q000021

The product is causing a problem on my server?

This article applies to: BlackICE Defender for Workstation.

SUMMARY

The "Defender for Workstation" version of our product is not intended for servers. It is built for consumers that do not know what services they have accidentally exposed. This article explains how to re-enable those services that have been blocked by "Defender for Workstation".

DETAILS

License Issue

BlackICE Defender for Workstation is not licensed for WinNT or Win 2000 servers. Currently, there is no technical limitation running the product on servers. Upgrading to BlackICE Defender (BID) for Server will require a BID for Server license.

Automatic Filters

By default, "Defender for Workstation" closes down all the ports lower than 1024, which includes such services as FTP and HTTP. The solution is to unblock these ports using the "Advanced Firewall Settings", or by setting the protection level to "Trusting". Either way, protection against hostile activity is still enabled by BlackICE Defender’s Intrusion Detection System (IDS).

To re-enable your services, you can do one or both of the following.

1. Add rules for your server using the "Advanced Firewall Settings". Simply add a rule for port 80, if you are running a Web server, and you should be fine. See Knowledge Base article q000012 & yet to be determined for more information on which ports should be opened.
2. Change firewall protection from "cautious" to "trusting". This essentially stops firewalling on all ports, though it leaves other protection features enabled (such as somebody crashing your server with the IGMP fragmentation exploit). See Knowledge Base article q000020 for more information.

With BlackICE Defender for Server, the protection level will be set to "Trusting" by default & all of the ports will be open.

 
Keywords: protection, trusting, port filter 
Version:  1.8.5 and newer 
Fixed:     
Modified: 2002-02-05