TechSpot

Sygate Personal Firewall personalizing?

By Jenni3587
Sep 26, 2005
  1. Just a question, for all of you. How can you tweak this firewall so that it doesn't block everything. Not to mention that there are some programs that i see are being blocked but i do not know what they are so i do not know if they should not be blocked.....any one have any idea what in the world im talking about?

    cause at this point, im confusing myself!
     
  2. Spike

    Spike TS Rookie Posts: 2,371

    I'm pretty sure the firewall doesn't block "everything". That would make it a darned good firewall, but a tad impractical methinks.

    If you've told it to block something which is hurting your ability to connect, you can change it by going to tools --> applications and changing the deny/allow/ask properties for the application.

    As for certain things that you don't know, I'm afraid that's a case of learning. If you would like to list a few of the programs in this thread, we'll try to tell you what to set them to and/or what they are.
     
  3. Jenni3587

    Jenni3587 TS Rookie Topic Starter Posts: 60

    Why thank you for replying, spike....here are some of the things thati have no clue if i should block or not.

    First, i have winamp and everytime i open it it wants to connect to something which i say no to because i figure....its a music player, it should not connect to anything internet wise, i have all my music files right here on my computer. Is that ok?

    and others are....

    NT Kernal and System
    LSA Shell (export version)
    Generic Host Process for Win32 services
    Application Layer Gateway service
    NDIS User mode I/O driver
    windows explorer
    client server Runtime Process
    WMI


    Any idea what these things are? i have question marks on those becausei do not know what they are. I usually tend to think that things coming from win32 are bad just because i have had bad experiences with viruses or trojans being all over that file.

    Any suggestions?
     
  4. Spike

    Spike TS Rookie Posts: 2,371

    No - win32 isn't bad. Windows wouldn't be Windows without it :) Win32 is essentially a description of a level at which programs run (a type of program if you will) and and the Name of a Windows API (programming interface). Almost everything uses it. It's nothing to be scared of in it's own right.

    WinAmp - well, there are things that WinAmp can do that require the internet. Howver, if you're just using it to p[lay music, there's no need, and so it's safe to block it.

    NT Kernel and System - aka ntoskrnl.exe - This file is one at the very core of Windows. It's integral to the boot process for one thing. My opinion is that it has no business whatsoever connecting to the outside world. Block it

    LSA Shell (export version) - Lsass.exe - Deals with security on your PC such as logons etc. again, I don't see much need for it to to have net access for your average user. Block it

    Generic Host Process for Win32 services - Svchost.exe - Another core part of windows and absolutely central to the running of windows. It manages 32 bit DLL's amongst other things. It also contructs a list of services that need to be loaded from the Registry when windows boots. I have no idea what this needs internet access for, but in my experience it does, and quite frequently. Allow it - If anyone can tell me why this needs access, please let me know!.

    Application Layer Gateway service - alg.exe - Required if you use a thirdparty (software) firewall or intenet connection sharing. Allow it

    NDIS User mode I/O driver - ndisuio.sys - Part of an NDIS protocol driver supporting wireless devices such as bluetooth etc. Allow it or ask

    windows explorer - explorer.exe - integral part of windows. It's the bit that shows you your desktop, and every window you use to browse your files from "my computer" onwards, amongst other things. It doesn't need internet access unless you use it to access the internet or for FTP. Ask or Block it

    client server Runtime Process - csrss.exe - Csrss stands for client/server run-time subsystem. It's the usermode section of win32. It's essential for the running of your system, responsible for creating or deleting process threads and certain parts of the Virtual DOS thing (still not entirely sure what to call it. lol). I see no reason for it to access the internet. Block it.

    WMI - wmiprvse.exe - I don't know what it does really. Something to do with the monitoring and reporting of events. To be honest, I don't know whether it has a reson to want an internet connection or not. However, I'd recommend blocking it. So, ask or block it.

    Before I set my name to the above recommendationas as gospel though, it would be great if someone else could come along and confirm or correct any of it. That said, the recommendations above shouldn't cause any harm - even if I have gotten something worng (don't think I have) it can be easily undone - the worst that could happen is something particular can't work on the internet.

    When SPF asks you about something in futere, you're doing the right thing. If in doubt, block it (without remembering the choice). When you get chance, look it up or ask someone, and then you're ready to tell it what do do properly next time it happens :)

    Hope this helps.
     
  5. Jenni3587

    Jenni3587 TS Rookie Topic Starter Posts: 60

    Yes it does help, of coures. thank you. Some of the explanations i didn't get, but i coud sort of follow you. THank you so much again.

    Anyone else like to confirm spike or make any corrections? i open to other ideas and im sure he is too! :)

    Thanks again.
     
  6. mephizto

    mephizto TS Rookie

    Thanks for the info spike. I was also a bit confuse on what to block & what to allow :cool:
     
  7. jobeard

    jobeard TS Ambassador Posts: 13,449   +324

    Performs IPSec Services, Protected Storage, and Security Accounts management ALLOW it

    Svchost.exe runs as several separate processes.
    Each numbered entry below is passed a parm to make it perform special functions eg:
    1. Dcom Server Launcher
    2. RpcSs
    3. one even controls a rash of services
      • AudioSrv
      • Computer Browser
      • CryptSvc
      • dmserver
      • ERSvc
      • Com+ Event
      • Fast User Switching
      • helpsvc
      • HidServ (human input device)
      • lanmanserver
      • Workstation
      • Netman
      • Nla
      • Rasman
      • Schedule
      • Seclogon
      • Sens
      • SharedAccess (ie ICS)
      • Shell Hardware Service
      • srservice (sys restore)
      • TapiSrv
      • W32Time
      • winmgmt
      • wuauserv
      • WZCSVC
    4. Alerter, LmHosts
    5. stisvc (win image acq)
    6. DNS Client
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.