Default firewall rules for Symantec Desktop Firewall and Symantec Client Firewall
| Article:TECH140097 | | | Created: 2010-09-17 | | | Updated: 2010-09-25 | | | Article URL http://www.symantec.com/docs/TECH140097 |
Problem
You want to know what the default system-wide and Trojan horse settings are for Symantec Desktop Firewall (SDF) and Symantec Client Firewall (SCF).
Solution
These are the default system-wide and Trojan horse firewall rules for SCF and SDF. They can be found by:
Starting the firewall client.
Clicking Client Firewall > Internet Access Control.
Selecting System-Wide Settings or Trojan Horse Settings from the drop down menu.
System-Wide Settings (16 default rules)
These are the default system wide firewall rules.
Rule Name: Default Inbound ICMP
Action: Permit Internet Access
Connections: From other computers
Computers: Any Computer
Communications: ICMP protocol using All ports
Tracking: No default tracking
Type: Admin
Description: Default Inbound ICMP
Rule Name: Default Outbound ICMP
Action: Permit Internet Access
Connections: To other computers
Computers: Any Computer
Communications: ICMP protocol using All ports
Tracking: No default tracking
Type: Admin
Description: Default Outbound ICMP
Rule Name: Default Inbound DNS
Action: Permit Internet Access
Connections: From other computers
Computers: Any Computer
Communications: UDP protocol on Port 53
Tracking: No default tracking
Type: Admin
Description: Default Inbound DNS
Rule Name: Default Outbound DNS
Action: Permit Internet Access
Connections: To other computers
Computers: Any computer
Communications: TCP and UDP protocols on port 53
Tracking: No default tracking
Type: Admin
Description: Default Outbound DNS
Rule Name: Default Inbound NETBIOS Name
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: UDP protocol port 137
Tracking: No default tracking
Type: Admin
Description: Default Inbound NETBIOS Name
Rule Name: Default Inbound NETBIOS
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: UDP protocol port 138
Tracking: No default tracking
Type: Admin
Description: Default Inbound NETBIOS
Rule Name: Default Outbound NETBIOS
Action: Permit Internet access
Connections: To other computers
Computers: Any computer
Communications: TCP and UDP protocols on ports 137, 138, and 139
Tracking: No default tracking
Type: Admin
Description: Default Outbound NETBIOS
Rule Name: Default Inbound Loopback
Action: Permit Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP protocols
Tracking: No default tracking
Type: Admin
Description: Default Inbound Loopback
Rule Name: Default Outbound Loopback
Action: Permit Internet access
Connections: To other computers
Computers: IP address 127.0.0.1
Communications: TCP and UDP protocols
Tracking: No default tracking
Type: Admin
Description: Default Outbound Loopback
Rule Name: Block access to secure sites
Action: Block Internet access
Connections: To other computers
Computers: Any computer
Communications: TCP protocol port 443
Tracking: No default tracking
Type: Admin
Description: Block access to secure sites
Rule Name: Default Block Inbound and Outbound ICMP
Action: Block Internet access
Connections: To and From other computers
Computers: Any computer
Communications: ICMP protocol
Tracking: No default tracking
Type: Admin
Description: Default Block Inbound and Outbound ICMP
Rule Name: Block Windows File Sharing
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP protocols port 139
Tracking: No default tracking
Type: Admin
Description: Block Windows File Sharing
Rule Name: Default Inbound Bootp
Action: Permit Internet access
Connections: From other computers
Computers: Any computer
Communications: UDP protocol ports 67 and 68
Tracking: No default tracking
Type: Admin
Description: Default Inbound Bootp
Rule Name: Default Outbound Bootp
Action: Permit Internet access
Connections: To other computers
Computers: Any computer
Communications: UDP protocol ports 67 and 68
Tracking: No default tracking
Type: Admin
Description: Default Outbound Bootp
Rule Name: Default Block Microsoft Windows 2000 SMB
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP protocols port 445
Tracking: Create an event log entry
Type: Admin
Description: Default Block Microsoft Windows 2000 SMB
Rule Name: Default Block EPMAP
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP port 135
Tracking: Create an event log entry
Type: Admin
Description: Default Block EPMAP
Trojan Horse Settings (64 default rules)
These are the default Trojan horse rules.
Rule Name: Default Block Back Orifice 2000 Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP protocols ports 31337, 54321, 54320
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Back Orifice 2000 Trojan horse
Rule Name: Default Block NetBus Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 20034, 12345, 12346
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block NetBus Trojan horse
Rule Name: Default Block GirlFriend Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 21554
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block GirlFriend Trojan horse
Rule Name: Default Block WinCrash Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 2583, 3024, 4092, 5742
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block WinCrash Trojan horse
Rule Name: Default Block DeepThroat Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP protocols ports 2140, 3150, 41, 60000, 6670, 6771, 999
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block DeepThroat Trojan horse
Rule Name: Default Block Hack 'A' Tack Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP protocols ports 31785, 31787, 31788, 31789, 31791, 31792
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Hack 'A' Tack Trojan horse
Rule Name: Default Block Backdoor/SubSeven Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 1999, 2773, 54283, 7215, 1234, 6776, 27374
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Backdoor/SubSeven Trojan horse
Rule Name: Default Block Master Paradise Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP protocols ports 3129, 40421, 40422, 40423, 40125, 40126
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Master Paradise Trojan horse
Rule Name: Default Block Bla Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP protocols ports 1042, 666
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Bla Trojan horse
Rule Name: Default Block Donald Dick Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 23476, 23477, 3700, 9872, 9873, 9874, 9875
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Donald Dick Trojan horse
Rule Name: Default Block Portal of Doom Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP protocols ports 10067, 10167,
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Portal of Doom Trojan horse
Rule Name: Default Block NetSphere Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 30100, 30101, 30102
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block NetSphere Trojan horse
Rule Name: Default Block NetMonitor Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 7300, 7301, 7306, 7307, 7308
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block NetMonitor Trojan horse
Rule Name: Default Block TransScout
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 1999, 2000, 2001, 2002, 2003, 2004, 2005
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block TransScout
Rule Name: Default Block Doly Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 1010, 1011, 1012, 1015
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Doly Trojan horse
Rule Name: Default Block FC Infector Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP protocols port 146
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block FC Infector Trojan horse
Rule Name: Default Block Dmsetup Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 58
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Dmsetup Trojan horse
Rule Name: Default Block FireHotcker Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 5321
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block FireHotcker Trojan horse
Rule Name: Default Block RASmin Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 1045, 531
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block RASmin Trojan horse
Rule Name: Default Block Stealth Spy Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 555
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Stealth Spy Trojan horse
Rule Name: Default Block Attack FTP
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 666
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Attack FTP
Rule Name: Default Block Dark Shadow Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 911
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Dark Shadow Trojan horse
Rule Name: Default Block Silencer Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 1001
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Silencer Trojan horse
Rule Name: Default Block Netspy Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 1024
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Netspy Trojan horse
Rule Name: Default Block Extreme Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 1090
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Extreme Trojan horse
Rule Name: Default Block Ultor's Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 1234
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Ultor's Trojan horse
Rule Name: Default Block Whack-a-Mole Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 12351, 12362, 12363
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Whack-a-Mole Trojan horse
Rule Name: Default Block WhackJob Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 12631
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block WhackJob Trojan horse
Rule Name: Default Block FTP99CMP Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 1492
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block FTP99CMP Trojan horse
Rule Name: Default Block Shiva Burka Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 1600
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Shiva Burka Trojan horse
Rule Name: Default Block Spy Sender Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 1807
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Spy Sender Trojan horse
Rule Name: Default Block ShockRave Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 1981
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block ShockRave Trojan horse
Rule Name: Default Block Remote Explorer Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 2000
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Remote Explorer Trojan horse
Rule Name: Default Block Trojan Cow Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 2001
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Trojan Cow Trojan horse
Rule Name: Default Block Ripper Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 2023
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Ripper Trojan horse
Rule Name: Default Block Bugs Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 2115
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Bugs Trojan horse
Rule Name: Default Block Striker Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 2565
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Striker Trojan horse
Rule Name: Default Block Phinneas Phucker Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 2801
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Phinneas Phucker Trojan horse
Rule Name: Default Block Rat Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: UDP protocol port 2989
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Rat Trojan horse
Rule Name: Default Block Filenail Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 4567
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Filenail Trojan horse
Rule Name: Default Block Sokets de Trois v1. Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 5000, 5001
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Sokets de Trois v1. Trojan horse
Rule Name: Default Block Blade Runner Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 5400, 5401, 5402
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Blade Runner Trojan horse
Rule Name: Default Block SERV-Me Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 5555
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block SERV-Me Trojan horse
Rule Name: Default Block BO-Facil Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol 5556, 5557
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block BO-Facil Trojan horse
Rule Name: Default Block Robo-Hack Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol 5569
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Robo-Hack Trojan horse
Rule Name: Default Block 'The Thing' Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 6400
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block 'The Thing' Trojan horse
Rule Name: Default Block Indoctrination Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 6939
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Indoctrination Trojan horse
Rule Name: Default Block GateCrasher Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 6969, 6970
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block GateCrasher Trojan horse
Rule Name: Default Block Priority Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol, port 6969
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Priority Trojan horse
Rule Name: Default Block Remote Grab Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 7000
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Remote Grab Trojan horse
Rule Name: Default Block ICKiller Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 7789
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block ICKiller Trojan horse
Rule Name: Default Block iNi Killer Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 9989
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block iNi Killer Trojan horse
Rule Name: Default Block Acid Shivers Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 10520
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Acid Shivers Trojan horse
Rule Name: Default Block COMA Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 10607
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block COMA Trojan horse
Rule Name: Default Block Senna Spy Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 11000, 13000
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Senna Spy Trojan horse
Rule Name: Default Block Progenic Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 11223
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Progenic Trojan horse
Rule Name: Default Block GJammer Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol 12076
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block GJammer Trojan horse
Rule Name: Default Block Keylogger Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 12223
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Keylogger Trojan horse
Rule Name: Default Block Proziack Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 22222
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Proziack Trojan horse
Rule Name: Default Block EvilFTP, UglyFTP Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 23456
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block EvilFTP, UglyFTP Trojan horse
Rule Name: Default Block Delta Source Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP and UDP port 26274
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block
Rule Name: Default Block Default Block Trin00 DDoS Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: UDP protocol port 34555
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block Default Block Trin00 DDoS Trojan horse
Rule Name: Default Block SubSeven 2.1/2.2 Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol ports 27374, 2774, 16959, 4267
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block SubSeven 2.1/2.2 Trojan horse
Rule Name: Default Block QaZ Trojan horse
Action: Block Internet access
Connections: From other computers
Computers: Any computer
Communications: TCP protocol port 7597
Tracking: Create an event log entry, Create Security Alert
Type: Admin
Description: Default Block QaZ Trojan horse
|
|
Legacy ID
2001092609491148
Article URL http://www.symantec.com/docs/TECH140097
Terms of use for this information are found in Legal Notices
Thank you.