RISING PERSONAL FIREWALL 2008

User Manual

CONTENTS

1.	Welcome To Rising Firewall	3
2.	End User License Agreement	4
4.	Rising Corporation	9
5.	Supported OS, Languages, Hardware Requirements	10
	Installing And Uninstalling Ø Installing Rising Personal Firewall Ø Uninstalling Rising Personal Firewall	11 11 22
6.	Quick Start Ø Starting Rising Personal Firewall Ø Buttons, Menus	24 24 28
7.	Main Window & Tabs Ø Firewall Status Ø Activity Ø Startup Ø Application Rules	26 35 37 40 43
8.	Commonly-Used Functions Ø Set Security Level Ø Switch Mode Ø Select Language Ø View Log Ø Scan Memory for Trojans Ø Account Management Ø Enable / Disable Firewall Ø Connect / Disconnect Ø Exit	50 51 52 53 54 56 57 58 59 60
9.	Firewall Settings Ø Standard Ø Advanced Ø Update Ø Rules Ø Blacklist Ø Whitelist Ø Trusted Zone Ø Protocol Settings	61 62 66 69 71 72 74 78 85
10.	FAQ's	101
11.	Port List	110
12.	Contact	122

Welcome to Rising Personal Firewall

This firewall is a customizable personal information security product designed to protect your computer from attacks while online.

Rising Personal Firewall 2008 features the following:

1. Supports Multiple Users
Rising Personal Firewall provides an administrator account and a user account. You can easily switch between the two accounts, and the administrator account can be password protected. Only the administrator can modify the firewall settings and rules, or enable/disable the firewall.

2. Trojan Identification Technology
Rising Personal Firewall’s heuristic technology scans any program that attempts to connect to the Internet. The user will be alerted if suspicious activity is detected. This enables the firewall to detect new or unknown Trojans that may not be in the database.

3. Prevents Misuse of IE Features
Some Trojans take advantage of a standard feature in Internet Explorer that allows invisible browser windows to open and connect to the Internet. Rising Personal Firewall will warn the user if a malicious program tries to exploit this feature.

4. Anti-Phishing and Anti-Trojan Features
Rising Personal Firewall maintains a list of phishing and malicious websites. These websites attempt to steal personal information or download malicious code onto your computer. Users will be warned when attempting to access these websites.

5. Protects from Suspicious Modules
Hackers may add modules containing Trojans into legitimate applications. These malicious modules attempt to steal your personal information and send it over the Internet. When a suspicious module attempts to access the Internet, Rising Personal Firewall will notify the user.

End User License Agreement

This End User License Agreement (hereinafter referred to as “Agreement”) is a legally binding agreement between you (either a natural person, a legal entity or an organization) and Beijing Rising Technology Corporation Limited (hereinafter referred to as “Rising”), the proprietary right owner of Rising software, including but not limited to Rising Antivirus Software and Rising Personal Firewall, hereinafter referred to as “Software” or “Software Product”. You must read this Agreement before using the Software. Any software, electronic file, etc. related to this Agreement and used by you shall be subject to the terms and conditions of this Agreement. Meanwhile, the Agreement applies to all subsequent releases and updates of this Software. Your installation, copy, download, access or use in any other way of this Software means that you agree to be bound by the terms and conditions of this Agreement. This Agreement is as effective as any written agreement signed by you and entered into through negotiations. If you do not agree, please do not use this.

1. Definitions

1.1 “Software” or “Software Product” refers to:

(1) All contents accompanied by a disk, CD or other medium with this Agreement, including but not limited to the computer information or software owned by Rising or a third party.

(2) Related printed materials, product packages and electronic files, as well as

(3) Updates, modified versions, altered or added contents of this Software and any related tools (if any) released and licensed by Rising to you.

1.2 “Use” means access, installation, copy or functional use in any other way of the Software based on related documents.

1.3 “Purpose” means the limit and scope for you to use this Software. Your purpose to use this Software shall be determined by the Rising Software you have purchased. For example, Rising Personal Firewall can only be used for personal purpose and you shall not use this product for non-personal or commercial purpose unless written authorization from Rising has been obtained.

2. Intellectual Property Rights

This Software and any copy reproduced by you under the authorization from Rising are Rising products. The intellectual property rights are owned by Rising. The structure, organization and codes are all valuable commercial secrets and confidential information belonging to Rising. This Software is protected by Copyright Law of the People’s Republic of China, related international treaties and applicable laws of the countries where the Software is used. This Software must not be copied beyond the scope of this Agreement, otherwise an infringement to Rising’s intellectual property rights will be constituted.

You also shall not reverse engineer, decompile, disassemble the Software, or try in any way to access its source codes, except when you are explicitly and legally permitted by Rising to do so.

All information about the Software provided by Rising, and obtained by you, can only be used for the purposes licensed by this Agreement. This Software shall not be disclosed to any third party or used to fabricate any software with similar style. This Software shall not be used for any other commercial purpose without Rising’s authorization.

The use of trademark(s) including the logo(s) owned by their owners shall be in compliance with the Trademark Law of the People’s Republic of China. The registered trademarks or trademarks owned by Rising include, but are not limited to “Rising”, “Rising Software”, ”Rising” in Chinese characters, ”Rising Antivirus Software” in Chinese characters, ”Rising Antivirus” in Chinese characters and Rising Personal Firewall in Chinese characters.

Your use of this Software under the authorization of this Agreement does not imply that Rising transfers its intellectual property right to you.

3. License

This Software Product is protected by Copyright Law of the People’s Republic of China and international copyright treaties, as well as other Chinese laws and international treaties. Rising grants you a non-exclusive license to use the Software based on this Agreement as long as you follow the terms and conditions of the Agreement.

3.1 Authorized Range of Usage

For each copy of Rising’s Software Product, Rising authorizes you to use it on one PC only. Under the following conditions, however, you can use it in a multi-user environment or on a networked system:

(a) Rising has explicitly authorized you to use it in a multi-user environment or on a networked system; or

(b) You have already purchased a software license for each node or terminal you are using.

3.2 Duplication, Distribution and Spread

You shall use and duplicate the Software according to this Agreement. You must make sure that each copy you have duplicated, distributed and spread under the authorization from Rising is integral and veritable, including all information about software, electronic file, copyright and trademarks relative to this Software as well as the Agreement.

You can duplicate one copy of the Software for the purpose of backup or archive management. However, you shall not install and use it on any other PC. You shall not transfer this copy to any other person unless you are explicitly authorized by Rising.

3.3 Transfer

All or part of the Software must not be rented, leased, re-licensed or duplicated to other PC users unless an explicit authorization is obtained. However, you can transfer your right to use this Software to others under the following conditions:

(a) You simultaneously transfer the Agreement, the Software, and all other software and hardware bundled to this product altogether to others (including all copies, updates and previous versions);

(b) You no longer keep any copy, including any backup and update saved on your PCs; and

(c)The receiver accepts the terms and conditions of this Agreement, and any other terms and conditions you have accepted when you legally purchased the Software.

4. Warranty

4.1 Rising grants the warranty to entities/persons that have purchased the Software and are willing to follow the terms and conditions of this Agreement. Within thirty days since the purchase of this Software, Rising will replace the software if the Software malfunctions due to error(s) of the storage medium of the Software, and after the error is examined and verified by Rising. Errors caused by misuse, man-made damage, unauthorized use, accident and the loss of the storage medium are not covered by the warranty. To request a replacement based on above reason(s), you must return the Software and proof of purchase (voucher/invoice) to the location of purchase within the time period stated above.

4.2 Rising guarantees that the Software meets the performance requirements described in its instructions.

4.3 Rising makes no warranty on the merchantability and fitness of the Software for some special use in business purpose.

4.4 Rising does not guarantee that the Software is error-free or can function uninterruptedly. Rising makes no warranty that the Software can be effective on any PCs under any conditions.

4.5 You shall know and understand that due to the particularity of antivirus software, this Software may not be effective against every existing or future virus. You agree that Rising is not liable for any loss caused by the use of or failure to use this Software, including but not limited to operating profit/loss, service interruption, loss of business information, document and data, or for other financial losses, even if Rising is notified of the possibility of such losses, unless these losses are caused due to Rising’s deliberation or fraud.

5. License Termination

If you fail to follow any term and condition of the Agreement, Rising has the right to terminate at any time the license granted to you. After the termination, you shall immediately destroy the original and any copies of the Software, or return them to Rising.

This Agreement is governed by the laws of the People’s Republic of China. If there is any dispute on the Software with Rising, a lawsuit can be brought against Rising at the People’s Court of the City of Beijing/Haidian District.

For any question on this Agreement, or any information about Rising, please contact Rising at the following address:

Address: Room 1305, 13th Floor, Zhongke Building, No.22, Zhongguancun Street, Beijing, China

ZIP: 100080

Website: www.rising.com.cn

Tel: +86-10-82616666 (Hotline)

Rising Corporation

Beijing Rising Technology Corp., Ltd. (hereinafter referred to as "Rising Corporation"), formerly known as Beijing Rising Computer Technology Development Co., Ltd., was established in November 1991, and became a listed stock company in April 1998. Rising Corporation is the first professional software company in China dedicated to computer antivirus and related research. The company offers a variety of computer antivirus and information security related products including successful self-developed systems such as Rising Antivirus Personal Edition, Network Edition, Enterprise Firewall, intrusion detection, vulnerability defense based on multiple operating systems.

Rising Corporation boasts China's largest antivirus research and technical service team, giving the company a leading-edge footprint in technical research on antivirus and information security. In addition, Rising Corporation provides complete antivirus and information security solutions to government departments, enterprises and individual users by working closely with government authorities, domestic and overseas companies as well as participating in national information security research projects. Now Rising products and services are well received and well reputed among users.

Rising Corporation has set up four major around-the-clock network systems including "Global Computer Virus Monitoring Network", "Global Computer Virus Emergency Network", "National Computer Virus Alert Network" and “National Antivirus Service Network” in the pursuit of virus treatment. Meanwhile, Rising has formulated smooth software sales channels along with powerful marketing capability. Over the past years of development, Rising Corporation has already set its foot in international markets, including Hong Kong and Japan, based on its improved domestic sales and service systems.

Supported OS, Languages and Hardware Requirements

Supported OS

Windows operating system: Windows 95/98/Me/NT/2000/XP/2003/Vista

Note: Rising Firewall Personal Edition will not work correctly in Windows operating systems without WinSock2 support, such as Windows 95. With such an OS, we recommend you to install WinSock2 manually:

Steps:
1. Open the Rising CD
2. Enter the Tools folder
3. Double-click WinSock2.exe
4. Finish installation.

Hardware

CPU: PIII 500 MHz or higher

RAM: 64 MB or above, up to 4GB

Display: Standard VGA, 24-bit true color

Others: CD-ROM / DVD drive, mouse

Windows Vista:

CPU: 1 G Hz 32-bit (x86)

RAM: 512 MB

Display: Standard VGA, 24-bit true color

Others: CD-ROM / DVD drive, mouse

Note: We can not guarantee 100% compatibility with future hardware and software.

Languages

Rising Personal Firewall is available in Traditional Chinese, English, German and Russian. This version of Rising Personal Firewall can be used in any language version of Windows. More languages will be supported in the future.

Installing Rising Personal Firewall

Step 1: Boot your computer and start up Windows 95/98/Me/NT/2000/XP/2003/Vista. Close all other applications.

Step 2: CD installation: Insert the Rising Antivirus CD into the CD-ROM / DVD drive. The start screen will automatically load. Select “Install Rising Personal Firewall” from the menu. If the start screen does not appear, double-click Autorun.exe in the root directory of the CD and select "Install Rising Personal Firewall".

Step 3: You can select "Traditional Chinese", "English", "German" or "Russian" as the language displayed during installation. Click "OK” to start the installation.

Step 4: Click [Next] to continue.

Step 5: Read the [End User License Agreement]. Select [I Agree] and click [Next] to continue, or select [I Disagree] to exit.

Step 6: Enter the Product Key and User ID and click [Next] to continue.

Step 7: If you select “Full Install” or “Minimum Install”, click “Next” to continue. You can also customize your installation by selecting the components you wish to install. Afterwards, click “Next” to continue.

Step 8: In “Choose Destination”, select the destination folder where you wish to install Rising Personal Firewall and click "Next" to continue.

Step 9: In [Select Program Folder], choose the folder you wish to add program shortcuts to and click [Next] to continue.

Step 10: In [Installation Information], confirm that your installation settings are correct and click [Next] to continue.

Step 11: If you have selected [Scan memory for viruses before installing] in the previous step, a scan of your system memory will be performed. This process may take 3-5 minutes, so please wait patiently. During the scan, you may also select [Skip] to abort the scan and continue installation.

Step 12: After installation is complete, you can choose [Run Rising Personal Firewall] and/or [Run Registration Wizard]. Click [Finish] to complete the installation.

If you have checked [Run Registration Wizard], then the program will automatically try to connect to Rising website for product registration.

You can only obtain updates for Rising Personal Firewall after completing product registration. After purchasing Rising Antivirus, please connect to the Rising website to register as soon as possible.

If you have already registered during the installation of Rising Antivirus or in a previous installation, you will be notified that you have already registered successfully.

Uninstalling Rising Personal Firewall

Rising Personal Firewall comes with an automatic uninstall tool for easy removal of the program.

Method 1:
In the Windows Start Menu, select Programs > Rising Personal Firewall > Add or Remove Components, select [Uninstall], click [Next], and then follow the instructions displayed.

Method 2:

Open Control Panel and double click Add or Remove Program.

Select Rising Personal Firewall from the list of currently installed programs and click the Change/Remove button to uninstall.

After uninstalling, click [Finish] in the new window. If [Delete installation directory] is checked, the installation directory for Rising Personal Firewall will be deleted. If [Restart Windows] is selected, the computer will restart to ensure the complete removal of installed files.

Quick Start

Starting Rising Personal Firewall

There are four different methods used to start Rising Personal Firewall:
Method 1:

In the Windows Start Menu, click on Select Programs > Rising Personal Firewall > Rising Personal Firewall to start Rising Personal Firewall.

Method 2:
Double-click the shortcut icon on the desktop to start Rising Personal Firewall.

Method 3:

Click the shortcut icon on the Quick Launch bar to start Rising Personal Firewall.

Method 4:

Double-click the Rising Personal Firewall icon in the system tray to start Rising Personal Firewall.

In addition, the firewall will automatically start during system startup when Auto Start Mode is configured (refer to General Settings). You can double-click the tray icon or right-click the tray icon and select [Open Main Menu] to go to the main window.

Main Window and Tabs

Main Window

Main Window Contents

Menu Bar: The menu bar is located on the top of the main window, and contains the Actions, Settings and Help menus. For more information, please refer to Menus.

Buttons: Buttons are located on the right side of the main window, and contains the Enable/Disable, Connect/Disconnect, Update Now and View Log buttons. For more information, please refer to Buttons.

Tabs: Tabs are located on the top of the main interface, and contains the Firewall Status, Activity, Startup, Application Rules, Vulnerability, and Recent Security News tabs. For more information, please refer to Tabs.

Security Level: The Security Level slider bar is displayed in the bottom-right corner of the main window. Drag the slider to the preferred security level. For more information, please refer to Set Security Level.

Current Version & Updated: Current Version and Updated are displayed at the bottom of the main window.

Buttons

Buttons are located on the right side of the main window, and contains the Enable/Disable, Connect/Disconnect, Update Now and View Log buttons.

Icons and Functions:

	This button activates and deactivates firewall protection. If the button displays “Disable”, clicking it will stop firewall protection. If firewall protection is disabled, this button will display “Enable”. Clicking it will start firewall protection. You can also enable and disable the firewall in the “Actions” menu under Actions > Enable and Actions > Disable.
	Clicking this button will disconnect your PC from the network as if your network cable has been unplugged from the computer. Your computer cannot be accessed from the network, nor will your computer be able to access the network. This function is particularly useful when under frequent attack from the network. While the computer is disconnected, this button will be changed to “Connect”. Click it to restore the network connection. You can also select this action from the “Actions” menu under Actions > Disconnect and Actions > Connect.
	Click on “Update Now” to check for and download new updates for Rising Personal Firewall. You can also select this action from the “Actions” menu under Actions > Update. For more information, please refer to Update.
	Click on “View Log” to open the Rising Personal Firewall Log. For more information, please refer to View Log. You can also select this action from the “Actions” menu under Actions > View Log.

Menus

Menus include: Actions Menu, Settings Menu, Help Menu

Actions Menu

Operation:

Disable Firewall

Disable all firewall protection. When selected, your computer will no longer be protected by Rising Personal Firewall. This option is the same as the Disable button on the main user interface.

If the firewall is disabled, this option will be changed to [Enable Firewall]. Click it to re-enable firewall protection.

Disconnect

This function disconnects your computer from the network. The computer will not be able to be accessed from an outside connection, nor will the user be able to make an outside connection. This is the most effective way to cope with numerous, simultaneous attacks (For example, if your computer is frequently being attacked using different methods, using [Disconnect] will stop them immediately). This option is the same as the [Disconnect] button on the main user interface.

After the network is disconnected, this option will be changed into Connect. Click it to resume normal network connection.

You can also right-click on the Rising Personal Firewall icon in the system tray to Disconnect.

Switch Mode

Rising Personal Firewall has three switch modes: Shopping Mode, Silent Mode and Standard Mode. These modes provide a default set of rules used to manage programs if there are no specific rules defined in “Application Rules”. Detailed settings can be configured for each mode in Settings. For more information, please refer to Basic and Application Rules.

The default action for the three modes is:

Shopping Mode: Deny network access to the application if not listed in [Application Rules] and alert the user.

Silent Mode: Deny network access to the application if not listed in [Applications Rules] and do not alert the user.

Standard Mode: Ask the user what to do if the application is not listed in “Application Rules”.

You can also right-click on the Rising Personal Firewall icon in the system tray to switch modes.

Switch Account

Rising Personal Firewall has two accounts: Administrator and User, both which have different capabilities. Using the Administrator account, the firewall settings can be changed at any time, whereas the User account can only perform basic operations. If the Administrator password is set, the User account will need the password when switching to the Administrator account.

View Log

Allow the user to access the View Log interface. This option is the same as the View Log button on the main user interface.

Scan Memory for Trojans

This action will scan for currently running trojans. While scanning, a window will pop up notifying the user that the scan is in progress. When the scan is complete, the results will be displayed.

SmartUpdate

Start SmartUpdate to update the firewall program. This function is the same as the Update button on the main user interface.

For more information on SmartUpdate, refer to Update.

Exit

Exits the firewall program. Please note that the user only exits the firewall interface without disabling firewall protection.

Settings Menu

Operation:

Detailed Settings

Open Detailed Settings to customize the settings for Rising Personal Firewall. For more information, refer to Detailed Settings.

Select Language

There are four languages to choose from, including Simplified Chinese, Traditional Chinese, English, and Japanese. Select the language you wish to use and click OK to confirm.

Connection

Use this to configure the connection settings for SmartUpdate. For more information, refer to Connection.

User ID

Set the SmartUpdate User ID. For more information, please refer to User ID.

Help Menu

Operation:

Help Topics

While using Rising Personal Firewall, you can find explanations of firewall functions as well as step-by-step guides on operating and configuring the firewall. Common questions about Rising Personal Firewall will also be answered in this section.

Rising Website
This option will open a web browser that will automatically redirect to the Rising website.

About Rising
This will open a window that displays relevant information about Rising Personal Firewall 2008.

Tabs

Tabs are located on top of the main interface and allow the user to conveniently access the firewall sub-functions Firewall Status, Activity, Startup, Application Rules, Vulnerability, and Recent Security News. The selected tab will change the main interface according to the tab contents.

4 tabs are listed below:

Firewall Status

Activity

Startup

Application Rules

Firewall Status

On the Firewall Status page, the current configuration and working status of the firewall is displayed, such as:

Firewall Status:

1. Current User: Displays the currently used firewall account. Clicking this will allow the user to switch between the two accounts.

2. Module Rules: Displays the current status of Module Rules. Clicking this will open the Module Rules window. For more information, refer to the “Module” settings under “Rules”.

Note: Module Rules are not available when Rising Personal Firewall is installed on Windows 9X.

1. Mode: Displays the mode used when determining how to handle applications not list in Application Rules.

2. Risks: Displays the number of uninstalled Microsoft critical updates and potential security risks. If the date of the last Vulnerability Check scan exceeds the maximum number of days recommended between scans, the displayed text will turn red. Clicking this will switch the interface to the Vulnerability tab.

3. Note: Displays the most recent application that was denied network access. Clicking this will switch the interface to the Application Rules tab.

4. Active: Displays the icon of all programs with an active network connection. The program currently using the network connection the most will be flashing. Clicking a program’s icon will switch the interface to the Activity tab with the program selected.

Attack Status:

1. Displays the attack name, the attacker’s IP address, attack time, the number of attacks, and the port used for the attack.

2. Locate IP: This will open the Rising IP Locate webpage, which can be used to check the country and city of the attacker.

3. Details: Clicking this will open the Rising Personal Firewall Log to view more information on the attack.

Traffic:

1. Graph: Displays two line graphs representing the number of received and sent bytes.

2. To the left of the graph are the settings for the scale of the line graphs. This setting can be changed to optimize the appearance of the line graphs.

3. To right of the graph is the number of received and sent bytes.

Activity

In Activity, you can see current network activity, current running processes, network access, module information, etc. TCP/UDP connection information is displayed here, including all TCP/UDP monitoring. Clicking the Refresh Off / Refresh On button will enable or disable automatic refresh of the currently displayed list, as shown below:

Right-click Menu:

Trojan Scan: Scans for trojans in the section of memory used by the selected program.

Go to Directory: Opens the directory where the process executable is located.

Properties: View properties of the process executable.

Expand All: Opens all sub-trees

The processes list displays information on processes and organizes all processes into a tree structure with hierarchy. Double-clicking a process will display its properties, as shown below:

1. Process Details

Displays the program path, program version, the user running the program, the startup time, and command line.

2. Modules

Right-click Menu:

Go to Directory: Opens the directory where the process module is located.

Properties: View properties of the process module.

Report suspicious files: Report a suspicious module and send that file to Rising Corporation for analysis.

Hide Microsoft Signed Items: Hide processes that have been digitally signed by Microsoft.

Hide Rising Signed Items: Hide processes that have been digitally signed by Rising.

Hide Company Signed Items: Hide processes that have been digitally signed by a company (not including Microsoft).

3. Network Activity

Here you can check the network connection protocol used by this process and the address it is connecting to.

Tab [Startup]

This tab allows you to view information about the programs configure to run during the Windows system bootup or login. It also lets you control system startup by disabling individual programs. These programs include those found in the Startup folder in the Start Menu, the Run or RunOnce registry key folder in the system registry, as well as other key locations.

The main display lists the programs that automatically run when the system boots up. This includes the item / program name, the description of the program, and path to the program. (You may need to use the scrollbar to see all the information, depending on the computer screen size.)

All items are displayed according to it startup location. Clicking an item will show more information about it at the bottom of the interface.

Items may be displayed differently depending on how the display is configured.

Operation:

Display Settings: You can right-click and select what items you want displayed. Selections with a checkmark next to it mean that it has already been enabled. Selecting it again will disable that selection.

Content Settings:

Logon Items

Service Items

Drivers

Explorer Plug-ins

IE Browser Plug-ins

IFEO

Application Initialization DLL

Logon Notifications

Winsock Service Provider

Known DLLs

File Association

Scheduled Tasks

Guide Execution

Print Monitor Items

Local Security Authorization (LSA) Provider

All

Right-click Menu:

Show Empty Items

Hide Signed Microsoft Items

Hide Signed Rising Items

Delete: To delete an item, right-click an item and select Delete Selected Items from the menu.

Copy: This will copy the currently displayed list to the clipboard. To do so, right-click and select Copy from the menu. You can also use the shortcut "Ctrl + C" to copy.

Refresh: To refresh the displayed list, right-click and select Refresh from the menu. You can also press F5 to refresh.

Go to: Right-click an item and select Go to... in the menu. If the item is a shortcut, it will take you to the folder that contains the shortcut. If the item is a registry key, Go to… will take you to corresponding registry key folder.

Properties: To check the properties of an item, right-click the item and select Properties from the menu.

Please note some registry items cannot be disabled or deleted.

Tab [Application Rules]

Application Rules displays information about the connection rules for applications that are configured by the user. The bottom of this tab contains six buttons which include Add, Delete, Edit, Clean Up, Import and Export. The user can click the button to perform the corresponding action. These actions can also be done via the right-click menu, with the exception of Clean Up.

To add a rule, click the Add button to display the Add Application Rules page. In Basic settings, you can click Browse to select the program you wish to define a rule for. The page will then display the path, company name and file version of the program. The user can then configure what action the firewall will perform when the program attempts to access the network, or when it tries to send email. Possible actions are: Deny, Allow and Ask me.

When [Check if this file has been modified] is enabled, Rising Personal Firewall will record verification information for this program. Every time the program attempts to connect to the network, it will be compared with the recorded information to check modification. If modified, the user will be alerted. If the user also selects “Alert user when network access is denied”, the user will be notified whenever the program is blocked from accessing the network.

Note: In the Advanced Options under Detailed Settings, [Alert user when applications listed in rules are denied network access] and [Alert user when applications listed in Application Rules are modified] will apply to all rules in the Application Rules list.

When a modified program attempts to connect to the network, the firewall will ask the user what to do (as shown).

When network access is blocked for the program, an alert message will be displayed (as shown).

To delete a rule, select the rule and click the Delete button. You can also right-click and select Delete in the menu.

There are three ways to edit an application rule:

Select a program and click the Edit button. The user can then proceed to modify the settings in the Edit Application Rules page.

Double-click the rule you wish to edit. The Edit Application Rules page will appear.

Right-click the rule you wish to edit and select Edit in the menu to bring up the Edit Application Rules page.

Rising Personal Firewall 2008 features a new Clean Up function. When programs are deleted or uninstalled, the firewall rule will still be in the Application Rules list. Clean Up will find all programs that are no longer exist and will delete its firewall rule.

The function [Always allow applications with verified digital signatures to access the network] can be enabled by clicking on the checkbox below the Application Rules list. If a program attempting to access the network has a digital signature, Rising Personal Firewall allows the program to do so, once it has successfully verified the signature. At the same time, the user will be notified (as shown below). A rule will also be added for this program in the Application Rules list.

After an application rule is created where the default action is [Ask me], a Rising dialog window will appear when the program attempts to access the network (as shown below):

When a program attempts to access the network, and the user chooses an action, there may be different results depending on what action is chose and which account is being used:

1. If the firewall is set to the User account and the user selects Always Allow, there may be two different results. If a password is set for the Administrator account, the user will then be asked to enter the password. If no password is set for the Administrator account, the action will run normally.

2. If the firewall is set to the User account and the user selected Allow this time, Refuse this time, or Always refuse, this action will run normally even if there is a set password for the Administrator account.

3. If using the Administrator account, any action selected will run normally, regardless of whether the Administrator password is set or not.

Commonly-Used Functions

Set Security Level
Switch Mode
Select Language
View Log
Scan Memory for Trojans
Account Management
Enable / Disable Firewall

Connect / Disconnect
Exit

Set Security Level

Steps
Open the Rising Personal Firewall main window. (Refer to Starting Rising Personal Firewall)

The security level slider is located on the bottom right corner of the main window. Drag the sliding block to the preferred security level.

Security Level Rules Definition:

Low: This setting is appropriate when the system is in a trusted network or zone. All network access is allowed unless specifically denied access by the rules.

Medium: This setting is appropriate when the system is in a normal LAN environment. Print and file sharing are allowed by default, but some potentially dangerous ports are blocked.

High: This setting is appropriate when the system is directly connected to the Internet. All network connections are monitored and will be denied, unless specifically allowed access by the rules.

Switch Mode

Steps
Method 1:

1. Open the Rising Personal Firewall main window. (Refer to Starting Rising Personal Firewall)
2. In the main window, select Actions > Switch Mode and choose your preferred mode.

Method 2:
1. Right-click on the Rising Personal Firewall icon in the system tray.

2. Select Switch Mode in the menu and choose your preferred mode.

For more information, refer to Menus, General Settings.

Select Language

Four languages can be selected to be the default language for Rising Personal Firewall: Traditional Chinese, English, German and Russian.

Steps
1. Open the Rising Personal Firewall main window.
2. In the main window, select Settings > Select Language.
3. Select a language from the Select Language window and click "OK".

View Log

STEPS
Method 1: Click the View Log button in the main window. (Refer to Button)

Method 2: Select Actions > View Log from the menu bar in the main window.

Method 3: Right-click the Rising Personal Firewall icon in the system tray and click View Log from the menu.

Log Types:
There are ten different types of logs:

System: This log records firewall system events, such as the firewall being enabled or disabled, or the computer connection and disconnection.
Attack Event: This log records IP attack events.
IP: This log records triggered IP layer events.
TCP: This log records triggered TCP protocol events.
UDP: This log records triggered UDP protocol events.
IP Rule: This log records IP rule events.
Application Rules: This log records events where the firewall rules were edited by the user.
Firewall Settings: This log records events where firewall settings were changed by the user.

Trojan Detected: This log records events that occur as a result of trojan scanning.
ARP Spoofing: View the ARP spoofing log.

Related Operations:
Up: Go to the previous log.
Down: Go to the next log.

Backup All: This button will first backup the logs and then delete the entries in the current logs. A system even will also be generated. The backup log is automatically renamed according to the backup date.

Clear Log: This button will clear all logs and generate a system event.

View Log: This button will allow you to select a previously saved log (*.dat) and import it into the current log for viewing.

Trojan Scan

Steps

1. Open the Rising Personal Firewall main window. (Refer to Starting Rising Personal Firewall)

2. In the main window, select Actions > Scan Memory for Trojans.

3. A window will appear in the bottom right corner of the main window. After scanning is complete, a message prompt will appear with the scan results.

Account Management

Rising Personal Firewall 2008 provides the user with two accounts: Administrator and User.

There are two ways to switch between the two accounts:

Method 1:

Click the Actions menu and select Switch Account.

Method 2:

In Firewall Status, click on the Current User link to switch between the two accounts.

Enable / Disable Firewall

Steps

Method 1:

1. Open the Rising Personal Firewall main window.

2. Click the Enable / Disable button on the right side of the main window.

Method 2:

1. Open the Rising Personal Firewall main window.

2. In the main window, select Actions > Enable Firewall / Disable Firewall

Method 3:

Right-click the Rising Personal Firewall icon in the system tray and select Enable / Disable Firewall from the menu.

For more information, please refer to Menus

Connect / Disconnect

Steps

Method 1:

1. Open the Rising Personal Firewall main window.

2. Click the Connect / Disconnect button on the right side of the main window

Method 2:

1. Open the Rising Personal Firewall main window.

2. In the main window, select Actions > Connect / Disconnect

Method 3

Right-click the Rising Personal Firewall icon in the system tray and select Connect / Disconnect from the menu.

For more information, please refer to Menus

Exit

Steps

1. Right-click the Rising Personal Firewall icon in the system tray and select Exit from the menu.

2. Click Yes.

This operation will not only close the main window (if open) but will completely close Rising Personal Firewall. Exiting will shut down all firewall protection.

Detailed Settings

Open Rising Personal Firewall main window and select Settings > Detailed Settings.

Standard

Advanced

Update

Rule

URL Filter

Standard

The Standard Settings contain settings pertaining to system options, log record options, mode options, etc. After configuring the settings, click “Save” to apply all settings.

Settings

Launch Firewall Automatically: The firewall will start automatically when the Windows boots up. This is the default setting.

Manually: The firewall will not start unless manually started by the user.

Rule Priority: You can select between Applications and IP as the default rule selected. When there are conflicts between application rules and IP rules, the firewall will use this selected option. For example, an application rule might allow Internet Explorer to access the network whereas an IP rule prohibits access to the Rising website. If you select the rule priority as Applications, then Internet Explorer will be able to access the Rising website. If IP is selected, you will not be able to access the Rising website regardless of whether Application rules grants IE network access.

Select user: This sets the default account used when the firewall starts up. When changed in Basic Settings, it will not apply until the next time the firewall is launched.

Sound Alert: This determines whether the computer will play a sound alert when the computer is attacked from the network. You can click Browse to select the sound file (*.wav) used for the alert.

Show Status Balloon: This option controls whether a pop-up balloon is used to display the status of the firewall. It is checked by default.

Create Logs

Choose what type of events will be recorded in the logs, such as Rule Edit events, Activity events, Options events, Application Denial events, and Trojan Scanning events.

Click the [Settings] button for detailed log settings. These settings can set the logs to an arbitrary size or can display a set number of entries per page. There is also a backup setting where the default option is to automatically backup the log when it reaches the maximum size. The user may also configure the backup log size. Click the Browse button to select the folder where the backup folder will be saved. When done configuring the log settings, click the OK button to save.

Default Actions For Programs Not Listed In Application Rules

Five modes

Screen Saver: The action used to determine network access privileges for unlisted programs when Windows is in Screen Saver Mode. The default action is “Deny”.

Locked: The action used to determine network access privileges for unlisted programs when Windows is locked. The default action is “Deny”.

Shopping Mode: The action used to determine network access privileges for unlisted programs when the firewall is in Shopping Mode. The default action is “Deny”.

Logged Out: The action used to determine network access privileges for unlisted programs when no users are logged in. The default action is “Deny”.

Silent Mode: The action used to determine network access privileges for unlisted programs when the firewall is in Silent Mode. This is a special mode designed to run the firewall without any input from the user. The default action is “Deny”.

Screen Saver, Logged Out, and Locked modes are automatically switched to according to the computer status. The other two modes must be switched to manually. Refer to Switch Mode.

Three default actions:

Deny: Request for network access by applications not listed in Application Rules will be denied without prompting the user.

Allow: Request for network access by applications not listed in Application Rules will be granted automatically without prompting the user.

Ask Me: Prompts the user to select what action to perform.

After the above settings are modified, click the Save button to apply the new settings. Click the Reset button to restore all Basic Settings to the installation defaults.

[Detailed Settings], [Options], [Advanced]

Operation Method

Method 1:

1. Open the Rising Personal Firewall main window.

2. In the main window, select Settings > Detailed Settings.

3. In the left column of the Detailed Settings window, select Options > Advanced.

Method 2:

1. Right-click the Rising Personal Firewall icon in the system tray.

2. Select Detailed Settings from menu.

3. In the left column of the Detailed Settings window, select Options > Advanced.

Settings

Security

Enable firewall before login: Enabling this option allows the firewall to start and protect the computer at system boot up, even if a user does not login. This option is enabled by default.

Scan for Trojans at startup: Enabling this option will automatically run a trojan scan as soon as the firewall starts up. This option is enabled by default.

Show Security News: Recent security news will be downloaded from the Rising website when connected to the Internet and can be found in the Recent Security News tab. This option is enabled by default.

Alert user when applications listed in rules are denied network access: An alert will be sent to the user every time an application listed in the Application Rules list is refused network access. This option is enabled by default.

Alert user when applications listed in Application Rules are modified: An alert is sent to the user whenever an application this is listed in Application Rules is modified.

Scan for Trojans when applications not listed in rules attempt network access: Whenever an application not listed in Application Rules tries to access the network, its running process will be scanned for Trojans. If the scan results indicate that the process is a potential trojan, the user will be alerted. This option is enabled by default.

Set password for Administrator: The user can choose to set a password for the Administrator account. The password would then have to be entered when switching to the Administrator account. This prevents normal users from modifying firewall settings or disabling the firewall without permission. There are also two additional options which provide an additional layer of security. If [Password required to modify settings is enabled], the Administrator account would need enter the password every time they reconfigure the firewall. [Password required to exit program] will prompt the Administrator account for the password when enabling or disabling, connection or disconnecting, or exiting the firewall.

Prompt Display Time

When applications attempt network access: This time interval is the amount of time the firewall waits for user input before executing the default action. This setting only pertains to message prompts which allow the user to select an action. The default time is 60 seconds.

When IP data packets arrive: This is the time interval before the firewall closes a message alert. The setting pertains to message prompts which do not ask for user input, such as when an application is denied network access. The default time is 30 seconds.

Popup balloon notices: This time interval is the amount of time a popup balloon stays on the screen before disappearing. The default time is 10 seconds.

The above Prompt Display Time settings can be customized by the user.

Prompt Time for Vulnerability Check

This is the number of days from the last Vulnerability Check scan before the firewall will tell you to check for vulnerabilities again. The default time is 5 days. If the number of days from the last check exceeds the set number of days, the firewall will inform you in the Risks section of the Firewall Status page.

Other Functions

Reset: Change all settings back to the installation default.

Save: Save and apply the currently configured settings.

Update

Click [Update] to configure firewall update rules. (see fig.)

Update Method

Manual update: If enabled, Rising will not check for new version. The user can click [Update Now] on the main window for update.

Notify me when there is a new version: Rising will automatically check for the latest version and notify the user to update.

Instant update: Rising will automatically update in the background without any operation from the user.

Rules

These are the settings for IP filtering rules, including:

[Blacklist]: Specified IP addresses in this list are denied communication with your computer.

[Whitelist]: Specified IP addresses in this list are permitted to communicate with your computer; fully trusted computers can be added here.

[Ports]: Allow or deny communication using specific ports. This can be configured for both incoming and outgoing data.

[Trusted Zone]: Computers in the trusted zone are allowed network access with this computer through known malicious ports.

[IP]: Contains settings for the IP layer filter rules. The filter rules configure what packet types are allowed or refused.

[Modules]: Sets up filter rules for specific DLL modules that use a network connection.

Blacklist

Specified IP addresses on this list are denied all network connections with the computer. For example, you can add IP addresses to this list that have been the source of attacks.

Content

The list displays Rule Name, IP Address, Created By and Duration.

Rules that are checked will be enabled.

Operation:

1. Add

You can click the Add button, or right-click the list and select Add from the popup menu. This opens the [Add Blacklist Rule] window.

You can input a rule name, and then select what type of IP address you wish to block. Specific will only block one particular IP address while Address Range will block addresses which fall into the range you specify. Below you can enter the IP address or range of IP addresses. Afterwards, click OK to save the rule, or press Cancel to quit without saving.

2. Edit

Select the rule you wish to edit, then right-click select Edit from the popup menu. This will open the Edit Blacklist Rule window.

Edit the rule settings, and then click Save to apply the changes, or Cancel to quit without saving.

You can also double-click a rule to open the Edit Blacklist Rule window.

3. Delete

Select the rule you wish to delete and click on the Delete button. You can also right-click the rule and select Delete from the popup window. A message prompt will appear and ask for confirmation. Click [Yes] to confirm deletion or click [No] to quit. Alternatively, after selecting a rule from the list, you can press the [Delete] key to delete the selected rule.

Using the "Ctrl" and "Shift" keys, multiple rules can be selected at once. Holding down the [Ctrl] key while clicking on rules will add to the selected rules. To use the [Shift] key to add rules, you will first need to click on a rule. Afterwards, hold down the [Shift] key and click on another rule. This will select all the rules in between, including the two that you clicked.

Whitelist
Specified IP addresses on this list are always permitted network access with the computer. For example, a VPN server can be added onto this list.

Content

This list will display the rule name and the IP address.

Rules that are checked will be enabled.

Operation:

Add

You can click the Add button, or right-click the list and select Add from the popup menu. This opens the “Add Whitelist Rule” window.

You can input a rule name, and then select what type of IP address you wish to allow. Specific will allow one particular IP address while Address Range will allow all addresses which fall into the range you specify. Below you can enter the IP address or range of IP addresses. Afterwards, click OK to save the rule, or press Cancel to quit without saving.

Edit

Select the rule you wish to edit, then right-click select Edit from the popup menu. This will open the Edit Whitelist Rule window.

Edit the rule settings, and then click Save to apply the changes, or Cancel to quit without saving.

You can also double-click a rule to open the Edit Whitelist Rule window.

Delete

Using the [Ctrl] and [Shift] keys, multiple rules can be selected at once. Holding down the [Ctrl] key while clicking on rules will add to the selected rules. To use the [Shift] key to add rules, you will first need to click on a rule. Afterwards, hold down the [Shift] key and click on another rule. This will select all the rules in between, including the two that you clicked.

Ports

The port rules settings can be used allow or deny communications through specific ports. The list displays the port number, permission status, the TCP/IP protocol this rule pertains to, and the type of computer this rule applies to.

Rules that are checked will be enabled.

Operation:

Add

You can click the Add button, or right-click the list and select Add from the popup menu. This opens the [Add Port Rule] window.

Input the port number(s) and then select the TCP/IP protocol, the type of computer, and the permission setting. Click OK to save this rule, or press Cancel to exit.

Multiple ports can be added by separating them with commas, e.g. 22, 88, 1024. You may also select a range of port numbers by using a dash (“-“). The value 3000-4000 means all port numbers between 3000-4000, inclusive.

Edit

Select the rule you wish to edit, then right-click select Edit from the popup menu. This will open the Edit Port Rule window.

Edit the rule settings, and then click Save to apply the changes, or Cancel to quit without saving.

You can also double-click a rule to open the Edit Port Rule window.

Delete

Alternatively, after selecting a rule from the list, you can press the "Delete" key to delete the selected rule.

Trusted Zone

Configuring the Trusted Zone settings allows the user to differentiate LAN connections from other network connections.

You can set an IP address range in Trusted Zones. Alternatively, you may also specify an individual LAN computer. By default, remote computers will not be added into this zone.

If your computer is directly connected to Internet (e.g. dial-up), it is suggested you do not add your IP address range to the trusted zone.

Content

The list displays the rule name, Local IP, and Remote IP in the current trusted zone. Local IP refers to the IP address used by your computer, and Remote IP is the IP address of the remote computers that you trust.

Operation:

Add

You can click the Add button, or right-click the list and select Add from the popup menu. This opens the [Trusted Zone Rule] window.

Input the rule name and the local and remote IP. Click OK to save this rule, or press Cancel to exit.

When Local IP type is set to Specific address, you can click Browse to select a local IP.

Edit

Select the rule you wish to edit, then right-click select Edit from the popup menu. This will open the Trusted Zone Rule window.

Edit the rule settings, and then click Save to apply the changes, or Cancel to quit without saving.

You can also double-click a rule to open the Trusted Zone Rule window.

Delete

Alternatively, after selecting a rule from the list, you can press the [Delete] key to delete the selected rule.

Settings for a selected Trusted Zone:

Select one of the rules for a trusted zone. Below the Trusted Zones list, you can enable or disable the options [Allow inbound/outbound ping], [Allow inbound connection from remote high-risk ports in local LAN], and [Allow outbound connection from local high-risk ports in local LAN]. Enabling these options will allow access to ports known to be used by trojans. Any change to the settings will be applied automatically.

IP Rules

The section contains the filter rules for the IP layer. Please note that adding too many rules will lower overall system performance. If configuring the firewall for a specific application, you may add a rule in Application Rules. The firewall will then automatically open the required port when needed. There is no need to add prevention rules either, since such rules are built into the firewall and will be updated automatically.

Display

The list displays the status of an IP filter rule, the name of the rule, the permission status, the protocol used, incoming data ports, outgoing data ports, and alert notification status. The IP filter rules are sorted based on the order in which the IP packets are filtered. Rules that are checked will be enabled.

Operation:

Add

You can click the Add button, or right-click the list and select Add from the popup menu. This opens the [Add IP Rule] window.

Enter a name for the rule, and select the default action used when a data packet matches this rule.

To configure the next part of the rule, select Address from the menu to the left, or click the “Next” button. You will be able to select the local IP address this rule applies to, and the remote IP address where these data packets are being sent to or received from. If the local IP is set to Specific address, you can click the Browse button to select a local IP. You may also input the local IP manually. To continue, select Protocol from the menu to the left, or click the “Next” button. You will then be able to change the protocol settings. For more information, please refer to Protocol Settings Finally, select Alert Mode from the menu to the left, or click the “Next” button. You can then configure what alerts you want to receive when a match is found:

Animate system tray icon: The Firewall tray icon will start flashing when an IP packet is found that matches the rule.

Show popup window: A window will appear notifying the user that an IP packet was found that matches the rule. It will also contain detailed information about the packet. At the bottom of the window, the user can configure what alerts to use in the future.

Show status balloon: A popup balloon will appear and notify the user that an IP packet was found that matches the rule. The notice will automatically disappear after a set number of seconds.

Sound alert: The firewall will play a sound alert when a matching IP packet is found.
Record in log: The firewall will record the event into the log when a matching IP packet is found.

Insert

Select a rule from the IP list where you want the new rule to be inserted on top of.

Click the Insert button to open the [Add IP Rule] window.

Follow the same instructions used for the Add operation.

After configuring the settings for the rule, it will be inserted in front of the rule previously selected.

Edit

Select the rule you wish to edit, then right-click select [Edit] from the popup menu. This will open the [Edit IP Rule] window.

The edit components are the same as the ones found in the [Add IP Rule] window. After the settings have been changed, click [Save] to apply the changes, or [Close] to quit without saving.

You can also double-click a rule to open the [Edit IP Rule] window.

Delete

Alternatively, after selecting a rule from the list, you can press the [Delete] key to delete the selected rule.

Import

Click the Import button and select the rule file (*.fwr) you wish to import. Afterwards, press the Open button to begin importing.

If there are rules in the IP Rules list, you will be asked if you want to delete the existing rules. Choosing [Yes] will delete all the rules in the IP rules list and add the imported rules to the list. Choosing [No] will only add the imported rules to the list. Cancel will quit the import operation.

Export

Please select the file(s) you wish to export. Click the Export button and choose the folder you want to save the rule file to. Enter a name for the rule file. Finally, click the Save button to finish saving the file. If the file already exists, you will be asked whether you want to overwrite or not.

Move: Select the rule(s) you want to move. Right-click, and select [Move Up] / [Move Down] from the popup menu. Clicking [Move Up] will move the rule(s) over the rule directly above. Clicking [Move Down” will move the rule(s) over the rule directly below. After selecting the rule(s), you can also move up or down by pressing the [Ctrl] key + the [Up] or [Down] key together.

Protocol Settings

Protocol Type

Protocols can be categorized into 11 types: ALL, TCP, UDP, TCP OR UDP, ICMP, IGMP, ESP, AH, GRE, RDP, SKIP.

Different protocol types will affect the following options:

Port

This option appears when Protocol type is [TCP], [UDP], or [TCP or UDP]. The option allows the user to set the remote and local port(s).

For the port type, the user may select Any Port, Specific Port, Port Range or Specific Ports.

ICMP

This option will only be displayed when the protocol type is [ICMP].

Specific type: This specifies a single ICMP filter type.

Select types: This will allow the user to specify multiple types for combination and control direction. Click the Select button to enter the [Check the following ICMP Types] window to select the ICMP types to be controlled. The user can specify whether to check for inbound packets, outbound packets, or both. The settings will be saved when the [Apply] or [OK] button is pressed.

Any type: This will monitor for all types of ICMP packets.

Characteristics

If the [Check characteristics box] is selected, an [Edit] button will appear. Clicking the edit button will open the [Define Data Packet Characteristics] window.

Input the offset value. Press the Insert key when the cursor is inside the Content box. A byte will be entered each time the Insert key is pressed.

The characteristics string can support up to 27 bytes. In the content box, hexadecimal numbers are shown on the left part of the content box, and ASCII characters are displayed on the right.

When you are done, click the OK button to exit. The length of the string will automatically be calculated.

TCP Flags

The Check TCP Flags option can be enabled or configured only when the protocol type is set to "TCP" or [TCP OR UDP].

To enable this option, select the [Specify TCP flag] checkbox. The type of TCP flag to check for can be configured by clicking the [Edit] button. This will open the [Check the Following TCP Flags] window.

Select the type of flags you want to check for, and press the OK button to save the settings.

TCP flags include:

URG: Urgent. This flag is used to prevent TCP data stream disruption.

ACK: Acknowledge. The receiver sends this flag when it has successfully received all data.

PSH: Push. This flag forces data delivery without waiting for buffers to fill. This means the requested data segment can be directly sent to the application program as soon as it is received.

RST: Reset. This flag is used to reset an abnormal connection and/or to refuse illegal data and request(s).

SYN: Synchronize. This is used during session setup to agree on initial sequence numbers.

FIN: Finish. A data packet with this flag bit is used to finish a TCP dialog. The corresponding port will still be open to receive any subsequent data.

Module

Rising Personal Firewall 2008 adds a new Module Rule setting. This allows the user to control what DLL modules are allowed to make network connections. When the application program attempts to access the network, the module used for network access will be checked again the Module Rules list to see if permission should be granted (as shown below). When [Enable module rules listed above] is checked, all module rules in the list will be enabled.

If the user needs to add a rule, they can click the Add button to open the Module Rules window (as shown below). The user can then click the Browse button to select the DLL module that the rule will be made for. The window will display the module name, program path, company name and file version. The user can then select whether this module will be allowed access to network. After a selection has been made, click the OK button to save the new rule.

If the user needs to edit an existing module rule, they can click the Edit button to open the Module Rules window (as shown below).

If the user wants to delete an existing module rule, they can click the Delete button.

Since modules can be uninstalled or deleted over time, a [Clean] button is provided to remove the module rules for modules that no longer exist.

The user can also import module rule files into the Module Rules list or backup current list by clicking the [Import] or [Export] button.

Note: All the above Module Rules actions can be performed by selecting the appropriate action from the right-click menu, with the exception of [Clean].

When a module not listed in the Module Rules list attempts to access the network, Rising Personal Firewall will show a message prompt, which shows the module name, risk level, etc. The user can then select the appropriate action for this module (as shown below).

For the Administrator and User account, different actions will display different prompt information. For more details, please refer to the note in Application Rules under Tabs.

ARP Spoofing Defense
ARP spoofing is occurs when a computer sends false ARP packets are to a local area network in order to trick other computers and/or the LAN gateway to trust it. This is done either to prevent data from being sent or received from a certain computer, or to spy on the data that is being sent or received to that computer. Rising Personal Firewall 2008 has improved its ARP spoofing defense in particular to this kind of attack. The settings in ARP Spoofing allows the firewall to intelligently choose which ARP packets to accept or reject (see below)

Enable ARP Spoofing Defense":

[Check ARP cache every]: to check ARP cache list in the firewall and system on a regular basis for comparison. The default setting is to check every one minute and the user can also reset the interval;

[Enable Static ARP Rules]: when it is checked, static ARP rule set by the user can be valid;

[Block IP conflict attacks]: after it is checked and when the firewall detects any IP address conflict from LAN computer, the attack will be automatically blocked and attack information will be recorded in the log;

[When ARP spoofing packets are blocked]: the user can choose "Show status balloon", "Animated system tray" and "Sound alert". The user can choose all these three options simultaneously. ARP spoofing events will be recorded when "Record in log" is checked.

Range of Protection:

[Protect all computers in the LAN]: When this is checked, ARP spoofing defense will protect all LAN computers.

[Protect designated computer addresses and static rule addresses]: When this is checked ARP spoofing defense will protect designated LAN computers. Click [Add gateway address] to add the gateway address to the list of protection. The user can click [Add] to add IP address or [Delete] to remove IP address.

When the firewall detected ARP packets received in the IP / MAC address and the machine's IP / MAC address conflict, and suggested that the dialog box shows that the IP address conflict and MAC address, the user needs to choose a trust a address static ARP table, in order to Guarantee computer communications well.

Static ARP rules

Static ARP rules are used to determine whether an IP or MAC address is real (see figure). If another computer tries to spoof an IP or MAC address, the connection will be blocked and the user alerted.

The user can add static ARP rules to protect the computer's ARP table. Computers that may have a MAC address which matches the static ARP rule may not correct IP address.

The operations are as followed:

Click on the Add button to go to the [ARP Static Rule] page.

After writing a name for the computer, you can click the Get Gateway button to automatically retrieve the IP and MAC address of the gateway server. The user can also manually input the IP address and MAC address. Finally, click on the OK button.

Please note: Enable Spoofing Defense must be checked for Static ARP Rules to work.

When the contents of an ARP packet conflict with the static ARP rules, the firewall will alert the user as shown:

In the alert window, the user can click on the Details button to view more information. The Details window will show the user the IP and MAC address of the blocked computer and the one stored in the static ARP rule. If the new computer is trusted, the user can click on "Update the static ARP rule" to automatically update the IP and MAC information. You can also click "Edit the static ARP rule" to manually edit the IP and MAC address.

Update

Registration Wizard

Connection

User ID

SmartUpdate

If you cannot access the Internet, please update Rising Personal Firewall via Rising Technical Support.

Registration Wizard

Rising provides each official user with an exclusive User ID. The user is entitled to update services only by a valid, authorized method. Only the registered user is entitled to Rising update services, so please register your product after installation.

The Registration Wizard can guide you through the registration process.

Note: Rising Registration Wizard will guide you through product registration, which will provide you with a Rising Passport. This is used as identification on the Rising website. After the Rising Passport is obtained, the user will become a member of the Rising Passport system and may enjoy various customized and personalized services on the Rising website.

There are two ways to open the Registration Wizard:
Method 1. After Rising Antivirus has finished installing, you can check "Run Registration Wizard", in the installation results.

Method 2. In the Windows Start menu, select Programs > Rising Personal Firewall > Rising Tools > Rising Registration Wizard.

Note: Please make sure to keep a record of all important information, such as your product key, user ID, etc. to ensure you have access to all of Rising’s technical support.

Connection

Steps

Open the Rising Personal Firewall main window.

In the main window, select Settings from the menu, and then click on Connection to open the Connection window.

In the Connection window, if Access Internet via proxy server is selected, the user must enter the proxy server IP address, port and user authentication (if required).

Click [OK] to save the settings.

Please ensure that your network settings are correct, otherwise SmartUpdate may not update successfully.

If you do not have access to the Internet via a dial-up network, the Access Internet via dial-up network option will not appear in the window.

User ID

SmartUpdate will check the user’s User ID to verify the authenticity of the installed copy of Rising Personal Firewall. Invalid User IDs will not be able to use Rising’s update services.

Steps

Open the Rising Personal Firewall main window.

In the main window, select Settings from the menu, and then click on User ID to open the User ID window.

While entering the User ID, it will be displayed in the text field as asterisks.

Click [OK] to save your User ID.

The User ID is automatically entered into Rising Personal Firewall during installation. There should be no need to enter your User ID again unless special circumstances arise.

SmartUpdate

Operation Method

Method 1: Click the Update Now button on the right side of main window

Method 2: In the main window, click Actions > Update

Method 3: Right-click the Rising Personal Firewall icon in the system tray and select Update Now from the popup menu

When you try to use SmartUpdate, please make sure your computer is connected to the Internet and network settings are correctly configured.

FREQUENTLY ASKED QUESTIONS

Q: Why does my installation of Rising Personal Firewall fail on Windows 95?

A: Rising Personal Firewall cannot be installed on operating systems without support for Winsock2. If you cannot install Rising Personal Firewall because of this, you can manually install Winsock2 as described below:

1. Open the Rising CD directory

2. Go into the Tools folder

3. Double-click on the WinSock2.exe program

4. Finish installation.

Q: My ADSL fails to dial up. How to can I set it correctly?

A: Your ADSL service provider may be using DHCP to assign IP addresses. Please make sure “Allow Dynamic IP” is enabled in IP Layer Rules.

Q: How do I modify the contents of a rule?

A: Double-click the rule to be modified in the relevant rule window.

Q: When does a rule modification take effect?

A: Rule will take effect right away without needing to restart.

Q: How to I delete rules in batches?

A: Use Shift + mouse click or Ctrl + mouse click to select the rules to be deleted. Then click the “Delete” button.

Q: Why are there not many IP rules?

A: When applications need to open an IP port, the system will automatically open it on the IP layer. Therefore, it is unnecessary to add IP rules for specific applications. Protection rules are configured by the system itself with automatic update, so IP rules can be automatically updated without the need for user intervention.

Q: How do I open specified rules in the default IP rules?

A: Just click the specified rule on the first column in the IP Rules list. Changes will take effect once the rule is enabled.

Q: How do I share resources?

A: Using the high security level, you can modify the local IP address as your PC's address, and modify the remote IP address as your LAN's IP scope. You can also add IP rules to allow the remote party to access ports 137-139 and 445 (if the other party is access shared resources). Using the medium security level, resource sharing is automatic.

Q: How do I share a network connection?

A: It is recommended to open ADSL routing mode and installing dial-up software on a host when setting up the gateway as the modem's IP for other PCs. You can open the proxy rule in IP Rule settings on the gateway computer connected with network, and modify the previous item. Then you can use the proxy network software to share a network connection. You can also install all patches and switch to normal security level.

Q: How to adjust the order priority in the IP Rule list?

A: You can move it by pressing CTRL + up or CTRL + down.

Q: How do I recover the IP Rule list?

A: First make sure to backup the IP rules you’ve added by exporting them to a file. Then import UserRule.rs in the installation directory, while clearing all existing rules. This will import originally installed rules. This file may be changed after each update, but will not take effect automatically.

Q: How to I modify the IP alert method?

A: If an alert menu is shown when an alert is displayed, the user can view the contents of the matching IP data packet, and modify the alert method. You can also open the IP Rule list to find the related rule, double-click to edit it, and modify the alert method.

Q: Why is it that some IP alert methods cannot be modified?

A: The Alert method for the attack rule is locked, and doesn't allow for modification. The user will not be prompted only while the firewall is in Silent Mode.

Q: How do I maximize system protection?

A: Please set the security level to high and disable all IP rules that you do not use. If your computer needs to function as a gateway, please modify the IP address range to be the same as the resource-sharing address range. If the IP address you use is 192.168.80.255, then modify the remote IP address from 192.168.80.0 to 192.168.80.255.

Q: How to restore the default settings?

A: Click the "Reset" button in the Basic Settings window, and click "Save" to restore the default settings.

Q: Why can't RsRule.fwr, DefRH.fwr, DefRM.fwr, DefRL.fwr be imported to IP rule?

A: These are Rising’s build-in rules, which will never need to be imported. They are also updated automatically, so you do not need to worry about these rules.

Q: Why are there programs with an application size of 0 and an unknown version and company?

A: Not to worry, if the program size is 0, it may be deleted.

Q: There are several modes in Detailed Settings. What do they mean?

A: The network access needs for an application program may be different when using the various modes. For your convenience, we’ve provide the user with easy support. For Logged Out, Locked and Screen Saver modes, when the computer is in a normal mode, it can be switched automatically according to the current computer status. Online gaming is a special mode. When the system detects that the user is playing the game, it will automatically switch to the online game mode. In addition, the system also provides Shopping mode and Silent mode for the user’s convenience. When in online game mode, switching modes is not allowed. It is recommended that Shopping mode should be used when the security requirements are high, such as when shopping online. Since Silent mode runs without any user input or notification, it should be used only when the rules are completely configured. (To view detailed information for each mode, refer to the User's Manual or Help Topics.)

Q: When switching modes, why is the connected program still allowed access in the new mode?

A: This is designed for the system to maintain the continuity of the network and prevent problems. Therefore, before you play an online game or start shopping online, please check your active connections and exit all unnecessary programs.

Q: What is the difference between Standard Mode, Shopping Mode and Silent Mode?

A: These are the three modes that the user can manual switch in the firewall. Using Standard Mode, the user will be prompted when a program trying to access the network is not listed in Application Rules. The other modes will deny access by default. Using Silent Mode, the user will not receive an alert, while the other two modes will alert the user.

Q: When the application program accesses the network, the prompt window closes within 60 seconds. How can I stop it from closing?

A: Double-click the area of the prompt window which displays the Risk level to keep it from closing.

Q: When an application program tries to access the network, I select [Deny]. This causes an error. How do I change the default action?

A: Open Application Rules and select the application that needs to be modified. Double-click to open detailed settings and select the action you want the firewall to do when in the different modes. Click the Save button to save and exit.

Q: Why can't the application program access the network before firewall installation?

A: If the firewall is launched after an application program has already started running, the application’s network activities will not be identified by the Rising firewall. You will need to close the program and restart it, or reboot the computer.

Q: Why doesn’t the firewall main window start during system startup?

A: In order to save memory, the main program won't start together with the system. If needed, you can click the tray icon to open the main program.

Q: Why does the firewall tray icon show an IP address and rule name, but not the version of the firewall like it usually does?

A: When the system detects a match between a data packet and an IP rule, the remote IP address and the name of matched rule will be displayed.

Q: Why can't the [Locate IP] button be clicked?

A: If there have been no attacks detected since the firewall started up, your system is considered secure. Therefore the [Locate IP] link would not be needed.

Q: What does the K mean next to the line graphs in Firewall Status?

A: The K indicates the maximum KB, or kilobytes. If the amount of traffic within 2 seconds is larger than the number inputted, then the graph will reach its peak. You can change this setting according to your bandwidth, and it will be kept until the next time the firewall starts up. It does not restrict your bandwidth and is just used for reporting purposes.

Q: There is an unknown application program that I see in network activity. How do I get rid of it?

A: In the connection information of the unknown program, right-click the program and select [Kill this process]. However, do not kill the system process. Otherwise a prompt will be displayed that the computer will restart in 60 seconds.

Q: How do I configure the logs?

A: You can set the log size in Settings and the log type to be created. By default, logs for all type of events will be created.

Q: How do I clear all of the logs?

A: When you click [Backup All] to backup the logs, then the current logs will all be cleared.

Q: How to view the most recent logs?

A: Click "Refresh" to view the most recent logs, which are sorted by type and time. The newest log is on the top.

Q: How do I view previous logs?

A: Click the [Log History] button and select the log file to be viewed. The file is named as RfwLog.year/month/day/hour/minute/second.dat.

Q: The firewall prompts me about an attack. How to do I find more detailed information in the log?

A: Open “View Log" and then "IP Events" to find detailed information on attacks.

Q: Why is there information on Trojan cleaning in the logs?

A: Whenever Rising Personal Firewall starts up, it will protect your system by scanning for and cleaning Trojans. This automatic process will be recorded in the logs if any Trojans are detected.

Q: How come my logs are getting so big that I start running out of hard disk space?

A: If you are running out of hard disk space, you can modify rules to never record log information. When a rule is added, the default setting is to record into the log. If it is not needed, you can uncheck the log option.

Q: When IP data packet information is displayed, the prompt window closes within 30 seconds. How can I stop it from closing?

A: When you receive many data packets matching the IP rules, the firewall will notify you of the latest packet, which is the most current event. You can go to the Log Viewer to see information on previous packets.

Q: During startup, the firewall prompts me that there is a failure with service communication. What can I do?

A: You can try to manually open it again. Otherwise you will have to re-install it if it continues to fail. If the service fails even after re-installing, please contact the Rising Customer Service Center.

Q: When the firewall starts up, why does it prompt for missing files?

A: You will need to re-install the firewall because some necessary files are missing.

Q: Why can't some PC in the LAN connect to my PC?

A: If any PC in the LAN is virus infected and sends data packets with viruses to your PC, Rising firewall will identify it and deny access. You can find this PC's IP address in the log.

Q: If the security level is set to high, how do I use a community broadband that requires dial-up authentication?

A: Please add the IP address of the authentication server in the dial-up software, since the server name is invalid in such a case. You can also switch the firewall to the medium security level, but that will open shared access. It is suggested you only allow the authenticated server to share resources with you and deny sharing with other machines.

Q: I'm a broadband user. Why is there an error prompt after the firewall starts up?

A: Please enable dynamic IP in the IP Rules list, because the dial-up software uses DHCP.

Q: Why can't I connect to a VPN server?

A: Please enable VPN in the IP Rules list, since port 500 is needed to negotiate the key. If Microsoft's pptp or l2tp is used, please open port 1701 and 1723 for the TCP protocol.

Q: Why can't my network administration software manage a client running Rising Personal Firewall?

A: The network administration software uses SNMP protocol to manage the client, which the remote party denies access to through this port. Please enable SNMP in the IP Rules list.

Q: I'm a Windows XP SP2 user. How can I disable the Windows firewall?

A: You need to be a system administrator and run the command "net stop sharedAccess". If network sharing is needed, please do not disable this service.

Q: I'm using financial software, but it does not start up when my firewall is running. Why is that?

A: When the financial software connects to a database, it uses the machine name. When the firewall security level is set to high, LAN resources sharing is denied. Please set the firewall to medium security and reboot the computer. When the financial software tries to connect to the database, it will only do so once. Therefore a computer restart is needed to try again. You can also add the IP address of the database machine into the trusted area. If it is a local database, add the database program into Application Rules.

Q: Why can't I connect to a LAN printer?

A: Please set the firewall in the computer connecting with the printer to the medium security level. You can also add the printer or the IP address of the computer connected to the printer into the trusted zone.

Q: After updating, the update program prompts for reboot. Why can't the firewall be opened without a reboot?

A: Updates can greatly change the program after updating, so a reboot is needed to ensure that the firewall will run smoothly.

Q: Why does the firewall prompt me with the expiration date?

A: Please check the expiration date of your firewall. If it has not yet expired, please confirm if the current user is authorized to write to Rising directory. If that does not help, please contact the Rising Customer Service Center.

Q: When there are multiple users logged into the system, how does Rising Personal Firewall interact with them?

A: Rising Personal Firewall can protect the entire PC. IP Rules alerts are valid for all users. When a user's program accesses the network, the firewall will only interact with that user’s session. Users can also have their own customized settings and skin.

Port List

TCP Port

7 = echo
9 = discard
11 = systat
13 = Daytime
15 = NETSTAT PORT
17 = qotd
18 = Message Send Protocol
19 = chargen
20 = ftp-data
21 = File Transfer
22 = SSH PORT
23 = Telnet
25 = SMTP
31 = Masters Paradise Trojan
37 = time
39 = rlp
41 = DeepThroat Trojan
42 = WINS Host Name Server
43 = nicname WhoIs
58 = DMSetup Trojan
59 = DCC
63 = WHOIS PORT
69 = Trivial File Transfer
70 = Gopher

79 = Finger
80 = WEB
88 = kerberos
101 = hostname
102 = iso
107 = rtelnet
109 = pop2
110 = pop3
111 = sunrpc
113 = IDENT
117 = uucp
119 = nntp
121 = JammerKillah Trojan
135 = loc-srv
138 = HideStole
139 = NETBIOS Session
143 = IMAP4
146 = FC-Infector Trojan
158 = pcmail
170 = print
179 = BGP
194 = IRC PORT
213 = TCP OVER IPX
220 = IMAP3
389 = LDAP
406 = IMSP PORT
411 = DC++
421 = TCP Wrappers
443 = HTTP over TLS/SSL
445 = Windows NT / 2000 SMB
456 = Hackers Paradise Trojan

464 = kpasswd
512 = exec or biff comsat
513 = login or who
514 = cmd or syslog
515 = printer
517 = talk
518 = ntalk
520 = efs or router
525 = timed
526 = tempo
530 = courier
531 = RASmin Trojan
532 = netnews
533 = netwal
540 = uucp
543 = klogin
544 = kshell
550 = new
554 = RTSP
555 = Ini-Killer Trojan
556 = remotefs
560 = rmonitor
561 = monitor
636 = LDAPS
666 = Attack FTP Trojan
749 = kerberos
750 = kerberos
911 = Dark Shadow Trojan
989 = FTPS
990 = FTPS
992 = TelnetS
993 = IMAPS
999 = DeepThroat Trojan

1001 = Silencer Trojan
1010 = Doly Trojan
1011 = Doly Trojan
1012 = Doly Trojan
1015 = Doly Trojan
1024 = NetSpy Trojan
1042 = Bla Trojan
1045 = RASmin Trojan
1080 = SOCKS PORT
1090 = Extreme Trojan
1095 = Rat Trojan
1097 = Rat Trojan
1098 = Rat Trojan
1099 = Rat Trojan
1109 = kpop
1167 = phone
1170 = Psyber Stream Server
1214 = KAZAA
1234 = Ultors Trojan
1243 = Backdoor/SubSeven Trojan
1245 = VooDoo Doll Trojan
1349 = BO DLL Trojan
1352 = Lotus Notes
1433 = SQL SERVER
1492 = FTP99CMP Trojan
1494 = CITRIX
1503 = Netmeeting
1512 = WINS
1524 = ingreslock
1600 = Shivka-Burka Trojan
1630 = POCOMO
1701 = l2tp
1720 = H323
1723 = PPTP
1731 = Netmeeting
1755 = MMS
1807 = SpySender Trojan
1812 = radius
1813 = radacct
1863 = MSN
1981 = ShockRave Trojan
1999 = Backdoor Trojan

2000 = TransScout-Remote-Explorer
2001 = TransScout-Trojan
2002 = TransScout Trojan
2003 = TransScout Trojan
2004 = TransScout Trojan
2005 = TransScout Trojan
2023 = Trojan-Ripper
2049 = nfsd
2053 = knetd
2115 = Bugs Trojan
2140 = Deep Throat Trojan
2401 = CVS
2535 = Worm.Bbeagle
2565 = Striker Trojan
2583 = WinCrash Trojan
2773 = Backdoor/SubSeven Trojan
2774 = SubSeven Trojan
2801 = Phineas Phucker Trojan
2869 = UPNP(TCP)
3024 = WinCrash Trojan
3050 = InterBase
3128 = squid Proxy
3129 = Masters Paradise Trojan
3150 = DeepThroat Trojan
3306 = MYSQL
3389 = Remote DESKTOP
3544 = MSN VOICE
3545 = MSN VOICE
3546 = MSN VOICE
3547 = MSN VOICE
3548 = MSN VOICE

3549 = MSN VOICE
3550 = MSN VOICE
3551 = MSN VOICE
3552 = MSN VOICE
3553 = MSN VOICE
3554 = MSN VOICE
3555 = MSN VOICE
3556 = MSN VOICE
3557 = MSN VOICE
3558 = MSN VOICE
3559 = MSN VOICE
3560 = MSN VOICE
3561 = MSN VOICE
3562 = MSN VOICE
3563 = MSN VOICE
3564 = MSN VOICE
3565 = MSN VOICE

3566 = MSN VOICE
3567 = MSN VOICE
3568 = MSN VOICE
3569 = MSN VOICE
3570 = MSN VOICE
3571 = MSN VOICE
3572 = MSN VOICE
3573 = MSN VOICE
3574 = MSN VOICE
3575 = MSN VOICE
3576 = MSN VOICE
3577 = MSN VOICE
3578 = MSN VOICE
3579 = MSN VOICE
3700 = Portal of Doom Trojan
4080 = WebAdmin
4081 = WebAdmin+SSL
4092 = WinCrash Trojan
4267 = SubSeven Trojan
4443 = AOL MSN
4567 = File Nail Trojan
4590 = ICQ Trojan
4661 = Emule
4662 = Emule
4663 = Emule
4664 = Emule
4665 = Emule
4666 = Emule

4899 = Radmin Trojan
5000 = Sokets-de Trojan
5000 = UPnP
5001 = Back Door Setup Trojan
5060 = SIP
5168 = Worm.Gaobo
5190 = AOL MSN
5321 = Firehotcker Trojan
5333 = NetMonitor Trojan
5400 = Blade Runner Trojan
5401 = Blade Runner Trojan
5402 = Blade Runner Trojan
5550 = JAPAN Trojan-xtcp
5554 = Worm.win32.Dabber
5555 = ServeMe Trojan
5556 = BO Facil Trojan
5557 = BO Facil Trojan
5569 = Robo-Hack Trojan
5631 = pcAnywhere
5632 = pcAnywhere
5742 = WinCrash Trojan
5800 = VNC
5801 = VNC
5890 = VNC
5891 = VNC
5892 = VNC
6267 = GirlFriend Trojan
6400 = The Thing Trojan
6665 = IRC
6666 = IRC SERVER PORT
6667 = IRC CHAT PORT
6668 = IRC
6669 = IRC
6670 = DeepThroat Trojan
6711 = SubSeven Trojan
6771 = DeepThroat Trojan
6776 = BackDoor-G Trojan
6881 = Bit Torrent
6882 = Bit Torrent
6883 = Bit Torrent
6884 = Bit Torrent
6885 = Bit Torrent
6886 = Bit Torrent
6887 = Bit Torrent
6888 = Bit Torrent
6889 = Bit Torrent
6890 = Bit Torrent

6939 = Indoctrination Trojan
6969 = GateCrasher/Priority Trojan
6970 = GateCrasher Trojan
7000 = Remote Grab Trojan
7001 = Windows messager
7070 = RealAudio
7215 = Backdoor/SubSeven Trojan
7300 = NetMonitor Trojan
7301 = NetMonitor Trojan
7306 = NetMonitor Trojan
7307 = NetMonitor Trojan
7308 = NetMonitor Trojan
7424 = Host Control Trojan
7467 = Padobot
7511 = Smart ziyi
7597 = QaZ Trojan
7626 = G_Client Trojan
7789 = Back Door Setup/ICKiller Trojan
8011 = WuLai Trojan
8102 = NetSpy Trojan
8181 = zaifei Trojan
9408 = shanquan Trojan
9535 = man Trojan
9872 = Portal of Doom Trojan
9873 = Portal of Doom Trojan
9874 = Portal of Doom Trojan
9875 = Portal of Doom Trojan
9898 = Worm.win32.Dabber
9989 = iNi-Killer Trojan
10066 = Ambush Trojan
10067 = Portal of Doom Trojan
10167 = Portal of Doom Trojan
10168 = Worm.mimail
10520 = Acid Shivers Trojan
10607 = COMA Trojan
11000 = Senna Spy Trojan
11223 = Progenic trojan
11927 = Win32.Randin

12076 = GJammer Trojan
12223 = Keylogger Trojan
12345 = NetBus Trojan
12346 = GabanBus/NetBus Trojan
12361 = Whack-a-mole Trojan
12362 = Whack-a-mole Trojan
12363 = Whack-a-Mole Trojan
12631 = WhackJob Trojan
13000 = Senna Spy Trojan
13223 = PowWow Chat
14500 = PC Invader Trojan
14501 = PC Invader Trojan
14502 = PC Invader Trojan
14503 = PC Invader Trojan
15000 = NetDemon Trojan
15382 = SubZero Trojan
16484 = Mosucker Trojan
16772 = ICQ Revenge Trojan
16969 = Priority Trojan
17072 = Conducent
17166 = Mosaic Trojan
17300 = Kuang2 the virus Trojan
17449 = Kid Terror Trojan
17499 = CrazzyNet Trojan
17500 = CrazzyNet Trojan
17569 = Infector Trojan
17593 = Audiodoor Trojan
17777 = Nephron Trojan
19191 = Worm.BlueBlaze
19864 = ICQ Revenge Trojan
20001 = Millennium Trojan
20002 = Acidkor Trojan
20005 = Mosucker Trojan
20023 = VP Killer Trojan
20034 = NetBus 2 Pro Trojan
20808 = Worm.LovGate.v.QQ
21544 = GirlFriend Trojan
22222 = Proziack Trojan
23005 = NetTrash Trojan
23006 = NetTrash Trojan
23023 = Logged Trojan
23032 = Amanda Trojan
23432 = Asylum Trojan
23444 = Worm.NetCow
23456 = Evil FTP Trojan
23456 = EvilFTP-UglyFTP Trojan

23476 = Donald-Dick Trojan
23477 = Donald-Dick Trojan
25685 = Moonpie Trojan
25686 = Moonpie Trojan
25836 = Trojan-Proxy
25982 = Moonpie Trojan
26274 = Delta Source Trojan
27184 = Alvgus 2000 Trojan
29104 = NetTrojan Trojan
29891 = The Unexplained Trojan
30001 = ErrOr32 Trojan
30003 = Lamers Death Trojan
30029 = AOL Trojan
30100 = NetSphere Trojan
30101 = NetSphere Trojan
30102 = NetSphere Trojan
30103 = NetSphere Trojan
30103 = NetSphere Trojan
30133 = NetSphere Trojan
30303 = Sockets de Troie

30947 = Intruse Trojan
31336 = Butt Funnel Trojan
31337 = Back-Orifice Trojan
31338 = NetSpy DK Trojan/BO
31339 = NetSpy DK Trojan
31666 = BOWhack Trojan
31785 = Hack Attack Trojan
31787 = Hack Attack Trojan
31788 = Hack-A-Tack Trojan
31789 = Hack Attack Trojan
31791 = Hack Attack Trojan
31792 = Hack-A-Tack Trojan
32100 = Peanut Brittle Trojan
32418 = Acid Battery Trojan
33333 = Prosiak/Blakharaz Trojan
33577 = Son of PsychWard Trojan
33777 = Son of PsychWard Trojan
33911 = Spirit 2000/2001 Trojan
34324 = Big Gluck Trojan
34555 = Trinoo Trojan
35555 = Trinoo Trojan
36549 = Trojan-Proxy
37237 = Mantis Trojan
40412 = The Spy Trojan
40421 = Master-Paradise Trojan
40422 = Master-Paradise Trojan
40423 = Master-Paradise Trojan
40425 = Master-Paradise Trojan
40426 = Master-Paradise Trojan

41337 = Storm Trojan
41666 = Remote Boot tool Trojan
46147 = Backdoor.sdBot
47262 = Delta Source Trojan
49301 = Online KeyLogger Trojan
50130 = Enterprise Trojan
50505 = Sockets de Troie
50766 = Fore Trojan
51996 = Cafeini Trojan
53001 = Remote Windows Shutdown Trojan

54283 = Backdoor/SubSeven Trojan
54320 = Back-Orifice Trojan
54321 = Back-Orifice Trojan
55165 = File Manager Trojan
57341 = NetRaider Trojan
58339 = Butt Funnel Trojan
60000 = DeepThroat Trojan
60411 = Connection Trojan
61348 = Bunker-hill Trojan
61466 = Telecommando Trojan
61603 = Bunker-hill Trojan
63485 = Bunker-hill Trojan
65000 = Devil Trojan
65390 = Eclypse Trojan
65432 = The Traitor Trojan
65535 = Rc1 Trojan

UDP Port

31 = Masters Paradise Trojan
41 = DeepThroat Trojan
53 = Domain Name Server
67 = Bootstrap Protocol Server
68 = Bootstrap Protocol Client
135 = loc-srv
137 = NETBIOS Name

138 = NETBIOS Datagram
139 = NETBIOS Session
146 = FC-Infector Trojan
161 = SNMP
162 = SNMP Trap
445 = Windows NT / 2000 SMB
500 = IKE VPN
666 = Bla Trojan
999 = DeepThroat Trojan
1027 = Worm.huigz
1042 = Bla Trojan

1561 = MuSka52 Trojan
1900 = UPNP
2140 = Deep Throat Trojan
2989 = Rat Trojan
3129 = Masters Paradise Trojan
3150 = DeepThroat Trojan
3700 = Portal of Doom Trojan
4000 = QQ

4006 = Worm.huigz
5168 = Worm.Gaobo
6670 = DeepThroat Trojan
6771 = DeepThroat Trojan
6970 = ReadAudio Voice
8000 = QQ
8099 = VC Remote Debug
8225 = Worm.huigz
9872 = Portal of Doom Trojan
9873 = Portal of Doom Trojan
9874 = Portal of Doom Trojan
9875 = Portal of Doom Trojan
10067 = Portal of Doom Trojan
10167 = Portal of Doom Trojan
22226 = Worm.Gaobo
26274 = Delta Source Trojan
31337 = Back-Orifice Trojan

31785 = Hack Attack Trojan
31787 = Hack Attack Trojan
31788 = Hack-A-Tack Trojan
31789 = Hack Attack Trojan
31791 = Hack Attack Trojan
31792 = Hack-A-Tack Trojan
34555 = Trin00 DDoS Trojan
40422 = Master-Paradise Trojan
40423 = Master-Paradise Trojan
40425 = Master-Paradise Trojan
40426 = Master-Paradise Trojan
47262 = Delta Source Trojan
54320 = Back-Orifice Trojan
54321 = Back-Orifice Trojan
60000 = DeepThroat Trojan

Contact

Rising Info-Website

Rising Email Hotline

Email: support@rising-global.com

Website: http://www.rising-global.com

China

Email: rising@rising.com.cn

Fax: +86-10-62564934

Postal Code: 100080

Adresse: Suite 1305, Zhongke Building, 22, Zhongguancun Avenue, Haidian District, Beijing, China

Website: http://www.rising-global.com