Hello,
I am testing out the blocking feature.
I was running emule on my computer and WFilter correctly detected this activity and blocked as per the policy settings.
I then closed emule on my computer however the online blocking is continuing to report that emule activity is being detected and blocked (but emule is not running so this cannot be correct).
This looks like a bug or I have stuffed up the configuration somewhere.
Would appreciate advice on how to troubleshoot.
Thanks
VW
Activity being reported on real-time blocking after the application has been closed on the target
Moderators: imfirewall, gengw2000
Activity being reported on real-time blocking after the application has been closed on the target
There are two possibilities:
1. Even you have exited the emule desktop application, it also can have background processes running for uploading/downloading. Please run "windows task manager" to check your processes.
2. Some p2p programs support both UDP and TCP traffic. TCP connections will be terminated when application is shutdown. However, UDP traffic is connectionless, remote peers will keep push UDP traffic even the application is closed. This will happen for a while(several minutes) for all remote peers to get "target not available" responses.
1. Even you have exited the emule desktop application, it also can have background processes running for uploading/downloading. Please run "windows task manager" to check your processes.
2. Some p2p programs support both UDP and TCP traffic. TCP connections will be terminated when application is shutdown. However, UDP traffic is connectionless, remote peers will keep push UDP traffic even the application is closed. This will happen for a while(several minutes) for all remote peers to get "target not available" responses.
IMFirewall Software provides solutions for web content filtering software, business internet filtering software, business internet usage monitoring software.
Activity being reported on real-time blocking after the application has been closed on the target
gengw2000 wrote: There are two possibilities:
1. Even you have exited the emule desktop application, it also can have background processes running for uploading/downloading. Please run "windows task manager" to check your processes.
I checked that at the time, definitely not the case.
2. Some p2p programs support both UDP and TCP traffic. TCP connections will be terminated when application is shutdown. However, UDP traffic is connectionless, remote peers will keep push UDP traffic even the application is closed. This will happen for a while(several minutes) for all remote peers to get "target not available" responses.
This must be the case then.
Thanks for the clarification. I found those entries on the WFilter logs disconcerting.
Activity being reported on real-time blocking after the application has been closed on the target
Actually I think there is a third possibility.
It looks to me as if TeamViewer (TeamViewer 7) is being identified as Edonkey,Emule and that's why I had all those entries in the logs after I had closed Emule.
Everytime I switch from the Default blocking policy to High on my computer, TeamViewer stops working and I get Edonkey,Emule entries in the Real-time blocking log.
I don't want to block TeamViewer, but I do want to block unknown.
It looks to me as if TeamViewer (TeamViewer 7) is being identified as Edonkey,Emule and that's why I had all those entries in the logs after I had closed Emule.
Everytime I switch from the Default blocking policy to High on my computer, TeamViewer stops working and I get Edonkey,Emule entries in the Real-time blocking log.
I don't want to block TeamViewer, but I do want to block unknown.
Activity being reported on real-time blocking after the application has been closed on the target
we will check this ASAP.
IMFirewall Software provides solutions for web content filtering software, business internet filtering software, business internet usage monitoring software.
Activity being reported on real-time blocking after the application has been closed on the target
If you have edonkey/emule running, WFilter will over blocking some unknown traffic.
For no blocking of teamviewer, please add the teamviewer protocol into "Customize Protocols" of WFilter. Then it will not be over blocked.
Check this blog topic: http://blog.imfirewall.us/How+To+Block+TeamViewer+On+My+Network+Using+WFilter.aspx
For no blocking of teamviewer, please add the teamviewer protocol into "Customize Protocols" of WFilter. Then it will not be over blocked.
Check this blog topic: http://blog.imfirewall.us/How+To+Block+TeamViewer+On+My+Network+Using+WFilter.aspx
IMFirewall Software provides solutions for web content filtering software, business internet filtering software, business internet usage monitoring software.
Activity being reported on real-time blocking after the application has been closed on the target
gengw2000 wrote: If you have edonkey/emule running, WFilter will over blocking some unknown traffic.
For no blocking of teamviewer, please add the teamviewer protocol into "Customize Protocols" of WFilter. Then it will not be over blocked.
Check this blog topic: http://blog.imfirewall.us/How+To+Block+TeamViewer+On+My+Network+Using+WFilter.aspx
I made the suggested change and initially it appeared to work.
However I recently enabled the High filtering to do some more testing of the https and TeamViewer stopped working. Once I returned to the Default policy TeamViewer resumed working. So there is more to this.
Activity being reported on real-time blocking after the application has been closed on the target
You need to check "Real-time blocking" to get the blocking reason. Then modify your blocking policy to make it work.
IMFirewall Software provides solutions for web content filtering software, business internet filtering software, business internet usage monitoring software.
Activity being reported on real-time blocking after the application has been closed on the target
It's reported as unknown (and I'm blocking unknown). So presumably I need wireshark to run a trace. Are the instructions self-explanatory or is there a procedure that you would prefer me to follow?
Activity being reported on real-time blocking after the application has been closed on the target
I've installed Wireshark. To obtain details on the 'unknown' traffic being reported by WFilter should I just run a trace and send it to you?
Or are there some filters that I can apply?
Is it possible for me to do some of the analysis?
I ran a trace on the internal NIC for 1 minute and the size of the capture file is 800K.
Or are there some filters that I can apply?
Is it possible for me to do some of the analysis?
I ran a trace on the internal NIC for 1 minute and the size of the capture file is 800K.
Who is online
Users browsing this forum: No registered users and 10 guests