Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question About Sygate Personal Firewall


  • Please log in to reply
10 replies to this topic

#1 sommaw

sommaw

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 29 March 2008 - 04:38 AM

Hello. I just dl Sygate personal firewall, as recommended by this site. Problem is, I'm not too computer savvy (to say the least) so when it asks about whether or not to allow some programs to access the Internet, I don't know whether to allow or refuse.

For example filename m.exe. :thumbsup:

At risk of sounding like a computer bimbo, how the heck do I know what to allow?? So far I've only been allowing things I know (firefox, avast, etc.).

Any suggestions?
Thanks =)
"Where's the any key???"
-Homer Simpson
;)

BC AdBot (Login to Remove)

 


m

#2 david28

david28

    Forum Member


  • Banned
  • 1,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 PM

Posted 29 March 2008 - 04:52 AM

Usually the firewall pop-up will say weather it is legit (not all the time though, most times it will say unknown)

One way to tell if it is legit it to look where the file is located and see if it is part of a program that is legit. Another way is to use Google or CastleCops. (Since you said your not too computer savy, CastleCops may be a bit to complicated for you so Google is your best shot :thumbsup: .

Do you have any other security programs installed and do those programs have real-time protection enabled?

Regards,
David.

Edited by david28, 29 March 2008 - 04:56 AM.


#3 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:08:12 PM

Posted 29 March 2008 - 04:54 AM

When I don't know what something is when my firewall pops up and asks me what action to take, I google it.

Teenage.Zombiee is back ! :halloween:


#4 sommaw

sommaw
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 29 March 2008 - 05:01 AM

Thanks for the replies. I have Avast with real time protection.

I tried googling, but nothing helpful came up.

It seems the main apps trying to access the net are:
C:\WINDOWS\system32\m.exe
C:\WINDOWS\system32\DRIVERS\ndisuio.sys
C:\WINDOWS\system32\ntoskrnl.exe

Btw, I'm super paranoid cuz I have a virus and my computer has been giving me all sorts of grief lately =/
"Where's the any key???"
-Homer Simpson
;)

#5 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:08:12 PM

Posted 29 March 2008 - 05:05 AM

C:\WINDOWS\system32\ntoskrnl.exe is a critical process in the boot up cycle but I have no idea why the heck it would want internet access

C:\WINDOWS\system32\m.exe is a torjan file (from the google research I did)

C:\WINDOWS\system32\DRIVERS\ndisuio.sys, a very mysterious system file is present in Windows XP and is a driver for wireless things such as wi-fi and bluetooth.

ARe you by any chance infected with a downloader?

Teenage.Zombiee is back ! :halloween:


#6 sommaw

sommaw
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 29 March 2008 - 05:09 AM

Thanks. I have no clue what I'm infected with. i uploaded my HJthis log on the site, so hopefully I'll find out soon. =P
"Where's the any key???"
-Homer Simpson
;)

#7 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:08:12 PM

Posted 29 March 2008 - 05:11 AM

Well from what I've found m.exe is part of a downloader so I woud NOT let it access the internet.

However, I wish you luck with your virus removal as I myself am having what could be virus issues.

Teenage.Zombiee is back ! :halloween:


#8 sommaw

sommaw
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 29 March 2008 - 05:24 AM

Thanks so much =) I definitely will NOT be allowing m.exe to access the net.

good luck with your virus problems.

This site is awesome :thumbsup:
"Where's the any key???"
-Homer Simpson
;)

#9 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:04:12 AM

Posted 29 March 2008 - 08:53 AM

In general, a good rule of the thumb about whether to allow internet access is to ask yourself:
1. Do I know that is requesting access? If you cannot identify the application, then do some research and teach Comodo whether to allow or not.
2. Does it make sense that the application would want access at that time? If you launch a IM , for example, it would need access; but if you did not launch it and it was not already open, then a sudden request would be suspicious.
Hope this helps,
John
Whereof one cannot speak, thereof one should be silent.

#10 mommabear

mommabear

  • Members
  • 492 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 29 March 2008 - 03:03 PM

Several years ago when I went searching for a firewall, this was the question that was most confusing to me. How do I know when to allow or block something? I literally searched for weeks, installing this firewall and that firewall to read the complete help files. It was all so technical...the talk about ports, packets, TCP, UDP, special rules etc.

Finally in Sygate's manual it said, if don't think you did anything (clicked to open a website or do something else online) then say "NO", at least temporarily.

That automatically puts that action in "Ask" mode so if it ever comes up again and you realize yes, I did need this after all, you can say 'yes' the next time and tick the "remember this from now on button" Or... if it's something bad and keeps bugging the heck out of you, then you can say "no" and "remember".

Sygate won't bother you about that one anymore, either way. It'll just do its job.

You can also go in the Applications list and make changes there. And if you've totally forgotten why an application is in the Sygate list, you can always delete it. Sygate will catch it again the next time around (if there is one) so you can figure out what it was. That's particularly helpful if some Windows Services are a bit confusing, or you find yourself unable to do something online you know you should be able to do.

This site might help clear up some things about how to use Sygate:
http://www.kotiposti.net/string/SPF_eng/SPFGuide.html

Edited by mommabear, 29 March 2008 - 03:05 PM.


#11 sommaw

sommaw
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 30 March 2008 - 04:58 AM

thank you all for your advice. it's been helpful =)
"Where's the any key???"
-Homer Simpson
;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users