:: Your Computer Technical Resource Headquarters! :: Your Computer Technical Resource Headquarters!
Computer Support Forums arrow Computer Related Discussions arrow Tips & Tricks arrow Topic: A Black Ice Defender How To
July 09, 2020, 02:09:21 AM

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
July 09, 2020, 02:09:21 AM

Login with username, password and session length
 Featured Sites:
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: A Black Ice Defender How To  (Read 4443 times)
Supreme Loonie
Global Moderator
Hero Member

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276

Bookmark and Share

View Profile
« on: December 12, 2004, 05:59:05 PM »

After searching about these forums, and others like it, I've yet to find a good tutorial regarding Black Ice Defender from Internet Security Systems.
I have to point out that I'm in no way affiliated with them, I just found that their firewall is one of the best I've come across, so here goes:

A Black Ice Defender Tutorial

After installing Black Ice, rebooting and updating it to the latest updates/upgrades, do the following.

Right click the Black Ice icon in your system tray and select Edit Black Ice Settings.
On the Firewall tab there are a few options you want to select.

Set Protection Level to Paranoid
Check Auto Blocking and leave the other checkboxes empty.

On the Packet Log and Evidence Log tabs enable logging, just to have something, in case of major problems.

On the Back Trace tab, set the Threshold to something from 0-10 and set both DNS lookup and NetBIOS nodestatus boxes to checked.

If you have a router, then go to the Intrusion detection tab and see what addresses/signatures are registered. For my setup, Intruder IP is set to (the router LAN IP) and Event Name is set to All
I also have another entry in there:
Intruder IP = All Event Name = SMB_Winreg_File and Event ID = 2002703 (default by the application)

The Notifications tab can come in handy, especially if you're paranoid enough to watch out for every portscan that your firewall has to deal with. Personally though, I leave the Visible and Audible Indicators unchecked.
The Update Notification is left checked and set to check every day, though it defaults to every 3 days, which should really be enough. But then again, I'm a paranoid git Wink

Under the Prompts tab, I check all boxes, but that's just my preference.

The Application Control tab has some cool bits. First of all, Enable Application Protection and then you're faced with a couple of important issues.
When an unknown application launches: I check the Ask me what to do option and I do the same with the one below, When a modified application launches:, I also want it to Ask me what to do.
On top of that, I check the box next to Protect Agent Files

Finally there's the Communications Control tab.
I keep the Enable Application Protection box checked.
When an unauthorized application attempts to access the Network:
You're now faced with four options.
a) Always terminate the application
b) Prompt before terminating the application
c) Always block network access for the application and
d) Prompt before blocking network access for the application

Personally, I choose option b), but it's entirely up to yourself what you want done.

Now we're done with Black Ice Settings

Now right click the Black Ice icon again and this time select Advanced Firewall Settings
Personally I remove all the entries in there, before starting to do anything. The firewall will block everything that you haven't specifically instigated yourself.
Then, if you have a local network you can do the following, to let every machine stay on speaking terms:
Click the Add button.
Name: your LAN name or whatever you see fit.
IP Address: The IP Range of your LAN i.e.
Check the All Ports box
Set the Type to IP
Mode to Accept
Duration of Rule to Forever
Check the Add Trusted Address Entry box
Now click the Add button and you've created your only needed rule.

With that bit done, there's only one little bit left and you've got yourself a very well configured firewall, one that's easy on system resources and works well with any of the free AV programs out there. Be it AVG, Avast, NOD32 or AntiVir.
Right click the Black Ice icon once more and select Advanced Application Protection Settings

Under the Known Applications tab, I search for two items: qttask.exe and realsched.exe, both of which send information back to their creators. One comes with Quicktime and the other with Real Player. If you don't want those things to keep sending stuff back to their creators, this is the best place to kill them off, never to be seen again. What's more important, neither will ever appear in your registry again, as starting up by default. Then I click the Save Changes button.

Next I click the Baseline tab.
Basically what to do here, is to check the boxes in the left pane, usually only your hard drives. Then click the Run Baseline button and wait for it to finish. Depending on your CPU speed, amount of RAM, the size of your hard drives and the amount of data stored there, it may take anywhere from 2 to 35 minutes. Most recent machines will finish this in less than 5 minutes though. When it's done, just click the X in the top right corner and you're done.

From now on, when you want to install something, Black Ice will ask you what to do.
You'll get a dialogue box with the following buttons:
Terminate, Continue, More info and Install Mode Options
Above the Terminate and Continue buttons you'll find a checkbox that says:
Don't Ask Me Again.
I tend to leave it unchecked and click the Install Mode Options

That will add the Advanced Options pane to the dialogue box.
In there you'll have a new button: Enable Install Mode and to it's right a dialoge pane that says:
Install Mode pauses Application Protection prompts while you install or update software on your PC.
You will be prompted periodically to disable install mode and you should do so when your installation is complete. Disabling install mode puts your BlackICE product back in normal Application Protection mode.

Now click the Enable Install Mode button and you'll get on with installing your software/update.
When the install/update is finished, you'll eventually get the Application Protection box again, this time as Install Mode Reminder
On it you'll see the name of the application you used to install/update your software.
There will also be a message on the box that says: If software installation is complete, select Disable install Mode, then baseline the newly installed software. If you select Cancel, you will remain in Install Mode and be prompted again in a few minutes.

Very handy indeed, especially if you're installing a huge game or software suite such as the Adobe Creative Suite.
When you're finished, click Disable Install Mode and you'll get a new dialogue box.
This time it will give this message:
BlackICE will update the baseline to include files that have been created or modified during the Install Mode. Choose 'Update' to proceed with baselining. If you prefer not to perform a baseline or would like to manually update your baseline later, choose 'Cancel'. You can refer to your user manual on how to update the baseline manually. (or read this howto again Wink)
Now click Update and let if do it's job.

If you're too impatient to wait, go and make yourself a nice cup of tea or coffee. If you don't like either, have a glass of your favourite beverage (mine's beer, the nectar of the geeks). Just let it run it's course and then resume your work as if nothing ever happened.

Thus finishes the lecture. I hope this will be of assistance to somebody out there

Pages: [1] Go Up Print 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page May 22, 2020, 06:11:35 PM