Results 1 to 8 of 8

Thread: Expert Rules

  1. #1
    Join Date
    Aug 2013
    Posts
    28

    Default Expert Rules

    I'm not sure how to do this so I'll ask here. I have blocked port 135 to all traffic but now I find that I need it open for 1 program with a specific IP.

    How do I do an allow for 1 program to a single IP (back and forth) but not let anyone else in on port 135?

    I tried to add an allow to and from my computer with to and from target IP and it's still showing up as blocked.

    This thing is requesting 4x every 5 seconds.

    What I want to do down the road is do a block all. Then just allow traffic that is needed on a case by case basis on each computer.

    I'm hoping someone here has done this and can help.

  2. #2
    Join Date
    Aug 2013
    Posts
    28

    Default Re: Expert Rules

    To reply to my own thread so this can be preserved that it seems rule ordering is very important. I have not tried it yet because things are "live" right now but after the close at 4:15PM I'll give it a shot.

    Here is a link that I was finally able to dig up.
    http://download.zonealarm.com/bin/in..._creating.html

    I'll post results either tonight or tomorrow. Note you can move your rule up or down by clicking on it then hitting the arrow buttons on the right side up or down.

  3. #3
    Join Date
    Aug 2013
    Posts
    28

    Default Re: Expert Rules

    Couldn't stand it anymore so worked on the rules. Long story short, I thought it was port 135 but turns out it was something higher up but it was looking for MSRPC. Not sure how to phrase that.

    Even with the rule in place it didn't work. Finally took the firewall down and it was still spammy.

    I do see my computer and the target swapping the same message so I'm going to put the fault on the software maker and will be calling them. It's swapping messages every 5 seconds with sometimes 4-8 message swaps. I'm not good enough to do deep packet inspections so I'll leave that to the experts.

    Anyway, learned about expert rule order is very important. Will play with it in the future.

    I guess this thread can be closed. Thanks.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,677

    Default Re: Expert Rules

    Sorry for the no input to your question. Unfortunately there are no experts here on experts rules and ZA technical support will not help on specific support on creating expert rules.

    Happy to hear you found a way out or at least progressed in your diagnostic of the problem.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    Join Date
    Aug 2013
    Posts
    28

    Default Re: Expert Rules

    No problem. I understand everyone is a volunteer so I don't expect an answer. If there's an answer then great but if not then it didn't hurt to ask.

  6. #6
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,846

    Default Re: Expert Rules

    Quote Originally Posted by CrazyCat View Post
    No problem. I understand everyone is a volunteer so I don't expect an answer. If there's an answer then great but if not then it didn't hurt to ask.
    OK, your on, I'll try one more time with a Possible Answer..

    I did a search for "Expert Rules" on this forum and found an old link that has Links by Expert Rules Users like Senior user Oldsod and Guru Hoov..

    https://www.zonealarm.com/forums/sho...t=Expert+Rules


    Regards;
    Guru GeorgeV
    Last edited by GeorgeV; July 24th, 2014 at 04:28 AM. Reason: fix typo

  7. #7
    Join Date
    Aug 2013
    Posts
    28

    Default Re: Expert Rules

    Thanks for the link. I guess I should use search a bit more.

    That donhoover link brings back memories of the missing green dot. That was great for debugging. Just block all the programs then give access to what needs it where the green dot shows up.

    There's also the missing "enable passlock". I remember this vaguely but wasn't sure if it was another product so didn't mention. It looks like it is now replaced by "Program changes frequently". Not sure if it does the same thing.

    Also miss it where when you click a program it would give you the "last modified date". First picture on donhoover link, bottom of the image. This was great for finding when a program first became active and then you can figure out what you were doing then. Especially for those suspicious programs that just show up.

    Overall ZA has improved but do miss some of the old stuff. Wow, just realized how long I've been using ZA.

  8. #8
    Join Date
    Aug 2013
    Posts
    28

    Default Re: Expert Rules

    Just used search and read on "program changes frequently" and it's not the same as passlock! Dangerous button to click. Wanted to add this before someone will falsely assume it's the same as passlock.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Per Program Expert Rules> in ZA Click Help & Search "expert rules"
    By kzamor in forum ZoneAlarm Configuration
    Replies: 6
    Last Post: October 12th, 2013, 09:38 AM
  2. Replies: 1
    Last Post: June 3rd, 2008, 10:19 AM
  3. Firewall Expert Rules vs Program Control Expert Rules
    By soulhealer in forum General - Questions that don't fit any other category
    Replies: 2
    Last Post: May 13th, 2006, 12:02 PM
  4. Firewall expert "Block all" rule blocks access before reading any Program expert rules?
    By tjmachineman in forum General - Questions that don't fit any other category
    Replies: 8
    Last Post: December 9th, 2005, 04:32 PM
  5. Firewall expert rules & program expert rules
    By tjmachineman in forum Common Program Settings
    Replies: 1
    Last Post: December 6th, 2005, 01:54 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •