eEye Digital Security

My question is this. What could be generating outbound traffic, yet not trigger an application firewall alert?

I have both application and system firewalls enabled. Default action if no appliction rule exists is "ask", and stateful mode is enabled. I am getting System firewall alerts like that below: in this case outbound traffic to a pop server port 110. Surely an application must be sending this? If I had an rule allowing outbound to port 110, then stateful mode should be creating the hidden system rule. If I have not got a rule, then the default action 'ask' should apply. So why does the application firewall not create an alert?

8/25/2007 6:30:29 AM,BLINK-SFW-13,System firewall,System firewall-TCP 192.168.1.106:1558->81.103.221.14:110,
The System Wide firewall applied the default action,
Blink,3.0.11,0,0,,RemotePort=110;Request=Denied;LocalIp=192.168.1.106;Alert=No;RefID=000000132FAAA245;
Protocol=TCP;LocalPort=1558;RemoteIp=81.103.221.14;

Blink personal 3.0.11

This is most likely happen because your firewall is in Passive mode. Go to Options and Settings | Advanced and turn off the passive mode

Hi, thanks Inicula, but that's not it, I am not in passive mode. Any other ideas anyone?

GeoffWyss:

Blink personal 3.0.11

      Not that this may help you any, but I noticed your not running the most up to date version of Blink (3.1, unless you just typed it wrong by accident).  Version 3.1 has fixed a lot of things.   :)
      Blink 3.1: http://download.eeye.com/html/products/blink/personal/installer/blinkconsumersetup.exe

     The MD5 signature is:   79086d7d504a64aa9fff34fe56a50adc
     The SHA-1 signature is: 5d4d6bf96cf53cb4c5f69865ae18cead11a3a880

Thanks for pointing that out, I have downloaded the up to date version, 3.1.1. Sadly it does not change the behaviour I am seeing.

Now I have a new puzzle! Why wasn't I on 3.1.1 in the first place? I only just purchased Blink (8th August) and the order link gave me 3.01, yet I see from the announcements forum that 3.1.1 was out on 27 June! Also, I have run update a few times (especially since seeing you post), yet was never updated to the latest release. Are we expected to monitor the forums and install updates manually?

Regards

Geoff

     Well it is version 3.2 now which should update from version 3.1 when an update is done though.  I don't know, my only guess is eEye has not fixed version attached to the location of the default link they send in emails (for free Personal Edition) to reflect the newest version yet.