Firewall Disabled?

Question

Hi!

SESC 9.5 firewall is telling me that it's deactivated but it appears to work? Since a few days I have this strange thing that the tray bar icon is indicating a yellow exclamation mark. The tooltip tells me that the firewall configuration is letting through all data traffic. In the SESC 9.5 GUI the firewall entry says "deactivated", active location: "primary".

I tried to reconfigure the firewall but in the fw config menu the checkbox for "allow all data traffic" is disabled for the primary location. I haven't configured any secondary location.

This all started a few days ago after the update for the engine was distributed. I haven't installed it and just hibernated my win xp for several days. But then suddenly, there was a message telling me the system wanted to connect to my local network on 192.168.178.255 on UDP port 137 what I initially disallowed. It followed another alert for a connection to another LAN computer on UDP port 55400 which I disallowed, too. But then the internet connection didn't work any more so that I restarted the system. Nevertheless, this activated the SESC update but didn't solve the connection block so that I removed both firewall rules.

After another restart I got the UDP 137 alert again and allowed it as well as the UDP 55400 to the LAN computer. Now, the internet connection works again. The firewall says it has been disabled but it still prompts me from time to time with HTTP-connection requests from the SVCHOST-Service which I generally block by adding new rules each time. So the firewall appears to work from my point of view and I don't get the impression that all data traffic is going through.

What is this all about? As anyone experienced the same issue or has anybody an idea how to solve it?

Thanks in advance,

Holger

This thread was automatically locked due to age.

QC · Accepted Answer

Hello Holger,

starting near the bottom: The yellow exclamation mark is informing me that something with the firewall is not working. 
 Indeed this should be resolved first. Haven't seen it being inconsistent with the Allow all traffic setting (with the exception of an outstanding reboot after install/upgrade). Since you did already reboot several times this shouldn't be the cause of the exclamation mark. 
 BTW: As this is a home installation - where do you get your updates from (primary and if applicable secondary location)? Being paranoid is just a special case of imagination running wild - the latter I'm suffering from every so often. I can't imagine of any convincing reason why windows should try to connect to internet servers using WebDAV. Oh, just enter (for example) \Junkhost\SomeShare in the Explorer's address bar (assuming you don't have Junkhost on your LAN). When NetBIOS can't find the host WebDAV (on WinXP systems with IE6 and IE7) kicks in with an OPTIONS /search?q=junkhost request to Host: www.google.com and later also with a PROPFIND /SomeShare to Host: Junkhost ... using IP-addresses belonging to a dubious domain named 1e100.net. Well, it's owned by a known company. Just checked, slightly different but still there with Win7. Can you remember some of these different internet connections ?

Does anybody know if 137 has a special meaning in free masonry 
 Apart from the fact that the sum of its digits times the number of digits is 33 I don't see anything special -maybe I'm not paranoid enough :smileywink:. The only trustworthy computer store would be one which refuses to sell them.

Christian

:5898