Default firewall rules for Symantec Desktop Firewall and Symantec Client Firewall

Article:TECH140097  |  Created: 2010-09-16  |  Updated: 2010-09-24  |  Article URL http://www.symantec.com/docs/TECH140097
Article Type
Technical Solution


Issue



You want to know what the default system-wide and Trojan horse settings are for Symantec Desktop Firewall (SDF) and Symantec Client Firewall (SCF). 


Solution



These are the default system-wide and Trojan horse firewall rules for SCF and SDF. They can be found by:

Starting the firewall client.

Clicking Client Firewall > Internet Access Control.

Selecting System-Wide Settings or Trojan Horse Settings from the drop down menu.

 

System-Wide Settings (16 default rules)

These are the default system wide firewall rules.

Rule Name: Default Inbound ICMP

Action: Permit Internet Access

Connections: From other computers

Computers: Any Computer

Communications: ICMP protocol using All ports

Tracking: No default tracking

Type: Admin

Description: Default Inbound ICMP

 

Rule Name: Default Outbound ICMP

Action: Permit Internet Access

Connections: To other computers

Computers: Any Computer

Communications: ICMP protocol using All ports

Tracking: No default tracking

Type: Admin

Description: Default Outbound ICMP

 

 

Rule Name: Default Inbound DNS

Action: Permit Internet Access

Connections: From other computers

Computers: Any Computer

Communications: UDP protocol on Port 53

Tracking: No default tracking

Type: Admin

Description: Default Inbound DNS

 

Rule Name: Default Outbound DNS

Action: Permit Internet Access

Connections: To other computers

Computers: Any computer

Communications: TCP and UDP protocols on port 53

Tracking: No default tracking

Type: Admin

Description: Default Outbound DNS

 

Rule Name: Default Inbound NETBIOS Name

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: UDP protocol port 137

Tracking: No default tracking

Type: Admin

Description: Default Inbound NETBIOS Name

 

Rule Name: Default Inbound NETBIOS

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: UDP protocol port 138

Tracking: No default tracking

Type: Admin

Description: Default Inbound NETBIOS

 

Rule Name: Default Outbound NETBIOS

Action: Permit Internet access

Connections: To other computers

Computers: Any computer

Communications: TCP and UDP protocols on ports 137, 138, and 139

Tracking: No default tracking

Type: Admin

Description: Default Outbound NETBIOS

 

Rule Name: Default Inbound Loopback

Action: Permit Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP protocols

Tracking: No default tracking

Type: Admin

Description: Default Inbound Loopback

 

Rule Name: Default Outbound Loopback

Action: Permit Internet access

Connections: To other computers

Computers: IP address 127.0.0.1

Communications: TCP and UDP protocols

Tracking: No default tracking

Type: Admin

Description: Default Outbound Loopback

 

Rule Name: Block access to secure sites

Action: Block Internet access

Connections: To other computers

Computers: Any computer

Communications: TCP protocol port 443

Tracking: No default tracking

Type: Admin

Description: Block access to secure sites

 

Rule Name: Default Block Inbound and Outbound ICMP

Action: Block Internet access

Connections: To and From other computers

Computers: Any computer

Communications: ICMP protocol

Tracking: No default tracking

Type: Admin

Description: Default Block Inbound and Outbound ICMP

 

Rule Name: Block Windows File Sharing

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP protocols port 139

Tracking: No default tracking

Type: Admin

Description: Block Windows File Sharing

 

Rule Name: Default Inbound Bootp

Action: Permit Internet access

Connections: From other computers

Computers: Any computer

Communications: UDP protocol ports 67 and 68

Tracking: No default tracking

Type: Admin

Description: Default Inbound Bootp

 

 Rule Name: Default Outbound Bootp

Action: Permit Internet access

Connections: To other computers

Computers: Any computer

Communications: UDP protocol ports 67 and 68

Tracking: No default tracking

Type: Admin

Description: Default Outbound Bootp

 

Rule Name: Default Block Microsoft Windows 2000 SMB

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP protocols port 445

Tracking: Create an event log entry

Type: Admin

Description: Default Block Microsoft Windows 2000 SMB

 

Rule Name: Default Block EPMAP

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP port 135

Tracking: Create an event log entry

Type: Admin

Description: Default Block EPMAP

 

Trojan Horse Settings (64 default rules)

These are the default Trojan horse rules.

 

Rule Name: Default Block Back Orifice 2000 Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP protocols ports 31337, 54321, 54320

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Back Orifice 2000 Trojan horse

 

Rule Name: Default Block NetBus Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 20034, 12345, 12346

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block NetBus Trojan horse

 

Rule Name: Default Block GirlFriend Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 21554

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block GirlFriend Trojan horse

 

Rule Name: Default Block WinCrash Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 2583, 3024, 4092, 5742

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block WinCrash Trojan horse

 

Rule Name: Default Block DeepThroat Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP protocols ports 2140, 3150, 41, 60000, 6670, 6771, 999

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block DeepThroat Trojan horse

 

Rule Name: Default Block Hack 'A' Tack Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP protocols ports 31785, 31787, 31788, 31789, 31791, 31792

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Hack 'A' Tack Trojan horse

 

Rule Name: Default Block Backdoor/SubSeven Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 1999, 2773, 54283, 7215, 1234, 6776, 27374

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Backdoor/SubSeven Trojan horse

 

Rule Name: Default Block Master Paradise Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP protocols ports 3129, 40421, 40422, 40423, 40125, 40126

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Master Paradise Trojan horse

 

Rule Name: Default Block Bla Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP protocols ports 1042, 666

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Bla Trojan horse

 

Rule Name: Default Block Donald Dick Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 23476, 23477, 3700, 9872, 9873, 9874, 9875

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Donald Dick Trojan horse

 

Rule Name: Default Block Portal of Doom Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP protocols ports 10067, 10167,

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Portal of Doom Trojan horse

 

Rule Name: Default Block NetSphere Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 30100, 30101, 30102

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block NetSphere Trojan horse

 

Rule Name: Default Block NetMonitor Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 7300, 7301, 7306, 7307, 7308

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block NetMonitor Trojan horse

 

Rule Name: Default Block TransScout

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 1999, 2000, 2001, 2002, 2003, 2004, 2005

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block TransScout

 

Rule Name: Default Block Doly Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 1010, 1011, 1012, 1015

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Doly Trojan horse

 

Rule Name: Default Block FC Infector Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP protocols port 146

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block FC Infector Trojan horse

 

Rule Name: Default Block Dmsetup Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 58

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Dmsetup Trojan horse

 

Rule Name: Default Block FireHotcker Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 5321

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block FireHotcker Trojan horse

 

Rule Name: Default Block RASmin Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 1045, 531

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block RASmin Trojan horse

 

Rule Name: Default Block Stealth Spy Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 555

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Stealth Spy Trojan horse

 

Rule Name: Default Block Attack FTP

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 666

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Attack FTP

 

Rule Name: Default Block Dark Shadow Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 911

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Dark Shadow Trojan horse

 

Rule Name: Default Block Silencer Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 1001

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Silencer Trojan horse

 

Rule Name: Default Block Netspy Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 1024

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Netspy Trojan horse

 

Rule Name: Default Block Extreme Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 1090

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Extreme Trojan horse

 

Rule Name: Default Block Ultor's Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 1234

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Ultor's Trojan horse

 

Rule Name: Default Block Whack-a-Mole Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 12351, 12362, 12363

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Whack-a-Mole Trojan horse

 

Rule Name: Default Block WhackJob Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 12631

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block WhackJob Trojan horse

 

Rule Name: Default Block FTP99CMP Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 1492

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block FTP99CMP Trojan horse

 

Rule Name: Default Block Shiva Burka Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 1600

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Shiva Burka Trojan horse

 

Rule Name: Default Block Spy Sender Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 1807

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Spy Sender Trojan horse

 

Rule Name: Default Block ShockRave Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 1981

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block ShockRave Trojan horse

 

Rule Name: Default Block Remote Explorer Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 2000

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Remote Explorer Trojan horse

 

Rule Name: Default Block Trojan Cow Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 2001

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Trojan Cow Trojan horse

 

Rule Name: Default Block Ripper Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 2023

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Ripper Trojan horse

 

Rule Name: Default Block Bugs Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 2115

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Bugs Trojan horse

 

Rule Name: Default Block Striker Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 2565

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Striker Trojan horse

 

Rule Name: Default Block Phinneas Phucker Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 2801

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Phinneas Phucker Trojan horse

 

Rule Name: Default Block Rat Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: UDP protocol port 2989

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Rat Trojan horse

 

Rule Name: Default Block Filenail Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 4567

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Filenail Trojan horse

 

Rule Name: Default Block Sokets de Trois v1. Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 5000, 5001

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Sokets de Trois v1. Trojan horse

 

Rule Name: Default Block Blade Runner Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 5400, 5401, 5402

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Blade Runner Trojan horse

 

Rule Name: Default Block SERV-Me Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 5555

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block SERV-Me Trojan horse

 

Rule Name: Default Block BO-Facil Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol 5556, 5557

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block BO-Facil Trojan horse

 

Rule Name: Default Block Robo-Hack Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol 5569

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Robo-Hack Trojan horse

 

Rule Name: Default Block 'The Thing' Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 6400

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block 'The Thing' Trojan horse

 

Rule Name: Default Block Indoctrination Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 6939

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Indoctrination Trojan horse

 

Rule Name: Default Block GateCrasher Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 6969, 6970

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block GateCrasher Trojan horse

 

Rule Name: Default Block Priority Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol, port 6969

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Priority Trojan horse

 

Rule Name: Default Block Remote Grab Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 7000

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Remote Grab Trojan horse

 

Rule Name: Default Block ICKiller Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 7789

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block ICKiller Trojan horse

 

Rule Name: Default Block iNi Killer Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 9989

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block iNi Killer Trojan horse

 

Rule Name: Default Block Acid Shivers Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 10520

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Acid Shivers Trojan horse

 

Rule Name: Default Block COMA Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 10607

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block COMA Trojan horse

 

Rule Name: Default Block Senna Spy Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 11000, 13000

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Senna Spy Trojan horse

 

Rule Name: Default Block Progenic Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 11223

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Progenic Trojan horse

 

Rule Name: Default Block GJammer Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol 12076

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block GJammer Trojan horse

 

Rule Name: Default Block Keylogger Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 12223

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Keylogger Trojan horse

 

Rule Name: Default Block Proziack Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 22222

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Proziack Trojan horse

 

Rule Name: Default Block EvilFTP, UglyFTP Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 23456

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block EvilFTP, UglyFTP Trojan horse

 

Rule Name: Default Block Delta Source Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP and UDP port 26274

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block

 

Rule Name: Default Block Default Block Trin00 DDoS Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: UDP protocol port 34555

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block Default Block Trin00 DDoS Trojan horse

 

Rule Name: Default Block SubSeven 2.1/2.2 Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol ports 27374, 2774, 16959, 4267

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block SubSeven 2.1/2.2 Trojan horse

 

Rule Name: Default Block QaZ Trojan horse

Action: Block Internet access

Connections: From other computers

Computers: Any computer

Communications: TCP protocol port 7597

Tracking: Create an event log entry, Create Security Alert

Type: Admin

Description: Default Block QaZ Trojan horse

  



Legacy ID



2001092609491148


Article URL http://www.symantec.com/docs/TECH140097


Terms of use for this information are found in Legal Notices