Aegisp Sys Driver For Mac
I use 5.5.2710 w. Sig file 1.0.1077 - no problems. BTW, many consider this the last best and most stable free build. It sounds like you need to learn more about how this firewall functions - googling will help, but a great aid is a better logger - SPF Log Viewer: » My guess is that you need to check your application rule for I.E. Or whatever browser you are using - you've given absolutely no info. SPF is still a decent firewall, but you have to know how to set up restrictions for each application ( kill 'act as server' for one thing ), and one of its powers are the advanced rules you can create.
NEVER NEVER 'allow all' - defeats the firewall! Thanks falcon04. I rolled back to version 5.5.2710 (although I have no idea where to get the sig. File), and got the viewer that you linked to as well. Also downloaded the RTFM for 5.5. Looks like I have some reading to do.
Again, thanks everyone for your help. Hopefully I will be able to get this to work this time. This is my first attempt to post here, so we shall see. Edit - No go. Same as before.
It will not let me post here when set to 'Normal'. Log only has 4 entries, as I cleared it just before trying to post here the first time. I will gladly give any info that you need as long as I can find it. Not sure what all would be needed though.
I use FF 2.0.0.3 Windows XP Pro Have set FF.exe to 'Allow' Everything else about the firewall is as was installed. No changes made other then allowing ff.exe. Now set to 'Allow All' so I can post this.
I assume you have a wireless router and laptop, as this app. Is on my Toshiba and is a necessary wireless protocol. I block AegisP at the app level, and have an advanced rule allowing this protocol to only access my LAN or my DNS server(s): You can make this a 'generic' advanced rule as the first (top) rule on your list, like so: ( change the IP addresses to reflect your LAN & DNS servers ) Rule Summary(s) verbatim from my setup - you'll have to back into the entries on the set up page - no-brainer!. 100 ALLOW LAN This rule will allow both incoming and outgoing traffic from/to IP address(es) 192.168.1.1-192.168.1.255,24.25.5.149-24.25.5.150 on all ports and protocols. This rule will be applied to all network interface cards. Sygate advanced rules override the app. Rules in the order the advanced rules are listed.
I then block all 'service' or system apps, such as AegisP, svchost,lsass,ndisuio,ntoskrnl,wgatray etc. So they can only go to my LAN computers or to my ISP's DNS servers thru the advanced rules. I also 'block' or 'ask' most everything EXCEPT my browser, email client, auto update for AVG, BOClean, NISTime., etc. Here are some other 'useful' rules I use in the numbered order. 101 DHCP RENEW This rule will allow incoming traffic from IP address(es) 0.0.0.0,192.168.1.1-192.168.1.105 on UDP local port(s) 67,68.
This rule will be applied to all network interface cards. 102 SVCHOST MICROSOFT UPDATE This rule will allow outgoing traffic to all hosts on TCP remote port(s) 80,443. This rule will be applied to all network interface cards. The following applications will be affected in this rule: Generic Host Process for Win32 Services.
103 WALLWATCHER ( router log ) This rule will allow incoming traffic from IP address(es) 192.168.1.1 on UDP local port(s) 162. This rule will be applied to all network interface cards. Panasonic dp 1820e driver software download.
The following applications will be affected in this rule: WallWatcher. In your individual app rules that you do not block, disable 'act as server' ( do this for ALL apps ) and specify the protocols, ports, IP addresses, etc. As tightly as you can to limit access. This is easy for some, as you can check your SPF log and figure out what is happening, and tweek the app rules as necessary. A far as Firefox is concerned, look to your SPFLGW or Sygate log to see how it is being blocked - without a specific log entry it's hard to guess. Desktop actually, but is wireless.
Gigabyte GN-WBKG 802.11g Wireless USB Adapter. Also have a Linksys Wireless - G (WUSB54G) USB Network Adapter that was installed at one time, but I am sure that I uninstalled it, before installing the Gigabyte. Thanks for the help and all the info. I will see what I can work out here. Is what I get for using ZoneAlarm for so many years. It just blocked everything unless you specifically allowed it. OK, I put this 'generic' rule in: Rule Summary: This rule will allow both incoming and outgoing traffic from/to IP address(es) 192.168.1.1-192.168.1.255 on all ports and protocols.
This rule will be applied to all network interface cards. It appears that this is going to let me post, as it did let me preview the post so far. It would not even let me preview a post before. I am not all that crazy about a 'generic' rule as this, but if it works, it is a starting point.
I can try and tighten it to be specific later. Again, many thanks for the help and info. I have much more to learn and tweak concerning this firewall. That rule simply allows all comm.
From/to your router - I assume you MUST have one! ( 192.168.1.1 ) and all the computers on your LAN ( even if you only have one computer ). It will not allow comm. To IP addresses NOT in the rule - so no worry about outgoing. It thus should not effect FF directly. It also should be coupled with 'blocks' on individual system apps as I mentioned, so they cannot phone out if you don't want them to, but can communicate intra-LAN.
If FF is 'allowed', then this advanced rule should have no effect, as it is an 'allow' rule. Something else intra-LAN was being blocked, not FF. Uncheck the rule in SPF and try FF again, then look at your SPF log to see what was being blocked. My guess - one of your service apps. Sygate has built-in blocking for certain things ( beyond the rules for individual apps.
Or advanced rules ) My guess is that one of these built-in functions was blocking until you applied the advanced rule, and disabling it will immediately reveal in the log the app which is blocked. 'sig file 1.0.1077' is the last Signature File available for SPF before it was abandoned. If you open the main SPF window, then click on the very top 'help' 'about', you'll see the version # and the sig file number. Your build comes with an earlier number, and a long while back I was given a work-around to allow me to instal the later sig file. Since the sig file relates to trojan signitures, and many better trojan apps are available, I wouldn't bother about it.
Read the manual and the links from Google. Once you get comfortable with it, SPF coupled with SPFLGW is a simple and elegant firewall giving you excellent logging and good outgoing control, but it SHOULD ( MUST IMHO ) be coupled with a decent NAT/SPI router.
I have also found that it WILL work with the SP2 Firewall running, but if you have a good router SP2 can be disabled. Said by: Something else intra-LAN was being blocked, not FF. Uncheck the rule in SPF and try FF again, then look at your SPF log to see what was being blocked. My guess - one of your service apps. Since he can connect but has a problem with sign in at sites, it may be an MTU problem, and the router may be sending an ICMP type 3 sub-code 4, destination unreachable, fragmentation needed but the DF flag is set. » The router may have a lower MTU then the computer. He can check what his MTU should be with the manual method in the tweaking FAQ » ».
The 'generic' advanced rule will pass thru the ICMP pings intra-LAN - which could well be the problem. MstrBlstr: You need to enable SPF Log Viewer, and put a shortcut to it on your desktop. It will come up blank - you need to click the 'read' button to load the list. SPFLGW will often be a few executions behind the built-in SPF log. Go to 'options', and check the 3 boxes under 'Sub-item Icons' - this will put mini-icons for each application on each line as well as icons for protocol and type of rule. This will give you a quick visual to find the guilty app.
much better than SPF's built-in log ( but it uses the same log file ) You can also 'hide' or filter the apps or protocols as you like, resize or recolor or reorder too. You will find that this is a dynamic rather than a static exercise! Good hunting!
New rule applied: 102 - Allow ICMP - IN - AegisP.sys - IEEE 802.1X Protocol Driver WirelessNetwork This rule will allow incoming traffic from IP address(es) 192.168.1.254 on ICMP type 0,3,4,5,8,9,10,11,12,13,14,15,16,17,18. This rule will be applied to Gigabyte WBKG USB WLAN Card. The following applications will be affected in this rule: IEEE 802.1X Protocol Driver. Testing to see if works. Kind of generic, but I can weed down the ICMP type a bit later. And that didn't work.
Now adding this rule: 103 - Allow - UDP - In - AegisP.sys - IEEE 802.1X Protocol Driver WirelessNetwork This rule will allow incoming traffic from IP address(es) 192.168.1.254 on UDP remote port(s) 53 to UDP local port(s) 1365. This rule will be applied to Gigabyte WBKG USB WLAN Card. The following applications will be affected in this rule: IEEE 802.1X Protocol Driver. Don't think I can get that one any tighter than that.
The incoming UDP seems to be coming through fine now. The incoming ICMP seems a bit weird though.:/ Why is it allowing it, then blocking it the next time? Is that because it doesn't know what app.
The second time? Here is the log for that part. 4031 bytes With rules 102 and 103 in place. Agreed, ICMP 3 is most likely the problem. Here are the steps and doc from sygate faq archive. Jack Mail clients for POP3/SMTP fail and certain web pages fail to load; mostly noticed with but not limited to secure web logon web pages.
If setting SPF to Allow All the web pages begin to load and mail is being sent, then this Advanced Rule should correct your problem. You probably have a DSL broadband connection that is using a DSL/NAT device or home router. DSL uses a lower MTU value than the default value of 1500 assigned by Microsoft for your network card. The best value can vary per user but for most people the MTU value of 1492 is the highest value that can be set and works for most users. When your MTU value is set higher than what is being allowed by the DSL/NAT modem an ICMP packet Type 3 is sent back to your PC telling your PC the packet that was just sent is too big, make it smaller and send it again. SPF will block this request so you must create the Advanced Rule.
Now once Type 3 is allowed the Type 4 should be accepted back but just in case we set the rule to accept both ICMP type 3 and 4. 102 - Needed to be able to post on various forums.
This rule will allow incoming traffic from IP address(es) 192.168.1.254 on ICMP type 0,3,4,5,8,9,10,11,12,13,14,15,16,17,18. This rule will be applied to Gigabyte WBKG USB WLAN Card. This rule all by itself seems to have fixed the issue. Getting blocked incoming UDP stuff now, but not sure that is important or needed.
Think I should enable rule 103? Seem to be able to post without it. It is a pretty tight rule. What do you think?
It would keep all the blocked messages out of the log. You have to go thru your own learning / comfort curve with SPF, but after 3 + years of numerous 'tight' rules, behind a Linksys NAT/SPI router, I found that a simple rule like my '100 ALLOW LAN' with app blocks on AegisP and the others listed in my earlier post worked just as well - and NOTHING ever phoned home from these apps - only intra-LAN. I started with 10 or 12 rules to parse out the UDP/TCP/ICMP IN/OUT variations and studied the logs over time. I was able to combine some of the rules - down to 5 or 6, and a restudy resulted in the rules I gave. You need an advanced rule to allow ICMP,UDP and TCP intra-LAN.
You could specify the service apps. add them to the rule and then block them at the app. Level, which prevents them from going outside the LAN. You could be very specific with LAN and DNS IP addresses rather than putting in the range.
To reiterate, the apps AegisP, svchost, lsass, ndisuio, ntoskrnl, wgatray are the ones I once had in my 'Rule 100' - now generic - try it this way if you feel more comfortable. One caution - I found that DHCP RENEW calls ( Rule 101 )were made without any identified app and often from 0.0.0.0 - hence that rule.
You could add 0.0.0.0 to the IP list in Rule 100 and achieve the same result. Without this rule, I would sometimes lose my connection and it would not re-connect - again, SPFLGW revealed the problem. Said by: 0,3,4, and 8 are the only ICMP you really need.
Yeah, I trimmed it down to just 3,4 for now. Mainly the reason for me to even have a SWFW is for outgoing stuff. The NAT has always pretty much kept me in the comfort zone on incoming stuff.
The wireless router is new to me. So I have new concerns about things coming in through the LAN side of things. Although, I think that I have all that disabled as best I can. No network neighborhood, or file and printer sharing stuff, as far as I can tell. Thanks for all the help.
The generic Allow Lan was good, and if this was a hardwired conn., I would most likely use it. Wireless is just not a comfort zone for me yet. I'm no wireless expert, but I believe you can reduce your incipient wireless paranoia ( 'IWP' ) by: (1) restricting access on your wireless router to just those MAC addresses of computers in your LAN (2) Either use fixed IP addresses, or use DHCP to assign addresses to just the number of computers in your LAN. (3) Allow only those IP addresses in your SPF 'generic' ruleset, plus the router IP, plus the broadcast IP ( 192.168.1.255 ) I'm assuming you use WPA-2 or better and a long random password ( 63 characters ) - most folks think this gets you to a pretty safe zone.
Really can't go on any longer like this so, I'm seeking help. This was probably caused by the following module: win32k.sys (win32k+0x98FB0) Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF8053A933, 0xFFFFFFFFAE9E09E8, 0x0) Error: KERNELMODEEXCEPTIONNOTHANDLEDM file path: C: WINDOWS system32 win32k.sys This error occurs during any use of the Adobe Flash browser plug-in. For example: Streaming video from various host servers or Using Flash based games. The BSOD time fluctuates between 2mins and 4 hours but, with continued use of any Flash based streaming connection, the error occurs.
I have no trouble with bit torrent protocols, such as sopcast streaming media application. The things i have tried to do are; update my drivers for the graphics card, uncheck the 'accelerator' mode in the Flash option I have thoroughly cleaned, and keep clean, my system. Alas, i am losing my grip on reality, my head is popping and i feel like going to live up a mountain.
My system: ASUS M3A78 Pro AMD Dual Core 64x2 6000+ 3G DDR2 Nvidia GForce 9600 GT WD 2TB HDD Windows 32 XP Pro SP3 Firefox 13.0.1 Flash 11.3 r300 Help? That doesn't seem to be the problem mate (the firewall) 10 minutes into testing the new software, the BSOD occurred again. This was probably caused by the following module: pwipf6.sys (pwipf6+0xDBD5) Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF8053A933, 0xFFFFFFFFAEC0F9A8, 0x0) Error: KERNELMODEEXCEPTIONNOTHANDLEDM file path: C: WINDOWS system32 drivers pwipf6.sys product: Privacyware Filter Driver company: Privacyware/PWI, Inc.
Aegisp Sys Driver For Mac Download
The dump seems to identify the new Firewall as being the problem now? Click to expand.The dump folder is empty? I am guessing that Ccleaner did that?
OK, I am going to try and crash the system. If it is any use, I dumped the 'WhoCrashed' report below. This was probably caused by the following module: pwipf6.sys (pwipf6+0xDBD5) Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF8053A933, 0xFFFFFFFFAEC0F9A8, 0x0) Error: KERNELMODEEXCEPTIONNOTHANDLEDM file path: C: WINDOWS system32 drivers pwipf6.sys product: Privacyware Filter Driver company: Privacyware/PWI, Inc. That data's not enough to prove anything, if you compare it to the dumps earlier, you'll see it's very much in the same ballpark, therefore all are likely to have the same cause. If CCleaner removed just one dump, is the folder now empty?
Download and run it, hit Esc., set Verfiy to on in the View menu and refresh. Once it's completed, save it as the default type, zip and attach it please. When you get a new dump, upload it please, try to get any networking drivers updated, uninstall any resident software that may be related to networking too. That data's not enough to prove anything, if you compare it to the dumps earlier, you'll see it's very much in the same ballpark, therefore all are likely to have the same cause. If CCleaner removed just one dump, is the folder now empty? Download and run it, hit Esc., set Verfiy to on in the View menu and refresh. Once it's completed, save it as the default type, zip and attach it please.
When you get a new dump, upload it please, try to get any networking drivers updated, uninstall any resident software that may be related to networking too. Code: Driver Name: npf.sys Address: 0xAF32E000 End Address: 0xAF33D000 Size: 0x0000f000 Load Count: 1 Index: 107 File Type: System Driver Description: npf.sys (NT5/6 x86) Kernel Driver Version: 4.1.0.1753 Company: CACE Technologies, Inc. Product Name: WinPcap Modified Date: 03:19:44 Created Date: 03:19:44 Filename: C: WINDOWS system32 drivers npf.sys File Attributes: A Service Name: NPF Service Display Name: NetGroup Packet Filter Driver Do you have Wireshark installed? This version of WinPcap is quite outdated. Code: Driver Name: npf.sys Address: 0xAF32E000 End Address: 0xAF33D000 Size: 0x0000f000 Load Count: 1 Index: 107 File Type: System Driver Description: npf.sys (NT5/6 x86) Kernel Driver Version: 4.1.0.1753 Company: CACE Technologies, Inc.
Product Name: WinPcap Modified Date: 03:19:44 Created Date: 03:19:44 Filename: C: WINDOWS system32 drivers npf.sys File Attributes: A Service Name: NPF Service Display Name: NetGroup Packet Filter Driver Do you have Wireshark installed? This version of WinPcap is quite outdated. Right, looks like you have 2 programs (possibly 2 sets of drivers too) loading at startup for wireless LAN, in C: Documents and Settings All Users Start Menu Programs Startup: ZDWLan Utility.lnk IEEE 802.11 Wireless LAN Utility MFC Application c: program files zydas technology corporation zydas802.11gutility zdwlan.exe ClientManager3.lnk Client Manager3 TrayManager BUFFALO INC. C: program files buffalo client manager3 cm3tray.exe I would find the latest driver for your wireless card and download it - but don't install it until you have uninstalled all the previous packages and drivers and rebooted a couple of times.
If Windows finds and installs the wireless adapter after the uninstalls, it might work fine. If not, install the latest driver - but set the 3rd party software to allow Windows to control the wireless connection - this will be a cleaner connection, ruling out much of the 3rd party interference. OK, I have uninstalled the Client Manager 3, that is bundled on the CD Rom with the original drivers. I have uninstalled the Buffalo Driver (control panel/uninstall driver) and the ZyDAS ZD1211B IEEE 802.11 b+g Driver (control panel / add/remove software), then rebooted the system.
Windows found another version of the Buffalo driver on restart, so I uninstalled the same driver again (as above) and restarted the system. On the following restart; 'new hardware found / the Buffalo USB Key'. I navigated to the downloaded/updated/latest driver from the Buffalo site. Windows connection manager is connecting to the internet, without installing the bundled 'Client Manger 3' application. I am going to try to crash the system again, as per before. I have attached new copies of 'DriveView' and 'AutoRun' logs (.txt /.zip) - You mentioned something about USB drivers being out of date before?
Parameter 1 is 0xc0000005 (STATUSACCESSVIOLATION) This error indicates that there was undetected memory corruption performed by one or more drivers on the system. The corruption is detected when system execution encounters it and crashes the system. This error is similar to PAGEFAULTINNONPAGEDAREA in that the dumps are not particularly useful because the actual driver that caused the corruption is not typically the driver that causes the exception (by running into the corrupted memory). When the first parameter indicates that an access violation occurred, the next step is to enable the driver verifier and see if more informative dumps can be produced.
The!analyze -v output does not typically show the faulty driver, and there is not enough information in a minidump to perform more meaningful analysis. I think that might have been it gentlemen! Well hey, I'm not going to jinx things by getting carried away, you know? In the past, the system has lasted upto, i dunno, maybe 48 hours before crashing but, I have been playing an online Flash based game, while streaming a video from Youtube (which i think is actually HTML 5 as opposed to FLV but still) and nothing has happened as of yet. It seems obvious now, as the system only crashed during playback of Flash streams, and WinPcap is a Flash streaming capturing driver (or at least that is what I presumed it was as it came bundled with Streaming Star - Flv Recorder).
It is no longer on the system and low and behold, the BSOD seems to be fixed. I guess my original plan to go and live up a mountain can now be put off until the last mind bending instalment of 'thou ye olde 5 minute job' on the P.C. Come to fruition: ) I will post again in the near future (but hopefully not too near, if you know what i mean) as to the condition of the system. Cheers guys for taking the time out to respond, eh!