Vista Firewall turns itself off....

[gw.harrison]

I'm really at the end of my tether with this issue - have a laptop
which has windows Vista installed. Whenever I boot up the Windows
Firewall is turned on. However, towards the end of the boot process,
the Windows Firewall turns itself off, almost as if when a program
loads it knocks it out. Is there anyway I can do a walk thru' of the
boot up process so I can see if I can capture which program or process
is doing it? At my wits end.

 

[Mr. Arnold]

I'm really at the end of my tether with this issue - have a laptop
which has windows Vista installed. Whenever I boot up the Windows
Firewall is turned on. However, towards the end of the boot process,
the Windows Firewall turns itself off, almost as if when a program
loads it knocks it out. Is there anyway I can do a walk thru' of the
boot up process so I can see if I can capture which program or process
is doing it? At my wits end.

You got two firewalls running Vista and something else running together?

 

[gw.harrison]

You got two firewalls runningVistaand something else running together?

I've never installed another firewall on the laptop - I've always been
happy to just use Windows Firewall. This is what I can't understand,
because all the searching I've been doing suggest uninstalling the 2nd
firewall I've installed - but I've only got and ever had, the one.

 

[Not Me]

You don't have a security suite installed?
Norton? McAfee? or such?
Many have a firewall, even if you don't realize it.

 

[Mr. Arnold]

You got two firewalls runningVistaand something else running together?

I've never installed another firewall on the laptop - I've always been
happy to just use Windows Firewall. This is what I can't understand,
because all the searching I've been doing suggest uninstalling the 2nd
firewall I've installed - but I've only got and ever had, the one.

------------------------------------------------------------------------------
What this sounds like to me is that you have malware running on the machine
that is turning the Vista FW off. What you need to do is look around on the
machine and look at running processes to see if you can spot something that
doesn't look right that's running.

Process Explorer can be used to look at running processes and what those
processes are hosting, such as possible malware.

With PE, you go to Menu/View/Show/Lower Pane/Show all DLL(s) and PE will
show you everything a running process in the upper pane is hosting. You can
right-click a line in both panes and go to Properties to get more
information.

<http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html>

You should use Currports free that runs on Vista which is like Active Ports
in the link above to see if you can spot anything trying to connect while
the Vista FW is down that could be dubious.

http://www.nirsoft.net/utils/cports.html

You should enable Vista's auditing and see what is happening.

http://www.ultimatewindowssecurity.com/Wiki/Print.aspx?Page=AuditCategory-DSAccess

You'll see in the link in Advanced Security Settings it talking about the
auditing in the XP security link. You should enable the same auditing
features on Vista, if you can do that and look at the logs with the Event
Viewer off of Control Panel/Admin Tools.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

You should look around and see if you can spot anything that could be
turning the Vista FW off.

You should get that CurrPort shortcut into the System Startup so that you
can see if anything looks dubious on System Startup and Internet
connections.

The link will show you how to tell Windows Defender about Currports and not
to stop it at startup.

http://www.vistax64.com/tutorials/79612-startup-programs-enable-disable.html

 

[Mr. Arnold]

<snipped>

Oh, and one other thing, I do use IPSec to supplement the Vista FW on my
laptop when I am on the road like I am now, in case the Vista FW is taken
out, I still have something protecting the computer. I just implemented the
AnalogX IPSec polices, IPSec is there to supplement the Vista FW. IPSec is
on Vista.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/CONTENTS/articles/ipsec.htm
http://support.microsoft.com/kb/813878

IPSec is only to supplement and not to replace a host based software FW
running on the computer. It can be used to supplement 3rd party FW solutions
too that are running on the computer, instead of trying you install two
FW(s) on the machine that can be in conflict with each other.