Question About Bd Firewall Etc.

Raul90
Raul90
edited May 2014 in Firewall

Hi,


I have just re-installed BD IS 2014 from a previous install I did which did not go very well. I had to recover a system image without it. Moving forward, I noticed that when I set "DENY" in Application Rule an outgoing connection is still established.


Even-though I have set a program to be denied connection(both outgoing/incoming) the connection still is allowed. PotPlayer and GOM Player are allowed. See images below.


BD Firewall General Rules


cz1vw76.png


PotPlayer settings


nDcUGY9.png


PotPlayer conceted to Remote Address 110.45.215.113


pBsuyz0.png


GOM Media Player settings


m4Qd1Aq.png


TjJq9ag.png


GOM Media Player connected to Remote Address 64.19.142.11


6PzL7so.png


GlaryUtilties settings


eVU5wln.png


GlaryUtilties connection to Remote Address 54.230.87.44


n1Vomfn.png


When I checked the firewall logs yesterday I saw that there was a connection that was allowed by BD firewall for Glary Utilties upgrade.exe. There was an existing DENY rule for it. See image below.


UzMubzg.png


Also with Glary Utilities Integrator.exe, the rule is DENY. See images of integrator.exe with connections established without logs in the firewall events.


1r9dfPl.png


Are the rules correct?


I believe if I set either "a" or "b" rules below any connection would be denied correct?


(a)


Local Address: Any


Remore Address: Any


Network Type: (Check) Untrusted


Events: (Check all) Listen / Traffic / Connect


Protocol: Any


Direction: Both


IP Version: Any


Permission: DENY


(B)


Local Address: Any


Remore Address: Any


Network Type: (Check all) Trusted / Home/Office / Public / Untrusted


Events: (Check all) Listen / Traffic / Connect


Protocol: Any


Direction: Both


IP Version: Any


Permission: DENY


There is also a pop-up when I tried to launch Glary Utilities as seen in the image attached. That pop-up is supposed to be for the free version which I had previously. But it should not have displayed because I recently changed from free to pro version.


Is there a way to block that pop-up in BD firewall?

Comments

  • Raul90
    Raul90

    I'd like to add also that I am in Paranoid Mode but I rarely see a pop-up. I only saw one when I downloaded the BD Uninstall tool via FDM(freedownload manager) but had failed to get a snapshot. I tried to download again but the pop-up was gone.

  • Rampant
    Rampant ✭✭

    Try resetting the rules for applications.

  • Raul90
    Raul90
    Try resetting the rules for applications.


    Have you also tried restarting after you set the firewall rules? smile2.png


    @Rampant,


    Thanks for the reply Rampant. I did reset the application rules and started from scratch but it was still the same. The images I posted was after I started from scratch.


    @rourkem,


    Yes I restarted after starting from scratch.


    Actually, this is the second time I experienced this as this is a second trial of me using BD IS 2014.


    Is there anything that I should check further?

  • Raul90
    Raul90
    edited May 2014

    Yesterday I remade all the Application rules and started from scratch again. Checked if the DENY rule was working on all the examples. It seems to be but I see that for Kingsoft products wpp.exe / wps.exe and et.exe connections are established and then it disappears. I can't verify if this is "blocked/denied" after it seemed to have connected or not. I see in Process Hacker>Network that the .exe's connect and establishes connection and then for a couple of seconds they vanish. There are no logs that I can check if the action has been really blocked or not as the firewall events does not show it there.


    wJijI5f.png


    That behavior is different with PotPlayer / GOM Player. The connection stays there much longer. PotPlayer connection will vanish after 20-30sec approx but GOM stays there until it closes.


    Pd5m4Kd.png


    FjwbRUG.png


    I also have an issue which I posted in another topic about IP Range. I tired to block an IP Range but it seems that the DENY rule is not working as the URL still gets connected, http://forum.bitdefender.com/index.php?showtopic=53520

  • Lucastorn
    Lucastorn
    Yesterday I remade all the Application rules and started from scratch again. Checked if the DENY rule was working on all the examples. It seems to be but I see that for Kingsoft products wpp.exe / wps.exe and et.exe connections are established and then it disappears. I can't verify if this is "blocked/denied" after it seemed to have connected or not. I see in Process Hacker>Network that the .exe's connect and establishes connection and then for a couple of seconds they vanish. There are no logs that I can check if the action has been really blocked or not as the firewall events does not show it there.


    wJijI5f.png


    That behavior is different with PotPlayer / GOM Player. The connection stays there much longer. PotPlayer connection will vanish after 20-30sec approx but GOM stays there until it closes.


    Pd5m4Kd.png


    FjwbRUG.png


    I also have an issue which I posted in another topic about IP Range. I tired to block an IP Range but it seems that the DENY rule is not working as the URL still gets connected, http://forum.bitdefender.com/index.php?showtopic=53520


    I am having exactly the same issue. I block a programs internet connection to "DENY" however the programs can still access the internet. I also did restart the computer, did not work. I think this is a bug about the firewall which is very annoying.

All Time Leaders

Categories

Defenders of the month