Re: help with SyGate needed
From: D McAuliffe (DaveMcA_at_mailinator.com)
Date: 01/30/04
- Next message: optikl: "Re: New release of Blackice 3.6.ccb"
- Previous message: BW~Merlin: "Looking for a VPN client"
- In reply to: curious: "help with SyGate needed"
- Next in thread: curious: "Re: help with SyGate needed"
- Reply: curious: "Re: help with SyGate needed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jan 2004 20:59:14 -0500
"curious" <heyimjustcurious@yahoo.com> wrote in message
news:ca3e516b.0401291509.41c33360@posting.google.com...
> Question 1: Once installed, do I have to leave the Sygate window
> opened to have the firewall be 'on'?
No. Have it stay in the system tray for easy access to the logs and such -
personal preferance.
> Question 2:
> After I installed Sygate and the computer restarted, the registration
> window opened up and so I connected the PC to internet to do the
> registration. Right after that, a message window popped up asking me
> whether I want to say "yes" or "No" to this: "An application named
> NDIS User mode I/O Driver (file name ndisuio.sys) is trying to access
> Internet."
>
2 things. Once installed you'll need to tell Sygate if it's OK for internet
access on any application trying to connect. You have the option of saying
yes or no for this time only in which case it will ask you again in a future
session, or by checking the remember box, a yes or no for all future
sessions until you physically edit the applications list.
Go to
http://www.iceteks.com/forums/index.php?showtopic=1290&st=40&#entry14302 to
read about ndisuio.sys. It looks like you'll have to disable the program
through Admin Services. This is only from a google search and not from
first hand experiance.
> Instead of choosing yes or no, I closed the window. Imediate, a window
> popped up AT THE BOTTOM OF THE SCREEN saying that "An application
> named NDIS User mode I/O Driver (file name ndisuio.sys) 'HAS BEEN
> BLOCKED' from accessing the network.
>
> It disppeared on tis own and right away another window with the same
> type of message appeared, this time for a different application with
> file anme "svchost.exe" asking the same thing. I did the same thing
> and experienced the same response.
>
> After that, it was for the application with file name "msmsgs.exe".
> The same experience.
See if this thread helps you decide: http://tinyurl.com/yur82
>
> Question 3:
> Then, I would get messages like the ones shown below, which I do not
> know what to answer sometimes.
>
> [NDIS User Mode I/O Driver (ndisuio.sys) is beign contacted from a
> remote machine 1608.mail.yahoo.com (216.155.***.**) using local port
> ####. Do you want to allow this program to access them?]; I said
> "yes" to this one.
Rule of thumb - if you don't know what the connection is for or why it is
being made: Say NO.
> {Generic Host Process for Win 32 services (svchost.exe) is trying to
> broadcast to [239.255.255.250] using remote port 1**0 [SSDP - Simple
> Service Directory Protocol0. Do you want to allow the program to
> access the network?]; I moved this window to the bottom of the page
> and then noticed that it disappeared.
See if this thread helps you decide: http://tinyurl.com/2jng8
> The results for other scans are shown below. Can any on guide me on
> how things should be. I will read help section but I need to know what
> the end results should be. I know that it I am asking a lot but I am
> learning. I used to have my computer networked to my roommate which
> has a firewalll.
>
> (i) Quick Scan; it said that I should see 'BLOCK' on all ports but
> ports 21, 25, 80, 1307 are 'OPEN'. So, it said this: "You are not
> fully protetced".
>
It actually said "ideally" they should show blocked. That said, the ones you
show open I show blocked. Hopefully someone with a lot more savy on ports
than I have will help you out.
> Trojan 21 OPEN Back Construction, Blade Runner, Doly
> Trojan, Fore,
This does not mean you have those trojans on your machine, it only means
those trojans use this port for communication.
> We have determined that you have a firewall blocking UDP ports!
> We are unable to scan any more UDP ports on IP: **.***.***.***. . .
>
>
>
> Another Question: Is the UDP scan results OK? Do I need to block
> those OPEN ports in other scans? How bad is my Trojan scan results?
> What to do?
>
UPD is fine. I block in/out UPD and ICMPs. (No problem with ISP ATT).
Until you get another opinion, I'd run anti-virus and anti-trojan scans, and
use the anti-spyware programs Sybot and Adaware.
-- ~~~~~~~~~~~~~~~~~ Dave McAuliffe Central Mass. USA To E-mail - Replace: mailinator.com With: email.com ~~~~~~~~~~~~~~~~~
- Next message: optikl: "Re: New release of Blackice 3.6.ccb"
- Previous message: BW~Merlin: "Looking for a VPN client"
- In reply to: curious: "help with SyGate needed"
- Next in thread: curious: "Re: help with SyGate needed"
- Reply: curious: "Re: help with SyGate needed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
