My first impressions on Kerio 4.2.2

[Jarmo P]

It can be used as a mainly application controll firewall, same as Sygate. In many ways it is easier.

Users familiar with other firewalls should install it straight with the "advanced" ask everything setting. Controlled I think by the "Any Other Application" rule that should be set to ask I think in all 4 settings, trusted or internet, inbound or outbound connections.

Regarding to Avast's asmaisv.exe, I left it in block for inbound and made a packet filter rules for outbound pop3, smtp and nntp ports.
Those packet filter rules are the same as the so called "Advanced rules" in Sygate.

Then I went to sycnhronize my computers clock, and was pleasantly surprised Kerio did not need any 'Packet filter.." rule for that. It worked straight out.

Tech, if you read this, I agree with you that BZ's ruleset should not have to be used with KPF 4.
KPF 2.1.5 is a straight packet filter and those rules there are are handled by 4.2 automatically. They can be of cause applied if some knowledge and wanting a really tight setup, some of them to tighten up, but totally different beasts. Kerio 4.2 is really much more user friendly. No beed to handle DHCP or DNS traffic.

I disabled web filtering ... some setting there disabled me to run my fave speedtest:
http://www.adslguide.org.uk/tools/speedtest.asp
Kerio 4.2 did not slow down my connection at all. Neither did Sygate ever slow down my internet connection.

I enabled "Enable Advanced Behaviour Blocking" that handles among other things applications launching other applications. Needs my permissions for them to do that. "Antiapplication hijacking" feature is the same in Sygate.

So far so good, and absolutely no crashes in GUI as I have heard some user's having

Jarmo

[szc]

...
...
...
I enabled "Enable Advanced Behaviour Blocking" that handles among other things applications launching other applications. Needs my permissions for them to do that. "Antiapplication hijacking" feature is the same in Sygate.

So far so good, and absolutely now crashes in GUI as I have heard some user's having

Jarmo

Same here... and just like you mentioned, Kerio passes TooLeaky test without any problems (it asks for your permission when Advanced Behaviour Blicking is enabled). I mean, this one:

http://tooleaky.zensoft.com

I was using 4.2.0 and now 4.2.1 and I never experienced any GUI crashings, except for example... let's say if Azureus (Torrent client) is open and it's downloading something huge, or even holds few huge dowloads, and you open Kerio, it will look like it's frozen, and some parts of the window will be missing... but it lasts only for let's say 20-30 seconds (maybe longer) and then everything goes back to normal.

Haven't tried 4.2.2 yet though, but I believe it's true that they fixed those things.

Cheers !

[szc]

Hey JarmoP, have you by any chance checked this thread ?

http://forum.avast.com/index.php?topic=17001.0

Do you know anything about Comodo firewall ? I like the fact that is free and it's promising a lot of good stuff...  I also like this one:

Quote from the official web site:

Unlike the stripped down versions of commercial software that other software vendors offer for free, this is the full, completely functional version of the product.

Direct link:
http://www.personalfirewall.trustix.com/

Cheers !

[Jarmo P]

Hey JarmoP, have you by any chance checked this thread ?

http://forum.avast.com/index.php?topic=17001.0

Do you know anything about Comodo firewall ? I like the fact that is free and it's promising a lot of good stuff...

Well, I have only knowledge of Norman, Sygate  ....  ( a litle F-Secure) and then Kerio FW's.

Until today I was even very wary of trying KPF 4.2, but Tech's comment on other thread + I tried AntiHook today (not recommending in my experience), so after AH when I liked to add some more security to my SPF i went to 4.2. IMHO there can be too much security programs at some point AntiHook was too much for me.

I think Sygate and Kerio are pretty much covering things as pure firewalls (Hips and nipples removed after 30 days )

And don't really need any security suits, same as you I think. Running Firefox mostly, NoScript extension  ....  Really wonder why I never get any spyware, hehe.

[Lisandro]

Tech, if you read this, I agree with you that BZ's ruleset should not have to be used with KPF 4.
KPF 2.1.5 is a straight packet filter and those rules there are are handled by 4.2 automatically. They can be of cause applied if some knowledge and wanting a really tight setup, some of them to tighten up, but totally different beasts. Kerio 4.2 is really much more user friendly. No beed to handle DHCP or DNS traffic.

I'm so glad to know that it won't be necessary to make that work 
I've tryed twice but I gave up 

Absolutely no crashes in GUI as I have heard some user's having

For me not... process take all of CPU at startup and I have to get back the 4.2.1... strange, I couldn't figure out what was wrong 

[szc]

...
...
...
I think Sygate and Kerio are pretty much covering things as pure firewalls (Hips and nipples removed after 30 days )
...
...
...

Yes, and that's the main reason I asked... full feature only in paid-for versions, and of course 30 days trial period only... That's why I was wondering what is that that Comodo has to offer and it's completely free of charge...

...
...
...
And don't really need any security suits, same as you I think. Running Firefox mostly, NoScript extension  ....  Really wonder why I never get any spyware, hehe
...
...
...

Exactly, I don't wanna turn my PC into security fortress, no way... I don't wanna see 99% of system resources used by security applications... what would left for my primary computer use ? Nothing... and I need a lot of resources when doing my creative part of those tasks...

Cheers !

[kakapo]

No probs here with Kerio 4.2.2 altho' I did have a few odd errors using 4.2.1.
I ran it thru' ShieldsUp and it passed with its default settings. All the most recent releases have passed; it was earlier incarnations that required a wee tweak.

I'm impressed that Kerio are still updating a firewall they intend to discontinue.

Happy Days to all

[szc]

Ok trust me Kakapo, KERIO is everything but not dead ! Remember what I told you 

Even when they completely "shut down" that project I'm sure they will sell that licence to someone else who is interested. No one clever enough would let that product wanish just like that, no way !

If nothing else, it will be released under the GNU licence and we all will be happy again.  But, again as I already mentioned... someone will buy it eventually and continue with it's development. At least that's what I would do if I had all that money...

Cheers !

[darth.mikey]

I was using 4.2.0 and now 4.2.1 and I never experienced any GUI crashings, except for example... let's say if Azureus (Torrent client) is open and it's downloading something huge, or even holds few huge dowloads, and you open Kerio, it will look like it's frozen, and some parts of the window will be missing... but it lasts only for let's say 20-30 seconds (maybe longer) and then everything goes back to normal.

Yes i'm having those problems too Sasha but it lasts around 5 sec maybe in 4.2.1 but before when i had 4.1.3 and 4.2.0 it lasted half a minute on my comp too for the window to open up completely...

[Umath]

Yes i'm having those problems too Sasha but it lasts around 5 sec maybe in 4.2.1 but before when i had 4.1.3 and 4.2.0 it lasted half a minute on my comp too for the window to open up completely...

Sorry to hear that. 

No prob here.  Kerio is my favorite FW, which is good for learning how network works and is also quite configurable, too.  In fact, I disabled some automatic features and am using DNS configuration given by my provider.  With my security router, I feel quite safe.

As some people mentioned, it has a simpler sandbox app compared with Anti Hook.  I am using Limited Free version but I am not using IE at all either. 

[darth.mikey]

Umath that only happens when you have multiple torrents downloading and you open up Kerio otherwise it opens up instantly

[szc]

Exactly and it's my backup firewall anyway, since I trust my hardware router/firewall more than anything in the world... 

It's not about the PC configurations ot graphic card types, it's all about some bugs in Kerio's GUI engine. Kerio team admited that, and it's obvious it was a real problem. Here is official web site, with release history... See what they said about v4.2.1:

http://www.kerio.com/kpf_releasehistory.html

4.2.1 - September 29, 2005
- fixed low-risk security bug allowing a local application to crash the system
- fixed some false positives of HIPS detection algorithms
- fixed problems with crashing applications when KPF was used together with McAfee VSE 8.0i
* removed 'Details' column from NIPS log view
- fixed bug that GUI was sometimes frozen for a while when user switched to logview
- fixed problems with non-US characters in HIPS exception paths
- several minor GUI fixes
* improved web filtering. It is now compatible with wider range of web sites.

[Jarmo P]

I am a bit lost soul on this  ....  updating my PC clock:
http://forums.kerio.com/index.php?t=msg&th=7458&start=0&S=9746fecfbb2068e37073f0af5df145f0

I had thought I had denied generic host all inbound accesses.
And when sending from my computer clock a permission to update my computer's clock, it was through port 123 udp to time server.

All is well so far. But UDP requests should not be both ways, accepting incoming traffic unless allowed allowed in the same communication?
I really thought I need to add a packet filter rule when that time server contacts me from my request. So it is in Sygate.

So regarding Tech's worries about whether to need to add some packet filter rules to be safer than Kerio 4.2 default I am now not so sure?

When I write this, only matunga answered me in Kerio forum, so I wait for more there

[Umath]

I can't remember the default setting.  However, I let all the svchost.exe connection denied in "Applications" with a rule allowing svchost.exe IN/OUT connection local/remote UDP 123 (only for the servers on the list) in "Advanced Packet Filter."  I tried to do the same thing for Windows Update but the servers were numerous and I eventually had to give up.  Now I temporally let KPF ask about the svchost.exe connection only when I am updating.

Jarmo P, after reading your post, I allowed internet outbound connection for svchost.exe, unchecked the rule in "Advanced Packet Filter" and manually tried to update the time, which was unsuccessful.  It works exactly as expected.

[Jarmo P]

Wish it was same with me Umath.

I made a specific packet rule even (should not be needed since Generic Host for win 32 services is not allowed any incoming connections by me in Applications) to block that incoming connection.

Rule to block UDP 123 local port for that process incoming.
Still I could update my clock, aaarrrgggh.
Now I am really puzzled, but I need to examine  more, so no more posts from me about only wondering, if no light on this subject from me

I loose my trust so easily and don't want it to be KPF 4.2.2

Jarmo