next are:

Can/should user of FW use scanner tests or leak tests to test their own settings or even id where rules need changing? If each user does this would not they be in peril of errors in making rules?

Or maybe BD did those tests and built the default rules for us all?

alexcrist

Hi Escalader,

Yes, you can use whatever leak tests or firewall tests you want. Just be very careful, because out there are a lot of fake firewall tests which, instead of testing your security, bring in some viruses (very dangerous viruses).

About the help with rules setting (does "id" in your post mean "aid"??), BD can't give you any advice. The only thing BD can tell you is if a certain application that requests access to the internet is safe or not. The safe applications are the ones which were tested by BitDefender labs.

Advice: when BD alerts you that a "certain" application wants internet access, you have to look at that pop-up to see what application wants to connect. If that application is located somewhere in a TEMP folder, then there are two choises:

1) either you are installing something, and that installer wants to download something (this is usually safe to grant access, but don't create a persistent rule for it)

2) if you are not istalling anything, that file might be a virus. You should act very carefully in those cases.

The user is the only responsible of the Firewall rule-making. Once a rule has been made, BD won't ask you again (that's what the rules are for). If you have some doubts about a certain rule you created, ask here (tell us the application name, the location, and the other info found in Rule Details).

BitDefender created some, as you say, "default rules for us all". When a new network (IP) is detected for your computer, the Firewall assistant will appear. Based on what type of connection you choose there, BD will add some default rules for the Firewall. (This only applies for the Internet Security version. The AV Plus version doesn't have, as far as I know, any default Firewall rules).

Cris.

Escalader

Hi Escalader,

Yes, you can use whatever leak tests or firewall tests you want. Just be very careful, because out there are a lot of fake firewall tests which, instead of testing your security, bring in some viruses (very dangerous viruses).

About the help with rules setting (does "id" in your post mean "aid"??), BD can't give you any advice. The only thing BD can tell you is if a certain application that requests access to the internet is safe or not. The safe applications are the ones which were tested by BitDefender labs.

Advice: when BD alerts you that a "certain" application wants internet access, you have to look at that pop-up to see what application wants to connect. If that application is located somewhere in a TEMP folder, then there are two choises:

1) either you are installing something, and that installer wants to download something (this is usually safe to grant access, but don't create a persistent rule for it)

2) if you are not istalling anything, that file might be a virus. You should act very carefully in those cases.

The user is the only responsible of the Firewall rule-making. Once a rule has been made, BD won't ask you again (that's what the rules are for). If you have some doubts about a certain rule you created, ask here (tell us the application name, the location, and the other info found in Rule Details).

BitDefender created some, as you say, "default rules for us all". When a new network (IP) is detected for your computer, the Firewall assistant will appear. Based on what type of connection you choose there, BD will add some default rules for the Firewall. (This only applies for the Internet Security version. The AV Plus version doesn't have, as far as I know, any default Firewall rules).

Cris.

Hi Chris:

Whoops, on the id I made a typo "d" should have been "f" My fingers are so wide they cover 3 keys at a time!

so it should have read ....leak tests to test their own settings or even IF where rules need changing?

I think you are saying BD FW doesn't assume that the router should be trusted as with ZA design. and using the BD wizard will set up rules for my set up based on what it finds? Is that correct?

I have a Linksys Etherfast Cable/DSL router, hard wired not wireless. There are 2 PC's on the LAN my sons a gaming PC and mine the financial PC. We share nothing but the router. So you see I'm nervous about declaring the router as "trusted" as opposed to "internet".

How/what rules would BD FW create for this set up?

alexcrist

Hi Escalader,

I think you are saying BD FW doesn't assume that the router should be trusted as with ZA design. and using the BD wizard will set up rules for my set up based on what it finds? Is that correct?

That is correct. BitDefender doesn't assume anything. It asks you the connection type and, based on that information, it sets the proper Firewall Default settings.

I have a Linksys Etherfast Cable/DSL router, hard wired not wireless. There are 2 PC's on the LAN my sons a gaming PC and mine the financial PC. We share nothing but the router. So you see I'm nervous about declaring the router as "trusted" as opposed to "internet".

How/what rules would BD FW create for this set up?

If you do not share files between those PCs (using Windows File & Frinter Sharing Service a.k.a. NetBIOS), then you just have to open BitDefender Management Console, go to Firewall -> Traffic and click on Reconfigure Profile.

Step 1: select Create new profile

Step 2: You can select Allow all white-listed (you can also un-select this option. Personally, I prefere to know when an application is requesting access, even if that application is trusted by BD)

Step 3: select the option you want

Step 4: select the option you want

Step 5: select the options about your proxy server. If you don't use any, select I don't use a proxy server

Step 6: select Direct Connection (Home/Other). This will ensure that you are protected against port-scanning, ICMP attacks, your vulnerable ports are closed and the vulnerable system services are blocked from connecting to the internet.

Step 7: Finish.

Doing this will create the rules necessary to protect your PC in an un-trusted network.

By reconfiguring the firewall profile, all the rules you created will be erased, so you will have to create again rules for the programs you use. Those rules will be created when the applications request internet access.

The above steps apply to BD Internet Security. If you use BD AV Plus, you do not have Firewall Wizard, so you have to create the rules manually. If this is the case, post here and I'll try to tell you how/what you need to add to the list. Also, BD AV Plus does not protect you against port-scanning and multicast attacks.

Cris.

Escalader

Hi Chris:

Whoops, on the id I made a typo "d" should have been "f" My fingers are so wide they cover 3 keys at a time!

so it should have read ....leak tests to test their own settings or even IF where rules need changing?

I think you are saying BD FW doesn't assume that the router should be trusted as with ZA design. and using the BD wizard will set up rules for my set up based on what it finds? Is that correct?

I have a Linksys Etherfast Cable/DSL router, hard wired not wireless. There are 2 PC's on the LAN my sons a gaming PC and mine the financial PC. We share nothing but the router. So you see I'm nervous about declaring the router as "trusted" as opposed to "internet".

How/what rules would BD FW create for this set up?

What is the difference between Shieldsup and flanktest(sp?) do they both try to test the same thing in FW testing?

what test has BD FW already passed?

alexcrist

What is the difference between Shieldsup and flanktest(sp?) do they both try to test the same thing in FW testing?

what test has BD FW already passed?

Hi Escalader,

I didn't test Flanktest. Could you provide a link for it?

As for "what test has BD FW already passed", as far as I know ShieldsUP! is the best out there (of course, I might be wrong).

One of these days I'll start looking for some other leaktests on the web to see how BD reacts to them (not because I don't trust the protection BD offers, but because you made me curious about this )

However, the one test I can assure you BD passes is one I have experienced "live": one day, I had 10 attacks in one hour from 10 different random IPs , attacks that were successfully rejected by BD

Cris.

khufu

ShildsUP is a port scan that test your ports.

@Cris: you don`t need to test on your system all leaktests, just take a look here

alexcrist

@Cris: you don`t need to test on your system all leaktests, just take a look here

I know about this link. You already posted it in another thread.

The problem is like this: it doesn't matter how well the firewall can protect you. If you don't configure it correctly you might not even get to those values at all. But, by changing some settings, you might even get higher results then the ones on that page.

By testing BD's Firewall with some leaktests, I can find out what should I change in my settings to improve my security.

And also, testing the firewall can give you some ideas about what to ask in the New Feature thread

Cris.

Escalader

Hi Escalader,

I didn't test Flanktest. Could you provide a link for it?

As for "what test has BD FW already passed", as far as I know ShieldsUP! is the best out there (of course, I might be wrong).

One of these days I'll start looking for some other leaktests on the web to see how BD reacts to them (not because I don't trust the protection BD offers, but because you made me curious about this )

However, the one test I can assure you BD passes is one I have experienced "live": one day, I had 10 attacks in one hour from 10 different random IPs , attacks that were successfully rejected by BD

Cris.

Cris:

The site for you is www.pcflank.com.

ZA lists it as a malware dangerous site. It isn't. The reasons why they do this I will leave to your cusiousity when you read the analysis.

When ever I see a new site, I've never visted best to check it yourself on a siteadvsor!

alexcrist

Hi Escalader,

After trying PCFlank (and other FW leaktesters) and doing some searching on the web, I found out that BD firewall doesn't protect against DLL/application injection, DNS connections and some other types of methods used to bypass the FW.

Sadly, this means that BD FW doesn't offer as much protection as I hoped, but I added these features in the New Feature thread. Hopefully, BDv11 will pass these tests.

Cris.

emider

I have two computers in my network and they share one internet connection. I want to share files between them but not on the internet. In the wizard if i choose 'direct connection' BD firewall completely disables file and printer sharing and if i choose 'trusted network' it enables it for everyone. In ZA free i can set my subnet or IP range to Trusted and that is all you need to do. My question is how can i enable sharing in my subnet and disable on the internet?

alexcrist

Hi emider,

You have to create a rule in the BD Firewall to grant full access between the two computers.

Open BitDefender Management Console, go to Firewall -> Traffic, click Add new and select:

Applications: any

Protocol: IP

Direction: Both

Action: Allow

Source Address: <Local>

Destination type: Destination

Destination Address: <Other PC IP>

click OK.

You won't see the rule you just created in the Traffic list, because it was defined for all applications.

Now you have to click Edit Profile, search for the rule you just created in both Inbound and Outbound lists and move it to the top (in both lists).

If you have BD installed on the other PC also, make the same rule on it.

You can also set a subnet in BD (if you have multiple PCs that need to share files). In the New rule window, at the Destination type select the subnet you want (Class A/B/C or Mask)

Post if it worked or not.

Cris.

Jimbo Kern

Hi Escalader,

After trying PCFlank (and other FW leaktesters) and doing some searching on the web, I found out that BD firewall doesn't protect against DLL/application injection, DNS connections and some other types of methods used to bypass the FW.

Sadly, this means that BD FW doesn't offer as much protection as I hoped, but I added these features in the New Feature thread. Hopefully, BDv11 will pass these tests.

Cris.

I knew my initial suspicions were correct! On some of these tests Bitdefender blocks them as Trojans, which is good, but the FW definitely needs improvement. BTW I've ran shields up test on numerous occasions without any firewall and/or with Bitdefender COMPLETELY disabled and have passed with flying colors!

alexcrist

Hi Jimbo Kern,

I've ran shields up test on numerous occasions without any firewall and/or with Bitdefender COMPLETELY disabled and have passed with flying colors!

That doesn't mean that BD doesn't protect you. I also made those tests without any firewall, and I failed.

Conclusion: maybe your ISP/router already has a firewall which offers some protection, but you always have to have a firewall installed on your PC. Even if you ISP protects you against port scanning/ICMP attacks and possibly other types of attacks, it can't provide the full protection a personal firewall can offer, because you can't configure your ISP's firewall according to your needs.

Yes, BD Firewall needs improvements. But tell me one application that doesn't need any improvements. There will always be new ways for malware to get into your PC, and a firewall (and antivirus, antispy, antispam and all other security solutions) will always need improvements.

I already posted these suggestions on the New Feature thread, so, hopefully, BD v11 will provide protection against these threats.

Cris.

emider

Hi emider,

You have to create a rule in the BD Firewall to grant full access between the two computers.

Open BitDefender Management Console, go to Firewall -> Traffic, click Add new and select:

Applications: any

Protocol: IP

Direction: Both

Action: Allow

Source Address: <Local>

Destination type: Destination

Destination Address: <Other PC IP>

click OK.

...

Post if it worked or not.

Cris.

It worked. Thanks.

But ping didn't worked so i had to add this rule:

Applications: any

Protocol: ICMP

Direction: Both

Action: Allow

Source Address: <Local>

Destination type: Destination

Destination Address: <Other PC IP>or<your subnet>

and this rule for ping to work on the internet

Applications: any

Protocol: ICMP

Direction: Outbound

Action: Allow

Source Address: <Local>

Destination type: Any

Destination Address: Any

And in the other tab i chosed 'Block all ICMP traffic'

alexcrist

But ping didn't worked so i had to add this rule:

[...]

and this rule for ping to work on the internet

Applications: any

Protocol: ICMP

Direction: Outbound

Action: Allow

Source Address: <Local>

Destination type: Any

Destination Address: Any

And in the other tab i chosed 'Block all ICMP traffic'

Hi emider,

Are you sure this rule works? I tried it and it didn't work.

The result was that BD asked me if I want to allow an ICMP traffic for an unknown application. As I figured it out, the ping was successful but BD didn't know what to do about the ping's reply. So, overall, the ping failed.

Another thing that seems suspicious is that Block all ICMP traffic blocks everyting, even if there is a rule to allow a certain IP to use ICMP.

Could you post a screenshot with the rule settings?

Cris.

emider

Hi emider,

Are you sure this rule works? I tried it and it didn't work.

The result was that BD asked me if I want to allow an ICMP traffic for an unknown application. As I figured it out, the ping was successful but BD didn't know what to do about the ping's reply. So, overall, the ping failed.

Another thing that seems suspicious is that Block all ICMP traffic blocks everyting, even if there is a rule to allow a certain IP to use ICMP.

Could you post a screenshot with the rule settings?

Cris.

You're right Cris. There is no way to make ping work is i said, and "block all ICMP traffic" really blocks all ICMP traffic. I had something wrong in my configuration, but i fixed it. Is there any way for ping to work as I said (You can ping, but not to be pinged from the internet)?

alexcrist

Hi emider,

I tried about everything I could think of. Considering that I requested this feature in the New Feature thread, it means I didn't manage to find a way to do it. Maybe the new BD Total Security will have this feature.

Cris.