HIPS and NIPS Questions

[Route44]

I am on my fourth version of Sunbelt's Kerio Personal Firewall, 4.3.744. Ever since I originally installed this firewall and subsequent versions I have gotten nothing but BSOD's regardless of the version (in my earlier tech support foray they told me it was a known issue and the only way it could be fixed was an updated version; didn't work). The culprit every time has been the Kerio driver fwdrv.sys (it was the constant crashes that got me to TechSpot in the first place and peterdiva read my minidump).

Anyway, I contacted Sunbelt Tech Support and they asked for a ton of computer spec information which I gave them. they were searching to see if there were other conflicts causing the crashes or if I set it up properly. Obviously my system is quite fine and I did everything correctly in installing and configuring this firewall because this is their "solution":

Thank you for contacting Sunbelt Software! Try leaving HIPS disabled for a while and see if you receive any Blue Screens. You can just simply disable HIPS from the command line and see if you receive any errors. You can also disable NIPS and application behavior blocking and see if any of these help the errors. I apologize for the inconvenience this may have caused you.

Could someone please define for me in greater depth the purpose of HIPS and NIPS? If I disable them isn't this defeating the purpose of this firewall, or at least severly limiting it?! is this really a solution? My gut tells me no. It may very well get rid of the crashes, but at what cost?

 

[howard_hopkinso]

See HERE for info on HIPS and NIPS.

I agree that disabling the above sort of defeats the object.

Maybe you should consider uninstalling Kerio and installing either the free Zonealarm or Comodo firewall programmes.

Regards Howard

 

[Route44]

Thanks Howard for your help. i had ZoneAlarm Pro but it was such a resource hog that it really slowed down everything about my PC. Sunbelt was certainly less demanding. Can the free ZA protect outbound traffic? I ask because I do some online shopping.

Now I need to ask another favor if you don't mind. Could you please read the attached Minidump. I just had another one but unlike all the other one's in the past that were all due to Kerio's fwdrv.sys, this one is different.

Can this still be due to the Kerio Firewall causing other issues now? Do you notice anything in the Minidump that would confirm or not confirm my suspicions it is Kerio? Thanks again.

 

[howard_hopkinso]

Your minidump crashes at ntkrnlpa.exe, which is the Windows NT Kernel & System file. It has a bugcheck of 0A, this is often a sign of faulty ram.

Go and read this thread HERE and see if it helps you to identify the culprit.

Regards Howard

 

[Route44]

I'll run a MemTest then. Thanks. Much appreciated.

 

[Route44]

Today I ran Memtest #'s 1-8 for 10 passes with no errors; will do test 9 tomorrow. There is some information that I totally forgot to add in my original post:

1. I ran Memtest just 3 weeks ago with 14 passes and no errors, plus I ran Test 9 with no errors.

2. I have cleaned out dust and debri using canned air less than a week ago.

3. I have utilized Seagate's harddrive diagnostics test less than a month ago and it reported no errors or bad sectors.

4. It totally slipped my mind that I have received two other crashes besides the one I listed in my first post and they were not the Kerio fwdrv.sys driver. The first was an ATI driver (which I thought very strange because I have never had an issue whatsoever with my X800GTO) the other was a win32.sys and now ntkrnlpa.exe. I have never before ever received BSOD's except that of Kerio until recently.

One of the cardinal questions when getting BSODs is: Did you add hardware, software, or make any other changes to your PC? The only answer is I updated to Kerio version 4.3.744 and it wasn't until after I did this update that these other crashes started occuring.

Thought: The newer version is not playing nice with a number of my drivers. What do you think?

 

[howard_hopkinso]

I think you should uninstall Kerio and try a different firewall programme, then see what happens. This would either rule out or prove Kerio was the culprit.

I forgot to answer your earlier question about Zonealarm. Yes, the free version does protect outbound traffic.

Regards Howard

 

[Route44]

Howard, I really appreciate your continued advice with this issue. I just received another BSOD, but this time on my Pentium 3 PC! My 939 build that is having 98% and my old P3 that has 2% of the BSOD issues have only two things in common: Webroot's Spysweeper and Kerio Firewall.

I didn't even have to read the minidump this time. The Blue Screen specifically said the crash was due to the Kerio fwdrv.sys driver. The more I am looking at this the more I am convinced that the iexplorer.exe and this driver conflict; they don't play nice together at all.

The amazing thing about all this is that I know people that have run every version released by Sunbelt with never a problem and then there are people like me that have continuous BSOD's.