Lavasoft Personal Firewall 2.0 FAQ

 

Can you briefly explain how to install my Lavasoft Personal Firewall?

Lavasoft Personal Firewall’s installation procedure is similar to most Windows programs. Experienced users may find the following brief instructions useful.

To install Lavasoft Personal Firewall:

  • Important: Before installing, first uninstall any other firewall software on your computer to prevent conflicts. Reboot your computer.
  • Close all open applications.
  • In the "Run" dialog box, type "C:\Program Files\Lavasoft\Personal Firewall\Lavasoft Personal Firewall Setup.exe." (This assumes that your installer file location is "C:\Program Files\Lavasoft\Personal Firewall\Lavasoft Personal Firewall Setup.exe").
  • After installation, you are prompted to configure the Lavasoft Personal Firewall settings. You must select from the following two options (which can be changed at a later point):
    • Automatic Configuration - Lavasoft Personal Firewall will scan your system, create application and network specific rules and build the Component Control database, all without your interference.
    • Configuration Wizard - Lavasoft Personal Firewall will allow you to select application and network specific rules and enable or disable Component Control.
  • As a final step, you will be asked to reboot your computer.

Note: Do NOT launch Lavasoft Personal Firewall manually using the Start menu or Windows Explorer right after installing it. You must reboot your computer before Lavasoft Personal Firewall can start to protect your system.

Can you explain, in detail, how to install my Lavasoft Personal Firewall?

To start the installation program of the Lavasoft Personal Firewall system:

  • Important: Before installing Lavasoft Personal Firewall, uninstall any other firewall software on your computer to prevent a system conflict. Reboot your computer.
  • Close all open applications.
  • Click the Start button on the Windows task bar.
  • Select "Run" on the Start menu.
  • In the open field of the "Run" dialog box, enter the full path to the setup program file (lpfw.exe). For example, if the setup program is on disk C: in the folder "Program Files" and subfolder Personal Firewall, type into the field, "C:\Program Files\Lavasoft\Personal Firewall\LavasoftFirewallInstall1.0.exe."
  • Click the "?" button to start the setup wizard. The wizard contains several steps, each having a "Next" button that takes you to the next step of the procedure, a "Back" button that returns you to the previous step, and a "Cancel" button that exits the wizard and aborts the entire setup procedure.
  • Setup will display welcome dialog that reminds you to close all running applications. Click the "Next" button. This will bring up the Licence Agreement.
  • The License Agreement will ask you to accept the terms of license so that you can use the Lavasoft Personal Firewall. Please read it carefully. This dialog’s "Next" button is enabled only if you select the option button, "I accept the agreement."
  • After you have accepted the License Agreement, the "Next" button brings you to the "Select Destination Location" step. This dialog allows you to either accept the default destination location or specify a different one. Click the "Next" to proceed to the last step before actual installation.
  • When you are ready to install, click the "Install" button. The program displays the installation progress window.
  • After the installation is finished, you are prompted to configure the Lavasoft Personal Firewall settings. Select how you want to configure Lavasoft Personal Firewall:
    • Automatic Configuration - Lavasoft Personal Firewall will scan your system and adjust all settings without your interference. The firewall will create specific rules for applications and for networks, and will build the Component Control database. The rules are created to provide you with optimal system performance and application security.
    • Configuration Wizard - Lavasoft Personal Firewall will guide you through the configuration process, allowing you to select specific configuration settings for each of the networks to which your system is connected and for each of the installed network-enabled applications. You will also be prompted to enable Component Control.
  • After selecting your preferred configuration, click "Next."
  • The Personal Firewall automatically detects your network environment. To view and edit the network settings, click the "Change" button. You can change these settings at any point. Refer to the Product Manual for more details.
  • After editing your network settings, click "Next."
  • Personal Firewall will begin to search applications installed on your computer that might require Internet access. You can view the list of these applications and edit the suggested security rules for each of them, using the "Details" button. You can change these settings at any time. (Refer to the Product Manual for more details.) You can cancel "Rule Configuration" for specific applications by un-checking the box next to that line.
  • Click "OK" to save, and "Next" to proceed.
  • You will be prompted to enable the Component Control so that Personal Firewall can monitor components, as well as applications. Click "Next" to finish configuring.
  • After the settings are configured you will see the final configuration dialog box. You can configure other Lavasoft Personal Firewall settings (like firewall policy and system traffic rules) by clicking "Advanced." The "Options" dialog box will be displayed. (Refer to the Product Manual for more details.)
  • By default, the configuration is saved in the Lavasoft Personal Firewall installation folder. If you would like to save to an alternate location, click "Change" and specify a path to save the configuration to.
  • Click "Finish" to complete the installation. You will be asked to reboot your computer.

Note: Do not launch Lavasoft Personal Firewall manually using the "Start" menu or Windows Explorer right after installing it. You must reboot your computer before Lavasoft Personal Firewall can start to protect your system.

What is a firewall?

A firewall is a software (or hardware) solution to enforce security policies. Firewalls limit access to a computer over a network or from an outside source. They are used to prevent computer hackers from getting into a computer. For optimum security from the variety of online threats that can infiltrate your system, we recommend using 3-tiers of protection: anti-virus software, anti-spyware software, and a firewall.

A firewall must be able to monitor all inbound and outbound traffic to protect your system from unauthorized intrusion. Lavasoft Personal Firewall software is designed for home and small- to medium-sized businesses, as a complement to your computer security solution. The technology in Personal Firewall shields you from unauthorized traffic entering your computer via the Internet as well as deciding what information is allowed to leave your computer via the Internet. Lavasoft Personal Firewall is a stand-alone product that provides a security shield against hackers, worms and Trojans.

What are the system requirements for Lavasoft Personal Firewall?

Please visit the Lavasoft Personal Firewall product page to learn more about it. You can click on the link to "System Requirements" in the blue box on the right side of the screen to see a full list of system requirements.

Can I run other firewalls simultaneously?

We recommend that you shutdown and uninstall any other firewall software before installing Lavasoft Personal Firewall on your computer.

I do not know how to configure Lavasoft Personal Firewall. What should I do?

The firewall has a default configuration setting for new users. You can change any of the settings at any time. Information is also available in the Product Manual. If you need more assistance, login to the Support Center and contact Technical Support.

How can I prevent Lavasoft Personal Firewall from starting when Windows starts up?

To prevent Lavasoft Personal Firewall from starting when Windows starts up:

  • Click "Options."
  • Select "General."
  • In the "Start-up" section, select "Disabled."
  • Click OK.

Now the firewall will not start when Windows start-ups. To have the firewall up and running, you will need to start it manually.

Can I change the user interface language?

Lavasoft Personal Firewall is only available in English.

How do I uninstall Lavasoft Personal Firewall?

To uninstall Lavasoft Personal Firewall, follow the steps below:

  • Disable the firewall. To do this, right-click on the system tray icon and select "Exit."
  • Click on "Start," select "Control Panel," then select "Add/Remove Programs."
  • Select Lavasoft Personal Firewall and click "Remove."

I have password-protected my Lavasoft Personal Firewall, but I forgot my password. What should I do?

You can choose between either of these options:

  • Reinstall the firewall.
  • Delete the configuration file for the firewall, "configuration.cfg" (by default, this is located in the Lavasoft Personal Firewall installation folder), and create a new configuration file.

How do I know if the Lavasoft Personal Firewall is running?

The firewall icon in the system tray indicates that the firewall is running and protecting your system.

What is Attack Detection?

Attack Detection is a powerful intrusion detection system. It is built into Lavasoft Personal Firewall to protect your computer from existing and future hacker attacks. The IDS module monitors inbound data and determines its legitimacy by comparing it against a set of known attack fingerprints or by performing behavior evaluation analysis.

There is a long list in Attack Detection suspicious packets. What does that mean?

A suspicious packet is a single access to any closed port on your PC. To maintain minimal false positives, these packets are not qualified as non-legitimate actions. The firewall displays a "Port Scan" message only if several suspicious packets are received from one remote host within a specified time interval.

What is the Rules Wizard?

The Rules Wizard allows you to decide each application's permission to use the Internet. You will be notified whenever an application first tries to send or receive data. Rules Wizard is the default operational mode that we recommend for most users.

After a rule is made for an application, Rules Wizard will not be displayed again for that specific application. If there is no rule for the application, Rules Wizard will be displayed when that specific application tries to send or receive data.

What does it mean when a port is closed or in stealth?

System ports can be classified as:

  • Used: the port is used by the system or some application for incoming or outgoing connections.
  • Listen: the port is used by the system or some application to receive incoming messages.
  • Unused: the port is not used for any incoming or outgoing connections; the port is listed in the system.
  • Blocked/filtered - regardless if it is used or not, access to the port is forbidden according to Lavasoft Personal Firewall rules. Packets are dropped by the system and a "port unreachable" ICMP message is sent to the packet source.
  • Allowed - regardless if it is used or not, access to the port is allowed according to Lavasoft Personal Firewall rules.

Unused ports can be put into stealth mode. This means that packets sent to that port are ignored by the firewall, without notifying the source via any ICMP or TCP message. If a port is in "Listen" or "Used," any invitation from an outside source to communicate is accepted or a "Port Unreachable" notification is sent. This means that the port is not and cannot be in stealth mode.

An open port is a port that is in "Listen," and is allowed by Lavasoft Personal Firewall. A closed port is a port that is "Blocked" by Lavasoft Personal Firewall, regardless of the port's classification.

Note: "Netstat.exe" and the Open Ports category in the Lavasoft Personal Firewall's left pane cannot be used for detecting if a port is classified as open. "Listening" in terms of "netstat" only means "waiting for an inbound connection," whether or not it is allowed or blocked by Lavasoft Personal Firewall. Also note that information displayed in the "Open Ports" category in Lavasoft Personal Firewall's left pane lists ports that are currently being monitored by the firewall; not all ports listed there are actually open on the network.

What ports are the most vulnerable? Which ports should I pay special attention?

From a security standpoint, TCP and UDP ports on your system are divided into several groups according to their probability of being used by an attacker. Attempts to access ports that are assigned to vulnerable services like DCOM or RPC should be seen as serious indications that you are being maliciously probed.

Vulnerable ports are divided in two groups: System and Trojan. System ports are vulnerable because they are often open for everyday system services. Trojan ports are those known to be exploited by Trojan horses.

We recommend paying special attention to the following ports:

  • System: 0, 21-23, 25, 79, 80, 110, 113, 119, 135, 137, 139, 143, 389, 443, 445, 1002, 1024-1030, 1720, 1900, 5000, 8080
  • Trojan: 21, 23, 25, 80, 113, 137, 139, 555, 666, 1001, 1025, 1026, 1028, 1243, 2000, 5000, 6667, 6670, 6711, 6776, 6969, 7000, 8080, 12345, 12346, 21554, 22222, 27374, 29559, 31337, 31338

Lavasoft Personal Firewall technology enables you to create a list of ports that are tempting to attackers, so that the firewall will pay special attention to these areas as it monitors network traffic. To manage the list of vulnerable ports, click the "Advanced" tab in the "Attack Detection" settings dialog box. In "Vulnerable ports," click "Specify."

What are the operational modes?

Lavasoft Personal Firewall allows you to select different operational modes in order to choose from a wide selection of protection levels.

The five operational modes are:

  • Block all: All network connections are disabled.
  • Block most: All network connections are disabled except those you select to enable.
  • Rules Wizard: You enable or disable applications when they first run. The Rules Wizard mode is chosen by default.
  • Allow most - All network connections are enabled except those you select to disable.
  • Disable mode - All network connections are enabled.

Why is Allow Once or Block Once disabled?

Allow Once and Block Once are available only for outgoing TCP connections. If you are in Rules Wizard mode, you have to first select "Allow" or "Block." Outpost blocks all other connections (incoming TCP and UDP), even in Rules Wizard mode, and then shows the Rules Wizard dialog. At that point, you can create a rule, but you cannot Allow or Block a particular connection or packet because it will already have been blocked.

What rules do I have to set up for "svchost.exe"?

Select the Lavasoft Personal Firewall installation folder. Open the file "preset.lst" and add the following preset definitions:

  • [Generic Host Process]
  • VisibleState: 0
  • Exe:
  • Generic Host Process, svchost.exe
  • DefaultState: 1
  • RuleName: DHCP Service
  • Protocol: UDP
  • LocalPort: 68
  • RemotePort: 67
  • Direction: Inbound
  • AllowIt
  • DefaultState: 1
  • RuleName: DNS Service
  • Protocol: UDP
  • LocalPort: 53
  • AllowIt
  • DefaultState: 1
  • RuleName: DNS Service
  • Protocol: TCP
  • LocalPort: 53
  • AllowIt
  • DefaultState: 1
  • RuleName: HTTP connection
  • Protocol: TCP
  • RemotePort: 80
  • Direction: Outbound
  • AllowIt
  • DefaultState: 1
  • RuleName: HTTPS connection
  • Protocol: TCP
  • RemotePort: 443
  • Direction: Outbound
  • AllowIt
  • DefaultState: 1
  • RuleName: Time Synchronizer connection
  • Protocol: UDP
  • RemotePort: 123
  • AllowIt
  • DefaultState: 1
  • RuleName: "SSDP Discovery Service" and "UPnP device Host" services
  • Protocol: UDP
  • RemotePort: 1900
  • AllowIt
  • DefaultState: 1
  • RuleName: "SSDP Discovery Service" and "UPnP device Host" services
  • Protocol: UDP
  • LocalHost: 239.251.251.250
  • LocalPort: 1900
  • AllowIt
  • DefaultState: 1
  • RuleName: "SSDP Discovery Service" and "UPnP device Host" services
  • Protocol: TCP
  • RemotePort: 5000
  • AllowIt
  • DefaultState: 1
  • RuleName: Microsoft Remote Desktop TCP connection
  • Protocol: TCP
  • RemotePort: 3389
  • AllowIt

Save the file and restart Lavasoft Personal Firewall. Switch the firewall to Rules Wizard mode. When "svchost" requests any connection, and the Rules Wizard appears, click "Create rules using preset" and select "Generic Host Process" from the list. All required rules will be created automatically.

How can I change the Operational Modes policy?

To do this:

  • Start the main window.
  • Click on the "Options" menu at the top of the window.
  • Select "Policy."
  • Select the appropriate mode.
  • Click "OK."

Should I allow Windows Explorer to connect to the Internet?

We recommend that you allow Windows Explorer to connect to the Internet; it is similar to Internet Explorer.

When I selected "Block intruder for 5 minutes" in the Attack Detection feature, the firewall blocked a host on my LAN. How can I re-establish connection to the host?

You can unblock the address by right-clicking the attack in the right pane and selecting "Unblock" on the shortcut menu.

Why does the Lavasoft Personal Firewall slow down the sending/receiving of my e-mail?

Mail servers (as well as IRC and FTP servers) traditionally try to get your identification when you send an e-mail, so they attempt to connect to TCP port 113 on your PC. Lavasoft Personal Firewall blocks this request by default and does not let your computer reply. Most mail servers wait a few seconds for a possible response, and then allow you to send the e-mail.

To eliminate this delay, open the "Options" dialog and select "System." Click "Rules" under "Global System and Rawsocket Rules." Select "Allow inbound identification".

Note: Your port 113 will not be in "stealth" mode with any scanning sites. To revert to stealth mode, you should allow inbound identifications only to specific remote hosts that you connect to using FTP, SSH, SMTP and Telnet protocols.

What is the Lavasoft Personal Firewall main window and how do I find it?

The main window is your central control panel of Lavasoft Personal Firewall. It is used to monitor the network operations of the computer and to modify the firewall settings.

To display the Firewall main window:

  • From the Start menu, select "Programs."
  • Click Lavasoft, and then Lavasoft Personal Firewall.
  • Double-click the Lavasoft Personal Firewall icon in the system tray.

Can I install Lavasoft Personal Firewall on a server?

Yes, but we do not recommend it. The Lavasoft Personal Firewall was designed specifically to run on user workstations connected to a LAN (Local Area Network) or the Internet. Lavasoft Personal Firewall does not have several important features that a server firewall needs to have. All presets are configured for workstations, while a server firewall would have very different application blocking settings. If you install the Firewall on a server with the default settings, much of the useful traffic to or from your server will be blocked by default.

How can I prevent getting a "Disk Error" message from ODBC in Windows XP?

To prevent this, follow these steps:

  • Open Windows Control Panel.
  • Open "System", select "Advanced," then select "Environment variables."
  • Look at the "TMP" folder name in the "User variable field."
  • Check if this folder is on your hard drive.
  • If it is not on your hard drive, you need to create it.
  • If the folder is present, and you still get this error message, please contact the Support Center.

How can I close an open port?

If you are certain that the port is open and the port scanning site has determined your correct IP address, please follow these instructions to close the port:

  • Make sure the firewall is not running in Disabled or Allow Most mode.
  • Open the firewall main window and select "View," then "Layout." Make sure that "Open Ports" is selected. Press "OK."
  • Select "View," then "Advanced" and select the "Number" option in "Display port as."
  • Expand "Open Ports" in the left pane to display the applications that are listed.
  • Find the "Local Port" column on the right pane, and search for the port number you would like to close (for example "XYZ").
  • Right-click the line and select "Create Rule" on the shortcut menu to create the rule for the application that "owns" the port (in "Process Name" column on the same line).

Lavasoft Personal Firewall fills in all the required data automatically; you only need to specify the connection direction and the action to be performed once the rule is triggered.

  • In the "Rule description" field, click on the "Undefined keyword" next to the direction, and specify the "Inbound connection direction."
  • In "Select Actions," choose "Block it" (and optionally "Report it").
  • In the "Rule Name" field, choose a name for the rule. Click "OK" to save your changes.
  • The new rule should now be in the list of Application Rules. To verify this, select "Options," "Application," and double-click the application in the list.

Note: If there are other rules for the same application, select the rule you have created and click the "Move Up" button until the rule appears at the top of the list. Click "OK" and then "Apply."

  • Check to see if the port scanner can now detect the port.

Note: Just because a port is open does not always mean that it must be blocked. For example, if you are operating a web/ftp server for public use, a port scanner will detect these ports as open. You must not close these ports because users will not be able to "see" your web/ftp server.

How can I tell if a port is open or closed?

You can easily test your system for vulnerabilities to Internet threats using on-line tests provided by several security sites. We recommend www.grc.com and www.pcflank.com.

In some cases, like when address translation (NAT) is used in your network configuration or you are using a proxy, those sites will detect your computer's IP address incorrectly. Your IP address can be obtained by running "ipconfig.exe" (or "winipcfg.exe") from the Windows command line. If the IP address determined by a test is not your true IP address, cancel the test because further results will be incorrect. To assure that a port is open or closed, visit other scanning sites.

Note: Keep in mind that "netstat.exe" and the "Open Ports" category in the Lavasoft Personal Firewall's left pane cannot be used for detecting whether a port is open or not. Netstat does not correctly interpret open ports ("listening," in terms of netstat, can mean "waiting for an inbound connection"). Information displayed in the "Open Ports" category in Lavasoft Personal Firewall's left pane lists ports that are currently being monitored by the firewall, but not all of them are actually open on the network. Some ports can be blocked by provider (for example, 139, 137, 135, 80) which makes the results of online scanning of those ports impartial.

How can I filter network traffic without loading the Lavasoft Personal Firewall interface (hidden mode)?

To run the firewall in hidden mode (invisible to the user), follow these steps:

  • Click "Options" on the toolbar.
  • Select "Background" in the Start-Up area of the "General" tab.
  • If you use the Rules Wizard policy, then select the "Policy" tab and specify the "Background mode" policy that should applied when the firewall runs in background mode. By default the "Block most" policy is used.
  • Reboot your computer.
  • After restarting, Lavasoft Personal Firewall will run without the GUI.

Does Lavasoft Personal Firewall protect against spyware, viruses and rootkits?

Lavasoft Personal Firewall does not protect against spyware. However, if you bought your copy of the firewall bundled with Lavasoft Ad-Aware SE anti-spyware, or if you already had Ad-Aware SE installed on your computer, you can start Ad-Aware SE from the Lavasoft Personal Firewall main menu. Next, scan your computer for spyware and unwanted adware, and then remove objects from the detected content at your discretion.

Lavasoft Personal Firewall does not detect or remove computer viruses or rootkits. We recommend a 3-tiered approach for optimum protection: anti-virus software, anti-spyware software, and a firewall.

The error message, "Can't Display Help," appears when using context sensitive Help Manual in Windows NT based systems.

On some systems, you may receive this message when attempting to use the "?" in the Lavasoft Personal Firewall. If this occurs, do the following to correct the display issue:

  • From the Start menu, select "Run."
  • Paste in the following command: regsvr32 C:\WINDOWS\system32\itss.dll
  • Click "OK."
  • After clicking "OK," the following message will appear: "DllRegisterServer in C:\WINDOWS\system32\itss.dll succeeded."
  • Reboot your computer.

Why can't I install the program 'Sandboxie' when Lavasoft Personal Firewall is installed?

If you try to install the program Sandboxie on a computer with Lavasoft Personal Firewall and get a warning message:

"Program already installed on path: C:\..\Lavasoft\Firewall\Kernel..."

The reason for this is that Lavasoft Personal Firewall 2.0 includes new drivers, one of which is called sandbox.sys. This confuses the Sandboxie installer into believing its software is already present - if using Sandboxie, install it before Personal Firewall to avoid this issue. This also means if uninstalling Sandboxie, Personal Firewall will need to be uninstalled first.

HACKER SAFE certified sites prevent over 99.9% of hacker crime.