<> wrote in message
news:717d1ac1-22fc-48e4-8afa-...
On May 7, 10:38 pm, "Mr. Arnold" <MR. Arn...@Arnold.com> wrote:
> <gw.harri...@gmail.com> wrote in message
>
> news:8d15de1b-2f80-460f-8ff2-...
>
> > I'm really at the end of my tether with this issue - have a laptop
> > which has windowsVistainstalled. Whenever I boot up the Windows
> >Firewallis turned on. However, towards the end of the boot process,
> > the WindowsFirewallturnsitselfoff, almost as if when a program
> > loads it knocks it out. Is there anyway I can do a walk thru' of the
> > boot up process so I can see if I can capture which program or process
> > is doing it? At my wits end.
>
> You got two firewalls runningVistaand something else running together?
I've never installed another firewall on the laptop - I've always been
happy to just use Windows Firewall. This is what I can't understand,
because all the searching I've been doing suggest uninstalling the 2nd
firewall I've installed - but I've only got and ever had, the one.
------------------------------------------------------------------------------
What this sounds like to me is that you have malware running on the machine
that is turning the Vista FW off. What you need to do is look around on the
machine and look at running processes to see if you can spot something that
doesn't look right that's running.
Process Explorer can be used to look at running processes and what those
processes are hosting, such as possible malware.
With PE, you go to Menu/View/Show/Lower Pane/Show all DLL(s) and PE will
show you everything a running process in the upper pane is hosting. You can
right-click a line in both panes and go to Properties to get more
information.
<http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_i n_a_Windows_Environment.html>
You should use Currports free that runs on Vista which is like Active Ports
in the link above to see if you can spot anything trying to connect while
the Vista FW is down that could be dubious.
http://www.nirsoft.net/utils/cports.html
You should enable Vista's auditing and see what is happening.
http://www.ultimatewindowssecurity.c...egory-DSAccess
You'll see in the link in Advanced Security Settings it talking about the
auditing in the XP security link. You should enable the same auditing
features on Vista, if you can do that and look at the logs with the Event
Viewer off of Control Panel/Admin Tools.
http://labmice.techtarget.com/articl...ychecklist.htm
You should look around and see if you can spot anything that could be
turning the Vista FW off.
You should get that CurrPort shortcut into the System Startup so that you
can see if anything looks dubious on System Startup and Internet
connections.
The link will show you how to tell Windows Defender about Currports and not
to stop it at startup.
http://www.vistax64.com/tutorials/79...e-disable.html
Similar Threads
Linear Mode
