FAQ 常见问题集
- 1. How to make my computer invisible to the internet?
- 2. My server got many 135 port connection from local client. How to fix it?
- 3. My Remote Web server (with Outpost Installed) blocks my connection, how can I fix it?
- 4. I cannot play online game with my friend after installing Outpost, what should I do?
- 5. I block internet access of svchost.exe, then I cannot connect to the internet. What should I do?
- 6. I cannot receive file through ICQ. What should I do?
- 7. I am using Windows Internet Connection Sharing, my client machine cannot online if I start Outpost Firewall. It works after Outpost is closed. What is the problem?
- 8. Other than "Port Scan", what other attacking mode can Outpost Firewall detect?
- 9. I got problem to go to some dynamic DNS servers. What should I do ?
- 10. Does outpost perform checksums on applications?
- 11. Can outpost block a trojan if it resides in a driver?
- 12. Does Outpost filter Raw Sockets?
- 13. Does Outpost perform Application or Network level filtering?
- 14. What does Outpost Write to the registry?
- 15. What are the numbers prefixed by Fw and Web in the status bar?
- 16. Why are the 'Allow Once' and 'Block Once' buttons sometimes disabled?
- 17. What is the difference between the Reject option and the Deny option in the rule creations action pane?
- 18. Which rules are processed first, System or Application?
- 19. I don't want Outpost running in the system tray, is there anyway to hide the Outpost GUI?
- 20. Outpost doesn't seem to be blocking cookies as I have loads of them on my hard drive. Is the cookie filtering broken?
- 21. I went to a scanning site and it reported that I have an open port that should be closed. How to get Outpost to stealth the port?
- 22. How does Outpost's engine process rules?
- 23. What are lsass.exe, LSA Shell, LSASS, Local Security Authority System?
- 24. How do I shutdown a plugin?
- 25. What are the numbers in Outposts tray icon tool-tip?
- 26. What is 'learning mode'?
- 27. How can I limit the online time for my computer?
- 28. VMWare virtual machines fail to access network. What is the problem?
- 29. What can I do if Outpost uses a lot of memory and CPU?
- 30. I noticed hard disk activity when Outpost is running. Why?
- 31. I noticed that Outpost's memory usage goes up and down. Why?
- 32. How to enter Activation Key (Long Key) in the trial version ?
- 33. If I install Outpost Firewall , can I still download from the web or will these program totally block them out? How to enter key into trial version?
- 34. 如何解决 PestPatrol 与 Outpost Firewall 冲突问题?
- 35. 如何取得登记序号 (Long Key)?
1. How to make my computer invisible to the internet?
To make your computer invisible to the internet, you may install the Super Stealth Plug-in of Outpost Firewall.
Download Super Stealth
How to install:
1) Shutdown Agnitum Outpost.
2) Run "super stealth.exe" and follow instructions.
3) Load Agnitum Outpost manually or restart operation system to load it automatically.
4) When "Super Stealth" has been installed successfully, you will see new plug-in in outpost's left panel.
The Super Stealth plugin options:  |
1 - Local MAC address: This is your own MAC address. 2 - Trusted MAC address: Here is where you enter MAC addresses of computers on your network that you trust and want to be able to get your MAC address. Those not in the list will not be able to resolve your MAC address and thus will be unable to send you ethernet frames. Enter a new MAC address and click on the button 'ADD MAC TO TRUSTED' to add the new MAC to your list of trusted MAC addresses. To remove an address, highlight one you want to move and click on 'REMOVE MAC'. Top |
2. My server got many 135 port connection from local client. How to fix it?
Some client machines create many connections to your 135 port (DCOM), install firewall on client machines to check what programs or processes are using port 135. Block that application to solve the problem.
Top
3. My Remote Web server (with Outpost Installed) blocks my connection, how can I fix it?
In the Remote web server, add your IP Address to the Trusted List in Outpost and tick trust.
Step 1: Right on the Attack Detection Plug-in then select Properites. |
4. I cannot play online game with my friend after installing Outpost, what should I do?
Click ※Allow all activities for this application§ (For advance user, please click ※Create rules using preset§ and select ※custom§). This allows the application (i.e. your game) to connect to internet and to be connected.
 Top |
5. I block internet access of svchost.exe, then I cannot connect to the internet. What should I do?
svchost.exe requires some internet access in order to carry out basic networking tasks. You should allow the activities for svchost.exe.
Top
6. I cannot receive file through ICQ. What should I do?
a) For ICQ Lite:
Click Main -> Preferences and Security
Click Connection Settings -> Not using Firewall(Yes! Not using firewall, as ICQ thinks that Firewall is equal to NAT) -> Tick "Keep connection alive" -> OK -> Restart ICQ -> Done 
b) For ICQ Full version
(NOTE: This will only work for receiving files from computer which is directly connect to the internet.)
Click Connection -> Server -> Not using Firewall (Yes ! Not using firewall ,as ICQ think that Firewall equal to NAT) -> Tick Keep connection alive -> OK -> Restart ICQ -> DONE
Top
7. I am using Windows Internet Connection Sharing, my client machine cannot online if I start Outpost Firewall. It works after Outpost is closed. What is the problem?
a) Go to Options -> General
b) Go to System -> Setting in LAN Settings -> Tick the Trust for your LAN IP (usually 192.168.0.0)
Top
8. Other than "Port Scan", what other attacking mode can Outpost Firewall detect?
Outpost Firewall detects attack using the Attack Detection Plug-in. Here is the detail of the plug-in:
The Attack Detection plugin is made up of two parts:
The Outpost Scanning Detection module
The Outpost Attack Detection module.
The Attack Detection module can detect and block the following DOS (Denial Of Service) attacks: Teardrop, Nestea, Iceping, Winnuke, Nuke, FRAG_ICMP Class (Jol12, Targa13 and other), FRAG_IGMP Class (IGMPSYN and other), SHORT_FRAGMENTS Class, MY_ADDRESS Class (Snork and others), Rst, 1234, Fawx, Fawx2, Kox, Tidcmp, Rfposion, Rfparalyse, Win95handles. DDOS (Distributed Denial Of Service) attacks are also neutralized. The Scanning Detection module can detect TCP and UDP port scanning as well as the following forms of stealth scanning: Syn, Fin, Xmas, Null, Udp.
Usually scan detectors in most Personal Firewalls detect a Port Scan (also called TCP port scanning or port probe) if someone connects to any closed port on the local PC. However, this approach results in a great number of false alarms because often-valid software needing to interchange data routinely checks for open or closed ports.
To decrease the number of false alarms Outpost's Scanning Detection Module differentiates between single scan of a closed port (a suspicious packet) and several accesses to different ports by the same remote host.
Outpost designates a packet as suspicious if it is a:
TCP Connection request or UDP packet to a non-open port.
TCP data packet for a non-existent connection.
TCP Connection request or UDP packet to a port closed by Outpost.
If Outpost detects a suspicious packet, it displays the 'Connection request' message in its log file.
Port Scanning is another intrusion indicator that is detected if several suspicious packets are received from one remote host within a specified time interval.
Top
9. I got problem to go to some dynamic DNS servers. What should I do ?
The DNS Cache in Outpost will keep DNS records for 7 days. It may have problem to resolve DDNS(Dynamic DNS). To solve this problem you may disable the DNS Cache in Outpost.
a) Open Outpost Firewall -> Right Click "DNS Cache" -> Click "Properties"
b) Un-tick "Enable DNS Cache"
Top
10. Does Outpost perform checksums on applications?
Yes, Outpost uses MD5 to authenticate applications are legitimate.
Top
11. Can Outpost block a Trojan if it resides in a driver?
Yes.
Top
12. Does Outpost filter Raw Sockets?
Yes.
Top
13. Does Outpost perform Application or Network level filtering?
Outpost filters both TDI and NDIS requests.
Top
14. What does Outpost write to the registry?
Windows 9x
- run_helper
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Driver
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\FILT95
- GUI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Outpost Firewall"="C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /noservice"
- Engine
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "Outpost Firewall"="C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service"
Windows NT/2000
- run_helper
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Drivers/Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OutpostFirewall
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VFILT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ADBLOCK.DLL
and so on for every plug-in
- GUI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Outpost Firewall"="C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /noservice"
Top
15. What are the numbers prefixed by Fw and Web in the status bar?
These are the number of Firewall and HTTP blocks Outpost has made.
Top
16. Why are the 'Allow Once' and 'Block Once' buttons sometimes disabled?
They are only available for Outgoing connections. This is because Outpost puts the connection request on hold until you make a rule or click the 'Allow Once' and 'Block Once' buttons, but incoming connections are blocked automatically until you make a rule, which is why the buttons are disabled.
Top
17. What is the difference between the Reject option and the Deny option in the rule creations action pane?
Reject means Outpost drops the packet and sends a port unreachable packet to the source of the communication attempt which tells the source that the port is closed.
Deny means Outpost drops the packet and doesn't notify the source that the port is closed, this 'stealths' the port.
Top
18. Which rules are processed first, System or Application?
The System rules are checked after the Application rules.
Top
19. I don't want Outpost running in the system tray, is there anyway to hide the Outpost GUI?
Yes. Open the 'Options' menu and select Options -> General... and uncheck Run Automatically at boot-up. This stops the GUI from starting at boot (the engine is still running). Now if on the same tab you have Apply rules without need of interface checked the engine will filter packets according to the rules you have already created. Outpost, in this state, is running in Block Most Mode so any applications without rules will be blocked by default. If you uncheck Apply rules without need of interface then the rules will be ignored, it will be as if you didn't have any firewall running (the plugins are also disabled in this case).
Top
20. Outpost doesn't seem to be blocking cookies as I have loads of them on my hard drive. Is the cookie filtering broken?
Outpost, like AtGaurd blocks the return of cookies, not the setting. This is because there are many ways to block cookies but only one way to send them.
Top
21. I went to a scanning site and it reported that I have an open port the should be closed. How to get Outpost to stealth the port?
Please see this thread at Agnitum's forums.
Top
22. How does Outpost's engine process rules?
Please see this thread at Agnitum's forums.
Top
23. What are lsass.exe, LSA Shell, LSASS, Local Security Authority System?
Please see this thread at Agnitum's forums.
Top
24. How do I shutdown a plugin?
First right click on the plugins name in the folder panel of the main window and uncheck enable. Then select from the 'Options' menu Options -> Plug-Ins Setup. The option window will open with the plug-ins tab selected, highlight the plugin you want shutdown and click on the button 'Stop'.
If you want to you can delete the following registry keys as well to permanently kill the plugin:
Delete regkey
HKEY_LOCAL_MACHINE\SOFTWARE\Agnitum\Outpost Firewall\KernelPlugIns\??=[kernel plugin name].dll
Delete regkey
HKEY_LOCAL_MACHINE\SOFTWARE\Agnitum\Outpost Firewall\EnginePlugins\[plugin file]=0|1
Top
25. What are the numbers in Outposts tray icon tool-tip?
These are your current IP addresses.
Top
26. What is 'learning mode'?
This is a logging error that occurs while in Rules Wizard mode, it has been fixed in version 2. The way to get round the problem of an application being blocked due to 'learning mode' even if a rule exists is to put Outpost into any mode except Rules Wizard mode, like Block Most Mode. Then when an application that hasn't got any rules switch modes to Rules Wizard mode and create rules, then switch back to Block Most Mode.
Top
27. How can I limit the online time for my computer?
Outpost rule engine able limited the network activities for application and whole system by time interval.
Here is an example to limit the system online only from 6:00pm to 8:00pm.
a) Open Outpost Firewall System setting
b) Click on System Rules
c) Add a new rule
d) Configure a tim einterval base rule
- Select "Where the specified time interval is" in Section 1
- Select "Block it" in Section 2
- Click on the "Undefined" on Section to open the Activity Schedule window
- Select time interval , select From 12:00:00 AM to 17:59:59 PM (for this example)
- Click Add
- Repeat select time interval from 21:00:00 PM to 23:59:59 PM and click add.
- Click OK to complete select schedule
e) Assign the name for this rule and click "OK"
f) Select the rule just created and then click "Move up" until the rule goes on the top of the list.
Done.
You may also set a password for Outpost to protect the setting . (Option ' General ' Enable Password)
Top
28. VMWare virtual machines fail to access network. What is the problem?
Outpost Firewall blocks transit packets and this prevents VMWare virtual machines from accessing the network. To resolve the problem, please:
-
Open Virtual Machine Control Panel
Click Hardware tab
Select NIC 1
Under Connect to the following network select NAT: Used to share the host's IP address
29. What can I do if Outpost uses a lot of memory and CPU?
If you experience a high CPU load or Outpost is consuming a lot of memory, here's a workaround to solve the problem.
Step 1
-
Run regedit
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Agnitum\Outpost Firewall\General
Change the value of EnableNetstatLogging to 0
Open the Outpost.ini file in the Outpost folder and set EnableLogging=0
Step 2.
-
Select Options/Applications/Components
Set Component Control Level to OFF
Step 3.
-
Open the Outpost.ini file in the Outpost folder and set
HideIcmpActivity=yes
HideIpActivity=yes
30. I noticed hard disk activity when Outpost is running. Why?
Outpost reads and writes configuration files and logs, which causes hard disk activity.
Top31. I noticed that Outpost's memory usage goes up and down. Why?
-
On startup Task Manager reports OP is using 16 megabytes of RAM.
Just opening OP's main window and closing it drops memory usage to less than 2 megabytes.
Thereafter memory usage will steadily increase.
Repeating step 2 decreases memory usage each time. Windows calculates the memory used by any application in the same way. All other applications, not only Outpost, behave the same.
32. How to enter Activation Key (Long Key) in the trial version ?
如何在试用版中输入登记号码 (Long Key)?
1. 打开Outpost Firewall 。
2. 在上方按说明, 再按登记。
3. 打开网上登记后收到的邮件。把登记号码复制下来。
若要取得登记序号 (Long Key) 请参阅 FAQ# 35 http://www.version-2.com/products/?product_id=6&id=54#26
4. 复制登记号码后, 请把登记号码在输入序号的方格中贴上。
5. 最后按确定。
How to enter Long Key in the trial version ??
Open Outpost Firewall Pro >> Help >> Register >> Enter Code >>
Copy and paste your Activation Key in the text box and click OK.
Top
33. If I install Outpost Firewall , can I still download from the web or will these program totally block them out? How to enter key into trial version?
Firewall will not block all internet access (i.e. download or browsing websites), the firewall will pop-up a screen to ask you if that software can access internet or not. When you see that screen , select allows allow for program that you know. For program that you don't know, select "block once" first. If it dose not affect your online activities, then click "always block" next time it pop-up. On the other hand, if you face problem after clicking "block once", clicking "always allow" next time.
Top34. 如何解决 PestPatrol 与 Outpost Firewall 冲突问题?
请执行以下步骤:
1. 反安装 pestpatrol, 然后从 http://pestpatrol.com.hk/download/thanksh.php?lang=chi下载并安装最新版本的 pestpatrol.
2. 在 pestpatrol 排除以下路径和档案
- C:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll
- C:\Program Files\Agnitum\Outpost Firewall
3. 重新安装 Outpost Firewall
35. 如何取得登记序号 (Long Key)?
1. 请到以下网址输入序号, 姓名和联络电邮。
http://www.agnitum.com/register.php
2. 登记序号 (Long Key) 便会实时显示出来。与此同时, 阁下的电邮会收到登记序号 (Long Key)。
如输入序号错误 , 请留意当中的英文字母和数字后再尝试登记。如登记失败 , 请把资料电邮至 support@version-2.com.hk 或于办公时间内致电 (852)-2893-8860 ﹝
How to get the Long Key ?
1. Visit http://www.agnitum.com/register.php , and enter the Activation Key, registration name and contact email. Press submit
2. The long key will be shown on screen and sent to your email. If it prompts "invalid activation key", please email your query to support@version-2.com.hk or call us at (852) 2893 8186.
Top