Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Firewall showing in & out activity AFTER modem turned off ??

Jun 15, 2005 2:13AM PDT

Using Kerio Personal Firewall win xp home, sp2. DSL , AVG and KPF enabled. Only thing I am running after just booting up is WORDPAD, to type this.

Under "Kerio Personal Firewall OPENED CONNECTIONS AT LOCALHOST" the following are showing constant activity

Two lines for PERSFW.EXE (CONNECTED IN), with different REMOTE ADDRESS for each line.

Two lines for PFWADMIN.EXE (CONNECTED OUT), with different LOCAL ADDRESS for each line.

I am curious why these 4 items above are showing constant activity... the number of bytes is constantly increasing at different rates 20 + minutes after booting up.

NEXT>>>

I clicked... "STOP ALL TRAFFIC" ... on Kerio Personal Firewall, and ANOTHER LINE for PERSFW.EXE (CONNECTED IN) and PFWADMIN.EXE (CONNECTED OUT) just appeared in "OPENED CONNECTIONS AT LOCALHOST" and the bytes sent and received are still increasing. ( now 3 lines of each)

NEXT>>>

Then I turned the power off my DSL modem and the bytes sent and received are still increasing.

Can anyone tell me what is happening here?

Thanks a lot

Ben

Discussion is locked

- Collapse -
Try this;
Jun 15, 2005 2:42AM PDT

Google shows me these suggestions for those two files;

persfw.exe is Kerio's Personal Firewall;
http://www.iamnotageek.com/a/persfw.exe.php

pfwadmin.exe, another Kerio process;
http://www.dslreports.com/forum/remark,11735841

I'm not sure what these Kerio processes are doing, but googling them gives more results for each, and you may find a satisfactory answer.

For my part, limited though it is, Kerio is a respected firewall and I would feel reasonably secure that it is just doing its job quietly in the background.

Mark

- Collapse -
Sharing about an application I wrote.
Jun 15, 2005 2:54AM PDT

It "talks" via TCPIP among applications and someone does report that a firewall will note the transfers and if they block the port, the application rightly fails. But the data transfer is internal, but uses TCPIP as the transport between the applications.

This could be similar to your report.

Bob

- Collapse -
Yes come to think of it
Jun 15, 2005 5:01AM PDT

in one of those links I gave it did talk about communicating with localhost, so I bet that could be it.

Thanks Bob.

Mark

- Collapse -
(NT) (NT) Thanks Bob & Mark
Jun 15, 2005 11:58PM PDT