InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : firewall settings change after every boot. help? |
|
Answer» for some REASON every time after i boot my vista home PREMIUM sp1 laptop after a couple of minutes of windows started, firewall and network SHARING settings change. every time i have to change it back. dunno why this is happening. appreciate any info. dunno if its related but have tis event viewer logs tat looked strange to me (among like 400 different ones in one minute -!? and even if its not related is it something ok? wat is it saying?) by the way, some time ago my computer was infected by backdoor:win32/refpron.A. supposedly it was removed. A Windows Filtering Platform filter has been changed. general tab Subject: Security ID: LOCAL SERVICE Account Name: NT AUTHORITY\LOCAL SERVICE PROCESS Information: Process ID: 1644 PROVIDER Information: ID: {decc16ca-3f33-4346-be1e-8fb4ae0f3d62} Name: Windows Firewall Change Information: Change Type: Delete Filter Information: ID: {0aa8b2a7-d8e6-4574-8b79-5389071e8fa2} Name: Port Scanning Prevention Filter Type: Boot-time Run-Time ID: 68324 Layer Information: ID: {7fb03b60-7b8d-4dfa-badd-980176fc4e12} Name: Outbound ICMP Error v6 Layer Run-Time ID: 34 Callout Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Additional Information: Weight: 18446744073709551615 Conditions: Condition ID: {632ce23b-5167-435c-86d7-e903684aa80c} Match value: No flags set Condition value: 0x00000001 Condition ID: {0c1ba1af-5765-453f-af22-a8f791ac775b} Match value: Equal to Condition value: 0x0001 Filter Action: Block --------------------------------------------------------------------- details tab + System - Provider [ Name] Microsoft-Windows-Security-Auditing [ Guid] {54849625-5478-4994-a5ba-3e3b0328c30d} EventID 5447 Version 0 Level 0 Task 13573 Opcode 0 Keywords 0x8020000000000000 - TimeCreated [ SystemTime] 2009-05-24T19:44:53.406Z EventRecordID 483055 Correlation - Execution [ ProcessID] 636 [ ThreadID] 1004 Channel Security Security - EventData ProcessId 1644 UserSid S-1-5-19 UserName NT AUTHORITY\LOCAL SERVICE ProviderKey {DECC16CA-3F33-4346-BE1E-8FB4AE0F3D62} ProviderName Windows Firewall ChangeType %%16385 FilterKey {0AA8B2A7-D8E6-4574-8B79-5389071E8FA2} FilterName Port Scanning Prevention Filter FilterType %%16386 FilterId 68324 LayerKey {7FB03B60-7B8D-4DFA-BADD-980176FC4E12} LayerName Outbound ICMP Error v6 Layer LayerId 34 Weight 18446744073709551615 Conditions Condition ID: {632ce23b-5167-435c-86d7-e903684aa80c} Match value: No flags set Condition value: 0x00000001 Condition ID: {0c1ba1af-5765-453f-af22-a8f791ac775b} Match value: Equal to Condition value: 0x0001 Action %%16389 CalloutKey {00000000-0000-0000-0000-000000000000} CalloutName - -------------------------------------------------------------------- --------------------------------------------------------------------log2 general tab A Windows Filtering Platform filter has been changed. Subject: Security ID: LOCAL SERVICE Account Name: NT AUTHORITY\LOCAL SERVICE Process Information: Process ID: 1644 Provider Information: ID: {decc16ca-3f33-4346-be1e-8fb4ae0f3d62} Name: Windows Firewall Change Information: Change Type: Delete Filter Information: ID: {0aa8b2a7-d8e6-4574-8b79-5389071e8fa2} Name: Port Scanning Prevention Filter Type: Boot-time Run-Time ID: 68324 Layer Information: ID: {7fb03b60-7b8d-4dfa-badd-980176fc4e12} Name: Outbound ICMP Error v6 Layer Run-Time ID: 34 Callout Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Additional Information: Weight: 18446744073709551615 Conditions: Condition ID: {632ce23b-5167-435c-86d7-e903684aa80c} Match value: No flags set Condition value: 0x00000001 Condition ID: {0c1ba1af-5765-453f-af22-a8f791ac775b} Match value: Equal to Condition value: 0x0001 Filter Action: Block ------------------------------------------------------------------------------ details tab + System - Provider [ Name] Microsoft-Windows-Security-Auditing [ Guid] {54849625-5478-4994-a5ba-3e3b0328c30d} EventID 5447 Version 0 Level 0 Task 13573 Opcode 0 Keywords 0x8020000000000000 - TimeCreated [ SystemTime] 2009-05-24T19:44:53.406Z EventRecordID 483055 Correlation - Execution [ ProcessID] 636 [ ThreadID] 1004 Channel Security Security - EventData ProcessId 1644 UserSid S-1-5-19 UserName NT AUTHORITY\LOCAL SERVICE ProviderKey {DECC16CA-3F33-4346-BE1E-8FB4AE0F3D62} ProviderName Windows Firewall ChangeType %%16385 FilterKey {0AA8B2A7-D8E6-4574-8B79-5389071E8FA2} FilterName Port Scanning Prevention Filter FilterType %%16386 FilterId 68324 LayerKey {7FB03B60-7B8D-4DFA-BADD-980176FC4E12} LayerName Outbound ICMP Error v6 Layer LayerId 34 Weight 18446744073709551615 Conditions Condition ID: {632ce23b-5167-435c-86d7-e903684aa80c} Match value: No flags set Condition value: 0x00000001 Condition ID: {0c1ba1af-5765-453f-af22-a8f791ac775b} Match value: Equal to Condition value: 0x0001 Action %%16389 CalloutKey {00000000-0000-0000-0000-000000000000} CalloutName - |
|