Something for Firewall?

[RexRomae]

I made a program that uses the library FTP.au3 and then interacts directly with the internet and accordingly Firewall when running Unlock asks whether the application or continue to lock ... Do you have any ideas for bypassarlo or overcome? Thanks!

[rudi]

Hi.

I made a program that uses the library FTP.au3 and then interacts directly with the internet and accordingly Firewall when running Unlock asks whether the application or continue to lock ... Do you have any ideas for bypassarlo or overcome? Thanks!

I'm looking for that solution as well:

Novell BorderManager (Proxy-Firewall) uses a client side applet called CLNTRUST.EXE, which has to listen UDP:3024 and I'd love to open it silently without any user intervention. When accessing web content the firewall "asks" this applet: "Who is autenticated on that PC?" and by that very detailed internet access rules can be transparently enforced. (no separate user login screen for web content)

I know that there are ways to silently add entries to the exclusions list of Windows' Firewall: I know several applications that can do so during their setup. Unfortunately I have no clue how this is done.

The "most early approach" is a unattend windows setup using a winnt.sif with these firewall exclusions settings in it. But for altering an existing Win Installation silently I'm still seeking howto: That should be distributable through ZENworks (so users won't need to have admin rights...)

Regards, Rudi.

Edited April 16, 2008 by rudi

[jvanegmond]

RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List", @AutoItExe, "REG_SZ", @AutoItExe & ":*:Enabled:AutoIt Application")

Edit: (Yes, this is one line.)

Edited April 16, 2008 by Manadar

[rudi]

RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List", @AutoItExe, "REG_SZ", @AutoItExe & ":*:Enabled:AutoIt Application")oÝ÷ Ûú®¢×©ä±8b³
+Çâ殶­sdæG4gtÆÆ÷rgV÷C¶Æö6Ç7V&æWBgV÷C² ¤gVæ2æG4gtÆÆ÷rb33cµ66÷RÒgV÷C²¢gV÷C² Æö6Âb33c´gtäE5&Vt¶WæÒÒgV÷C´´UôÄô4ÅôÔ4äRb3#µ55DTÒb3#´7W'&VçD6öçG&öÅ6WBb3#µ6W'f6W2b3#µ6&VD66W72b3#µ&ÖWFW'2b3#´f&WvÆÅöÆ7b3#µ7FæF&E&öfÆRb3#´WF÷&¦VDÆ6Föç2b3#´Æ7BgV÷C° Æö6Âb33c´gtäE5&VufÄæÒÒ77FVÔF"fײgV÷C²b3#¶G×s3"æWRgV÷C° Æö6Âb33cµfÅGRÒgV÷Cµ$Tuõ5¢gV÷C° b7G&æuWW"b33cµ66÷RÒgV÷C´Äô´Å5T$äUBgV÷C²FVà Æö6Âb33c´gtäE5&VufÇVRÒ77FVÔF"fײgV÷C²b3#¶G×s3"æWS¤Æö6Å7V$æWC¤Væ&ÆVC¤äE2%Òfײæ÷Ff6FöâÆ7FVæW"gV÷C° VÇ6P Æö6Âb33c´gtäE5&VufÇVRÒ77FVÔF"fײgV÷C²b3#¶G×s3"æWS¢£¤Væ&ÆVC¤äE2%Òfײæ÷Ff6FöâÆ7FVæW"gV÷C° VæD` &WGW&â&Vuw&FRb33c´gtäE5&Vt¶WæÒÂb33c´gtäE5&VufÄæÒÂb33cµfÅGRÂb33c´gtäE5&VufÇVR¤VæDgVæ2³ÓÒfwC´æG4gtÆÆ÷p

I'm just wondering...

Obviously I'm not remembering correctly, that regwrites to that list without user's ACK have no effect? <hmm>

Pro: Comfortable to admin.

Con: Too easy this way for spyware to add itself to the FW's allow lists (Appl or port)

Regards, Rudi.