Microsoft Security Essentials

[RonH]

Its slightly different in Vista (which I still use) but nothing special shows up. Apart from MSE, I also installed Office 2010, uninstalled Kaspersky plus a few other changes so its likely that the pc 'hiccupped' and threw a wobbly. None of my scans show anything out of the ordinary but thanks again for trying. Its frustrating when you can't find the reason for these warnings

[Carol W.]

I have been running MSE for one week. My Windows firewall is turned on and I have no additional third party firewall software.

I don't want to start a "tempest in a teapot" here. I'm only reporting my results and asking a question.

On a lark, I decided to run two tests on this site. Those were ShieldsUp! and LeakTest. My computer failed both tests. See screenshots attached. On the ShieldsUp! test, port 113 was "closed" and not "stealth". Also, "a PING reply was received'. On the LeakTest test, my computer was able to connect to GRC's server without any kind of warning. I am moderately concerned but not panicking (yet).

I recall (but can't confirm) that when I had Trend Micro installed, the ShieldsUp! test reported all ports as "stealth".

So now for the question -- Am I adequately protected in terms of firewall protection with only Windows Firewall? I have read conflicting opinions on whether or not MSE works and plays well with third party firewall software. If I need additional firewall software, what would be your recommendations?

Thanks, in advance.

grc ports test.jpg

leak test.jpg

[HansV]

By default, the built-in Windows Internet Firewall hides ALL ports to incoming traffic, i.e. it operates in complete stealth mode. If port 113 is merely closed, not hidden, it must have been set that way at some point in the past.

It does allow pinging your PC. This is not really a problem.

Again, by default, it does *not* block outgoing traffic, so LeakTest will report what you saw. I've been using the Windows Internet Firewall with its default settings since 2003 (first on Windows XP, now on Windows 7) and it has NEVER caused a problem - I haven't had a single infection.
But if you wish, you can set the Windows Internet Firewall to monitor outbound traffic too - see The Windows Vista Firewall.

[Carol W.]

Hans,

Thanks for the reply.

I tried playing around with the advanced Windows (7) firewall settings but was not successful in setting up monitoring only. I ended up blocking all outgoing traffic and was unable to reach any websites.

See attached screenshot. On the Private Profile tab, I changed the Outbound Connections dropdown to "Block". Of course, I immedately changed it back to "Allow" when I couldn't reach any websites.

Do you know how I can set up a rule to simply monitor (and not "Block") outgoing traffic? Trend Micro included that feature and, as annoying as it was, it gave me some comfort level.

advanced firewall settings.jpg

[HansV]

The advanced settings of the Windows Internet Firewall aren't really easy to use. You'd have to create a "rule" for each application that you would want to allow connecting to the internet.
I'd simply keep the default setting (Allow). Microsoft Security Essentials does keep an eye on unusual behavior, so that should protect you. As I mentioned, it has been sufficient for me.

[ChrisGreaves]

Nowadays, does anyone have a router which is not wireless?

Well me, for two.
I'm struggling to think if I have any friends who do use wireless routers (grin!)

[Carol W.]

I'd simply keep the default setting (Allow). Microsoft Security Essentials does keep an eye on unusual behavior, so that should protect you. As I mentioned, it has been sufficient for me.

If it's good enough for Hans, it's good enough for me!

[silverback]

After reviewing the discussions on this posting, I decided to get rid of AVG and ZoneAlarm. The latest versions had been causing problems on my PC - AVG hogging CPU time and ZoneAlarm preventing the PC closing down properly. I am happy with using Windows Firewall and MSE - the PC bboots quicker, runs a lot faster etc.
One question about MSE, though.
I let MSE install itself using all the defaults. When the PC boots, I always get a Windows warning that my PC might be unprotected - at that point MSE is showing a red icon. Just after this warning, MSE icon turns green.
How can I get MSE to start earlier in the boot cycle, please?

Thanks
Silverback

[HansV]

See When I boot up my Windows XP machine, MSE comes on with a red icon in the tray and a message saying your computer is unprotected.

[Carol W.]

silverback,

I have the same problem but have always attributed it to the fact that it took a minute, or so, to contact Microsoft's servers to check for the latest definitions. That was "my theory", anyway.

Now that I've read the article to which Hans posted the link, I'm thinking I might still have remnants of Trend Micro left on my machine. I'll try running the cleanup tool after I backup my C: drive later today.

Hans.

[silverback]

Thanks for that link.
I've run the AVG and ZoneAlarm removal tools and now when the machine boots, the icon is still red at the time the desktop and system tray appear, but it turns green before the connection to my network is made. I'm going to assume that the PC is just busy at boot time - as per the answer given on the link webpage. If there's no internet connection before MSE is properly initialised, I'm not going to worry any longer.

Thanks again
Silverback

[tedshemyers]

You might try Windows Seven Firewall Controlto help tame the Win 7 Firewall. It works surprisingly well and has gotten good reviews on the other forum

[Carol W.]

I just ran the Trend Micro uninstall tool. It didn't make a particle of difference in the time it took for my MSE icon in the system tray to go from red to green -- approximately 1 minute.

It also left a Trend Micro folder under C:\Program Files so I'm not real sure if it did anything at all. BTW, Trend Micro was "uninstalled" on my machine in late August 2010.

Just thought I'd post an update.

[HansV]

It's probably nothing to worry about - the software firewall will already be active, and your internet modem/router probably has a hardware firewall built in.