Need to Understand Sygate Firewall

Speaking of continung Education

In the running Apps section I understand Internet Explorer and NT Kernel

I also show Gen Host Proc for Win32 Svs. No numbers shown there right now. But before it did.

I also shows FWDRV.SYS with these numbers

In allowed=4503055
in blocked=60713
in total=4563768
out allowed=0
out blocked=37330
out total=37624

BTW Firedancer If you are reading this ?

I am now getting into the Special Education Department.

BillyBob

 

Hi BB
Cant help with that proccess
The one that gets me is sometimes explorer will want out
Right now its sitting there listening.
144 icoming alowed
0 incoming blocked
144 total incoming
out 0 allowed
192 blocked
Rather than killing it I usualy just restart and connect again
Right click on desktop sometimes triggers it, who know what did this time.

Ive only got one rule set ,anyone care to add ?
as mentioned here:
KING's Homepage Homepage

KING's Homepage Homepage

UnPlug n' Pray - Disable the Dangerous UPnP Internet Server: http://grc.com/unpnp/unpnp.htm

O By the way I have shown:
win32 Kernal core>
No incomming
88 out going allowed all allowed
I guess youve noticed we can right click on the running app to get the other views.

Regards
Lonny

 

C:\Windows\System32\drivers\fwdrv.sys has received a Broadcast packet from the remote machine ( 192.168.1.100 ) I said NO to NETWORK. ( not Internet ). And the message keeps popping up about the App being blocked.

Additional details.

File Version :
File Description : C:\WINDOWS\System32\Drivers\fwdrv.sys
File Path : C:\WINDOWS\System32\Drivers\fwdrv.sys
Connection origin : remote initiated
Protocol : UDP
Local Address : 192.168.1.255
Local Port : 138 (NETBIOS-DGM - Browsing datagram responses of NetBIOS over TCP/IP)
Remote Name :
Remote Address : 192.168.1.100
Remote Port : 138

The 192.168.1.100 is the address of my NIC.

So can I saftely assume that is Local Area Network related and not the Internet ?

And it should be safe to allow ?

Could that be what blinks the activity lights on the Router ? I do not see them blinking right now.

BillyBob

 

Hi BillyBob

This link may help you to understand a little more.

Firewall Forensics

Lets you know what you are seeing and why. I realise it's not specific to Sygate but may have a little extra info. Every little bit helps !

miniB

 

BB - the addresse indicates it is for sure on your home LAN. 192.168.x.x is never assigned to any public network and most routers won't even pass that traffic so it stays on your local network.

As to fwdrv.sys - that's a file placed on your system by Kerio and Tiny personal firewalls and I think you mentioned that you ran (or still run) KPF. Not sure what it does (NBT is basically WINS style browsing but not sure of the specifics for this file) but fwdrv.sys on NT4/2K/XP does the same thing as fwdrv.vxd on 9X systems.

 

Thanks Newt

But I am not feeling up to par so I am not messing with anything for a day or two. We were at an outdoor wedding on Saturday and the heat got to me badly.

For the time being I have removed Sygate and am back on Kerio.

Next time maybe I will unintall Kerio in stead of just shutting it down.

BillyBob

 

Hey !!! BillyBob

Hi,

Sorry to hear about your sunburn and as well sorry didnt see post sooner been out of town ughhh anyways Newt is right
and I have a link here that might help ya a bit with FWDRV.SYS

http://www.dslreports.com/forum/remark,6983294~root=kerio~mode=flat

In as much as any fire walls there is no need to run 2 at a time if your set up is tight. Two at a time seems to cause more problems then anything.

My suggestion would to be choose one or the other and make sure you get all reminants out of the old one first. Then do a clean install with the one your opting for. Did you install Sygate
on each computer? or just one? your 198.168 is a local prob could be new firewall blocking 137 to 139 communication between puters.


Will wait to see if you post back hope all is well

Very Best Regards,
FireDancer

 

Thank you. But oh how I wish it were sunburn.

I did not uninstall Kerio before installing Sygate. I just stopped it from loading a boot up.

On this PC only. But blocking is correct, I did not know what it was so I set it to block.

But I thought about it later and realized that it was almost a deffinet that it was LAN not Internet related.

Thanks guys for the help.
BillyBob