This small guide contains information scattered here and there on the Forum, and on the web, related to security settings that should be applied on the free Sygate firewall, as that provided by default does not provide an adequate level of protection. To be fair, it must be said that unscrupulous conduct in? Use of the resources provided by the network, may render any device adopted (see this discussion ).
With regard to the normal procedures? Installation and it is used, you can refer to this? excellent guide in Italian , at? on-line help , or this? another site .
As for the practice of configuring the firewall on a home network, see this topic (of course after following the advice given here).
Most of the problems that can be found in? Program daily, was, and still is discussed on the official forum , where it was necessary to remove the firewall, you should know that it would be preferable to remove all residue left on your PC before you reinstall it, as shown here , and here .
In order to avoid disappointment it is advisable to install the penultimate version available from the link reported here .
Any security program that can provide real-time protection (firewall, anti-virus, anti-trojan, anti-spyware, IDS, sandbox) would be better to install it in a different folder than the default. This is because some malicious programs may be able to put it down, doing so will complicate their lives by forcing them to look for it, if they always have the capacity.
Once the preliminaries, we come to the point?


1) Panel Options (Tools -> Options)

1.1) General
1.1.a) In Sygate Personal Firewall Service to turn on the Automatically load Sygate Personal Firewall service at startup.
1.1.b) Notification If you put the check mark for Hide notification messages will block those annoying pop-ups that often appear in the blue system tray.
1.1.c) In Password Protection, set a password by clicking Set Password, then put the check on Ask password while exiting, in this way, besides the fact that any changes to the configuration of the program requires? Entering the password, if when another application tries to terminate the same, you would be notified with the request of the password (see this thread ). Keep in mind that if you forget your password, you’ll have to uninstall and reinstall the firewall.
1.2) Network Neighborhood
1.2.A) In the Network Interface drop-down menu, select the modem / router, then raised both by the tick Allow to browse Network Neighborhood files and printer (s), either Allow others to share my files and printer (s).
1.3) Security
1.3.a) In Security Enhancement, put the check mark for Enable driver level protection, NetBIOS Protection, and Anti-Application Hijacking.
1.3.B.) L? Enable DLL authentication, if enabled with Automatic allow Known DLLs, which means that every time a? New application loads a DLL, you come warned: this is because some trojans can use one or more of them to achieve their purposes. Turn this? Option generates a? Countless pop-ups, which confirm or deny it? if we do not know what you have to do is totally unnecessary, since there would still be running the risk of malicious code. Might as well bring an anti-trojan, and leave it to the task of assessing each case.
At this point the dates? OK to confirm your changes.

2) Applications Panel (Tools -> Applications)

2.1) Advanced Application Configuration
2.1.a) Select each application, click on Advanced at the bottom, and raised by all (except the exceptions set out in the next paragraph) from both the ticks Act as Server, both Allow ICMP traffic for drivers (. Sys) see here .
2.1.b) On Application Services and Controller (C: WINDOWS System32 services.exe) just remove the checkmark from Act as Server (leaving that to Allow ICMP traffic, and of course on the Act as Client). The instant messengers, P2P programs and other proxies need to function as a server, so they should be permitted to check up on Act as Server and that if some P2P clients, you can not ping, these must also leave the check mark for Allow ICMP traffic, although then it is better to take it out once the run? operation. Know that the port or ports used by a program operating in server mode are open and visible from? External (described here ).
2.1.c) In Remote Server Ports Local Ports and you can limit the range of ports used by each application. He also indicated only one, all others will be excluded. If you do not supply any, any port can be used by that? Application. Here you will find the? list of ports used by the most common programs. A pure license? Example shows the values to be included in Internet Explorer?
In Remote TCP Server Ports: UDP while 80-83,443,1080,3128,8080,8088,70,1375,20,21: 1040-1050 (for streaming, see here ). This means that the incoming and outgoing traffic for that program can take place only on those ports. If you want you can instead create advanced rules to specify whether on a certain port traffic can only be output rather than input? Unfortunately the free version of the firewall can not be set more than twenty rules. Beware of P2P clients: in addition to the default port can even run the other needed to establish each connection? If you enter only one could stop everything! (Read here ).
2.2) Application Access Status
2.2.a) All system applications are by default in the status of Ask, we must put the following in the status of Block, as they may be exploited by malicious programs to trick the firewall (to select them, for one, and right-click ):
C: WINDOWS System32 inetsrv inetinfo.exe
C: WINDOWS System32 mqsvc.exe
LSA Shell (C: WINDOWS System32 lsass.exe) on win2k server executable and DLL is called LSA
MS DTC console program (C: WINDOWS System32 msdtc.exe)
NDIS User mode I / O Driver (C: WINDOWS System32 drivers ndisuio.sys) if this option is not present, the reason is explained here .
TCP / IP Services Application (C: WINDOWS System32 tcpsvcs.exe)
2.2.b) on the following two processes there are conflicting opinions (c? Is who says to put them permanently on the Block, and who says they should always be to Allow):
Generic Host Process for Win32 Services (C: WINDOWS System32 svchost.exe)
NT Kernel and System (C: WINDOWS System32 NTOSKRNL.EXE)
With regard to the interaction of the latter two with the Windows Update service, read this discussion .
2.2.c) All system applications not covered in paragraphs 2.2.b 2.2.ae can be left in the status of Ask (for? IP Network Address Translator, see the topic on the home network because it is set to Allow). L? That only occasionally is you will live? Application Layer Gateway Service (C: WINDOWS System32 alg.exe), which occurs every time you log on to an FTP server, in that case, you can give the go-ahead.
2.2.d) XP on the following applications have access to the Internet:
WordPad MFC Application (C: Program Files Windows NT Accessories wordpad.exe)
Notepad (C: WINDOWS system32 notepad.exe)
Windows Explorer (C: WINDOWS explorer.exe)
Again, these should be placed on Block, as well as they run the risk of being hooked by trojans.
2.2.e) If not used, the following programs should be put on Block: Internet Explorer, Messenger, and Outlook Express. I spend a word more about the e-mail clients: the best thing to do to manage e-mail, is to consult on-line, avoiding to download to your PC, if this is not really possible, be aware that what that the client is used, an anti-virus software can scan e-mails, there is listening on TCP port 25 (SMTP) and 110 (POP3), keeping them constantly open, even behind the firewall. If you decide not to use any client, should also disable that feature on? Anti-virus.
2.2.f) should be placed in the status of Allow only those programs that are used frequently (although for the sake it would be better put to Ask): browsers, email clients, FTP ones, those p2p, download managers, media players, etc.. All others should keep it up and give the Ask? OK from time to time.

3) Advanced Rules Panel (Tools -> Advanced Rules)

To cut the bull’s head as explained in this thread , as well as disable useless services in Windows , you need to create advanced rules to block all TCP and UDP ports that affects the system on your PC, as well as ICMP, and the IP (excluding of course by that? last block TCP and UDP traffic, which as a result of the combination of filter rules only to the system) throughout the course in both directions. The ports used by Windows ranging from 1 to 1023, but it may happen that the operating system? Reasons for her? also use a few doors up from 1024, much? is that here come to scan up to 1056. A list of all ports, can be found here .
We must do the following:
3.1.a) Click on Add Rule and Advanced Settings panel will appear.
3.1.b) In General Rule Description to enter the title (eg, block ICMP), then select Action Block this traffic, and in Advanced Settings to Apply Rule to Network Interface, select the modem / router.
3.1.c) In Hosts -> Remote Host -> Apply this rule to -> Select All addresses.
Article 3.1.d) In the Ports and Protocols -> Apply this rule to -> Protocol -> select ICMP then click Select All, and then you give the Traffic Direction Both? OK.
3.2.a) Same as 3.1.a.
3.2.b) Same as 3.1.b changing the title (eg, IP block).
3.2.c) Same as 3.1.c.
3.2.d) In the Ports and Protocols -> Apply this rule to -> Protocol -> then select IP in IP Type 0-5,7-16,18-255 inserted and Traffic Direction Both then set the date? OK.
3.3.a) Same as 3.1.a.
3.3.b) Same as 3.1.b changing the title (eg: Blocking TCP Local Ports).
3.3.c) Same as 3.1.c.
3.3.d) In the Ports and Protocols -> Apply this rule to -> Protocol -> select TCP then inserted Local 1-1023 (or increased at your discretion this? Last parameter based on the considerations expressed above, and taking care not to interfere with other applications: eg. ICQ using any port from 1024 onwards? use a program that monitors the doors, like this one for you? idea), then in Traffic Direction Both set the dates? OK.
3.4.a) Same as 3.1.a.
3.4.b) Same as 3.1.b changing the title (eg: Blocking UDP Local Ports).
3.4.c) Same as 3.1.c.
3.4.d) Same as 3.3.d but select UDP.
Quest? Final rule will also allow you to protect from? exploit single executable to remote at all? today, according to Secunia has not yet been patched on Sygate.
To confirm the rules in place, the dates? OK so closing the panel Advanced Rules.
According to special needs (eg. To allow scanning of e-mail from Dell anti-virus, or if you need to use some Windows service that listens on port puts its own jurisdiction) with the above rules may be changed to? end, or simply turned off by removing the check mark that is to the left (note: if you apply these rules in an advanced LAN, read this topic: problems with PC on the network ) set.