Kerio is finally back!

[rdmaloyjr]

Kerio and Comodod both passes ShieldsUP! with no problems at all. See some of those threads we started, especially the one with Comodo. I posted all those screenshots and also screenshots from ShieldsUp!!

ZA freeware doesn't pass tooleaky.exe as mentioned many times in the past. Both Comodo and Kerio, plus of course ZoneAlarm Pro can pass it with no problems. ZA free doesn't have those rules, so it will easily fail.

Here are the results of Shields Up with Kerio 4.2.2 on my machine:

GRC Port Authority Report created on UTC: 2005-12-29 at 22:42:57

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                            119, 135, 139, 143, 389, 443, 445,
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
   26 Ports Stealth
---------------------
   26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.

I hope now maybe a Kerio user may be able to help me get a passing grade with Shields Up.

"Enable predefined network security" is checked by default on my copy of Kerio 4.2.2.

I have no dislike for Kerio.  In fact one of the reasons I'm slow to return to ZA is Kerio starts up quicker than ZA when I boot my computer.  The main reason I'm delaying the return to ZA is I want to be sure I've fixed the crashing problem.  I've upgraded some hardware drivers & I haven't crashed since.  The crashing seemed worse with Kerio than ZA.  If I can get Kerio by Shields Up I may keep it as long as it gives good protection.

[Dwarden]

so for example Your ping problem

Network Security > Predefined > Ping and Tracert out / Internet > deny

[rdmaloyjr]

I tried deny on all ping tracerts in & out with Kerio but it still failed.

Dwarden,

Thank you for responding.

As you see above I did deny what you suggest.  Other ICMP packets were by default deny.

Do you think the ping reply could be from something else besides a firewall?   I've done scans with all my antispyware scanners, avast!, BitDefender & ewido.  Everything came up clean.  Kerio has a good reputation or I wouldn't have tried it.  I suspect something is wrong somewhere else.  S.Z.Craftec says "Kerio and Comodod both passes ShieldsUP! with no problems at all."

[Umath]

rdmaloyjr,

Since you wrote that Zone Alarm had passed the ping test, presuming that you are using the same machine under the same condition, logically, Kerio should not let your machine send ping as long as your configuration on Kerio is proper or your system has something wrong exclusively with Kerio.

If you are not sure, how about making an advanced packet filter rule on denying any ICMP in/out communication and check the log column?  By doing this, Kerio would block any ICMP communication and log it.

As I wrote above, the system can shut down Kerio when Kerio keeps logging numerous data, which can flood the system memory in a long period, thogh.  This is why I try not to leave my pc online for a long time.

[Dwarden]

rdmaloyjr ... ok that's definitely abnormal situation ... You got any special cable/ADSL/wifi router ?

umath ... You can avoid that messing with what KPF logs and what not ...

[Umath]

rdmaloyjr ... ok that's definitely abnormal situation ... You got any special cable/ADSL/wifi router ?

rdmaloyjr wrote that he/she didn't have the problem with ZA, which makes me think his/her system has a problem with Kerio.

umath ... You can avoid that messing with what KPF logs and what not ...

That's what we normally do but don't we have to let unexpected communications log or prompt at least?  Of course, we can let Kerio deny them without logs once the rules are set but...

[FreewheelinFrank]

Hi rdmaloyjr,

Have you changed your default predefined network security settings, perchance?

They should look like this:



Passing shields up here!

[rdmaloyjr]

FreewheelinFrank,

My default settings are just as you show.  I changed them as Dwarden suggested without success.  I have since reset them to default.

Dwarden,

I don't have any special cable/ADSL/wifi router.  I am on DSL a plain DSL modem.

[Umath]

rdmaloyjr, I think your system has a problem with Kerio.  However, why not give a try to what I wrote above as a last shot (while doing this, just temporary uncheck "Enable predefined network security")?  If Kerio fails to log, it means Kerio doesn't recognize any ICMP communication.  In this case, unfortunately, I don't think Kerio can deal with ping seeing the problem persistent even after re-installing. 

[Jarmo P]

As far as I know, I got a few BSOD's running kerio.
What you told umath

"As I wrote above, the system can shut down Kerio when Kerio keeps logging numerous data, which can flood the system memory in a long period, thogh.  This is why I try not to leave my pc online for a long time."

Does not make me very much trust the product

So back to my trustworthy Sygate again. Even with loosing a bit outbound control due to local proxy issue with Avast. They get logged in anyways.

Kerio IS very nice with features, but still problems I think with stability.

[Umath]

Kerio IS very nice with features, but still problems I think with stability.

That would be my point, too.  I thought Kerio 4.x became stable when compared the memory usage with Kerio 2.x, which shoudn't be a problem for modern systems.  However, after a numerous logs, I found it becomes unstable again.  In my case, I use filtering function of my router, which is not online all the day.  However, I don't recommend Kerio to an individual whose pc is not behind a router.  If someone uses Kerio 4.x without logs, it may make Kerio stable but it also reduces the information which he/she can get.

Nowadays, I think it is desirable for users to use HW firewalls or equivalent protections, at least.  I keep my eyes on Comodo/Kerio personal firewalls but am already wondering if I am going to buy Outpost or something else.

[Dwarden]

umath what i meant with suggestion to disable log was to do it for NIPS 'low'
and i set 'medium' ones to just log because i already ran into multiple issues with blocked valid traffic ...

but i'm already covered by linux based firewall infront of this computer so i can do such step w/o fear ...

so for prevention i use only HIGH NIPS on this machine (i.e. WMF exploit 1.10 rule from bleeding snort) ...
anyway the exploit seems to be so bad (new variants exploiting RND WMF content rendering any detection in AV/IDS rules nill) i'm forced to install this temporary patch from hexblog.com just for sure ...