Personal Firewalls and Trusted Programs

In the last posting, I talked about changing security level to fix problems created by personal firewalls. In this posting I talk about the next thing to try, if the first two options either are not available, don't resolve the problem or there is a reason to not select a lower security level.

The next thing to try is to trust a particular program. This helps when custom software has been installed, as is generally the case with a network printer.

The easiest way to trust a program is to ensure that the firewall is configured to prompt whenever a program first attempts to make a network connection. This setting needs to be made before installing the printer software. Fortunately, firewalls often have this as their default setting, but not always.

For these prompts to occur, the firewall needs to be running. Don't disable the firewall before installing the printer software, or the prompts will not occur; while it may be tempting to turn off the firewall before installation to avoid problems, this only postpones problems to a later time. The best thing to do is to leave the firewall enabled and then look for, carefully read, and select to Always-Allow connections when prompted by the firewall software.

When the firewall is set to prompt, then as soon as a program first tries to make a network connection, the firewall should pop up a dialog asking whether to allow or block this program from what it is trying to do. There are several common problems with these popup dialogs:

1)      They can happen frequently, leading to a temptation to click quickly on something to make the dialog go away.

2)      They can be told to “go away and not come back”. To reduce how often these popup dialogs happen, they often have an option not to show them again. Although one might think this means to take the current selection (e.g., Allow Communication) and always apply this choice without prompting again, this is not always what this option means. Sometimes the firewall simply blocks without prompting. It often surprises people when they find this out.

3)      Popup dialogs are not always worded using the most clear language, so be sure to read them carefully to make the right selection.

4)      They sometimes incorrectly report that a program is attempting to make a connection to the “Internet” when the program is actually just connecting to the private local network, not the public Internet.  This surprises people and sometimes causes them to select to block the connection because they don’t know why a program needs to access the “Internet” and don’t want it to send information on the Internet. This inadvertently causes local network connections to be blocked.

Any of the above problems can lead to a necessary program not being trusted. So if problems happen after installation, it may be a good idea to check to be sure that all necessary pieces of software are trusted. So how does one find out what software should be in the firewall’s list of trusted programs?  You need to check the available documentation on the specific printer. Take the HP Photosmart C4380 wireless All-in-One as an example. The following document lists the programs that need to be trusted to ensure that scanning will work.

http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01460919&cc=us&lc=en&dlc=en&product=3221646

You can find documents like this using the method described in the first posting, repeated here:

Go to the main hp web site: http://www.hp.com/

Move the mouse over the “Support & Drivers” tab near the top of the page.

Enter the product name, such as Photosmart C8180.

Here is the key part: near the top of the page is a field called “Questions or keywords”. In this field, enter the word “networking” (or other keywords if you have problems outside of networking)

The search results will list several documents on the right side of the page, including a variety of documents with tips and solutions. There may be multiple pages of results; you can get to additional pages by clicking on the “Next” button or clicking on one of the page numbers.

Once you find the list of programs that need to be trusted, you will need to navigate the user interface of your particular firewall in order to find out how to add them to the trusted programs list.

If you uninstall the software that you have trusted, you should go back into the firewall settings to remove the trust as well.

It is probably clear that this method of trusting a program is a bit more complex and error-prone than the previously discussed methods. One thing that Hewlett-Packard does to avoid customers from having to deal with the hassle of trusting programs is to work with various firewall manufacturers to pre-configure the firewall to trust programs associated with HP printers. This only works when you have an active subscription for your firewall and you accept updates for it. Not all firewall makers have a method of pre-configuring trusted programs.