Firewall Tutorial: Using Online Armor Firewall in Windows

Firewall Tutorial:  Using Online Armor Firewall in Windows
Page content

Firewall Protection by Emsisoft

Emsisoft, the maker of the popular Emsisoft Anti-malware and Mamutu programs has acquired Tall Emu’s widely-used personal firewall software, Online Armor. The new vendor of Online Armor has improved the program by releasing a new version of the firewall software with new features and improvements. If you are planning to use third-party firewall protection and considering Online Armor, read on to learn how to use the software in your Windows computer.

Preparation and Installation

Online Armor runs only in 32-bit editions of XP and Vista computers, but it will also run in both 32-bit and 64-bit edition of Windows 7. If you are using 64-bit version of XP and Vista, do not download or install the Online Armor program.

The Windows 7, Vista, and Windows XP operating systems include firewall protection out of the box. You don’t have to disable Windows firewall before installing Online Armor because this third-party software will disable it for you. If you are using other firewall programs such as Outpost, ZoneAlarm, or Privatefirewall, you will need to remove it from your computer before proceeding to install Online Armor software.

During installation of Online Armor, you will receive two Windows security warnings about “TLEM network service and adapters.” Simply allow the installation because those are software drivers required by Online Armor.

An Internet connection must be active when installing Online Armor because you will go through some steps that require a connection. The installer will prompt for your email address to register and activate the program, even with the free version of the firewall software. Another reason an Internet connection should be active is because the setup will launch a “Safety Check Wizard.” This safety check process is essential to run because it will download available and necessary updates for Online Armor. It will also connect to the Emsisoft servers to check the trustworthiness of files found on your system against their database. They are using Online Armor Software Information Service (OASIS) that helps the firewall software determine if the programs and processes in the computer are known or unknown. If any files or programs in your computer are unknown, you will see “Needs Attention” in the scanned section. You will need to decide whether to allow or deny the software to use the Internet. If all files or processes in your computer are known and trusted already, you will see “Passed” shown in the scanned area.

Note that the safety check wizard in Online Armor provides two types of wizard: Trust everything on this computer and a Step-by-step wizard. If you are not familiar with rule-based firewall program, choose the first option. Advanced users may want to use the latter to ensure that you are only allowing programs that you want the firewall to use any traffic.

A computer restart is required to finish the installation of the firewall program so all drives and configurations will take effect.

Using Online Firewall Protection

Computer novice users will be able to take advantage of Online Armor’s learning mode feature. This mode will run only for 2 minutes, when the safety check wizard has completed and after the computer has restarted. In learning mode, the firewall will monitor the behavior of programs in your computer. This allows the firewall software to be configured properly and let Windows run normally as it should. However, if the computer is infected with malware, the learning mode will also allow it to run! Be sure that your PC not infected before using learning mode.

If you are using the free edition of Online Armor, you have no other option but to use the software in standard mode. This mode suits most end-users especially inexperienced computer users. In standard mode, you will receive firewall alerts asking you to allow or block an unknown program to access the Internet. You won’t see how a program communicates, e.g. what port and protocol is used, or country and IP address of the remote computer. When you allow or block a program or processes, Online Armor will do the rest.

Paid customers of Emsisoft will be able to take advantage of Advanced mode and Banking mode. Advanced mode displays more information whenever a program tries to use the Internet connection. In banking mode, you’ll be taking advantage of using the trusted and protected domains that Emsisoft is maintaining. When you visit a financial site or use an online banking service, the program will make sure that you are not visiting a fraudulent website. Note that any setting you apply in any of these modes will take effect in any type of mode you’ll use.

The first firewall alert that you might receive from Online Armor is the “network detected” alert. Here are some tips on how you should respond to this alert:

  • Home users that uses single computer and do not require sharing folders or printers to other computer or devices should keep Trusted Network unchecked. However, if you have networked-devices, you may wish to keep Trust network box checked.

  • Office computers should not trust the detected network so the firewall will block potential intruders. You will only trust computers in your office but not the network and you will do this by opening the Firewall settings and then select individual computers to trust so you can continue to share folders and printers. Any server applications in an office computer should edit the firewall rules, allowing incoming connections to include endpoint restrictions.

  • Laptop users and Hotspots - If you are using a public network, you should not put a check mark for Trust Network box because it’s unsecured network. Laptop users shouldn’t trust public networks, as well.

Firewall alerts with RunSafer

Firewall Alert with RunSafer option

In some events, a firewall alert might give you an option to use RunSafer. This feature helps in protecting your computer from running an application with administrator permission. If you selected to use RunSafer feature in any application, you will be running the program with a Limited User permission. What it means is that the program will not be able to modify any setting in the computer that requires administrator permission.

RunSafer is only recommended to use when using applications that handle Internet content, such as web browsers, instant messengers, word processors, document viewers or readers, media players and more. Some malware that tries to use the said applications will not succeed to modify the computer if RunSafer is enabled. Do not apply the RunSafer option to programs that require updating or modification in the system or to the program itself.

Note that when a program is using the RunSafer mode, you will notice a colored border around the application window.

Managing the Firewall

Online Armor provides the following features or options that you can use to manage or customize. Take note of the tips in some section when customizing or managing the firewall software.

  • General setting - Keep the default general settings in placed to take advantage of OASIS, strengthening protection and make Online Armor easier to use. You should only check the “enable multi desktop support”, if you accessed virtual desktops. Paid users of Online Armor may want to choose Advanced and Banking modes only if you have to. Standard mode is enough to protect your computer against intruders and unauthorized access.

  • Firewall - You should also keep this setting untouched except putting a check marks before the boxes of enable logging (for all editions) and Filter invalid MAC addresses (for paid users via Advanced mode).

  • Exclusions - if you are using software that uses a proxy server as web shield protection, you might want to add it in this tab. An example is Avast antivirus program. You can also add other malware scanner program folders in this tab so Online Armor will not monitor its activity. Note that you should only use this option if you are having trouble in using the other programs with Online Armor.

  • Backup, restore and hotkeys - these features are available for paid edition of the firewall. You can back up the configurations and restore when needed. Hotkeys allow you to control the program using combinations of keys on your keyboard.

  • Programs - Online Armor also includes program control and Host-based intrusion-prevention system (HIPS) function that allows you to allow or deny the use of Internet connection. In this section, you will be able to choose which applications to be trusted or allowed by the firewall program. You can also configure a certain program to always use RunSafer mode. When setting up the program control options, it is best to select “hidden process detection” which is not enabled by default. By enabling this feature, you will be notified by Online Armor whenever there is a program that tries to conceal itself e.g. the program runs but its’ processes is not visible in Task Manager so you cannot shut it down.

  • Autoruns - The firewall software by Emsisoft also detects the programs in your computer that will automatically start whenever the computer is restarted or turned on. Don’t touch anything in this list unless you know what you are doing. Online Armor will display a pop-up, if program in the list tries to run and requires an Internet connection. Only then you should decide to allow or block.

  • Domains - The firewall program also includes protection against fraudulent websites. Free and paid users of Online Armor will be able to use Online Armor domains list or manually add websites to trust, protect or block. Be very careful in adding websites in this area because some legitimate websites can be compromised.

  • Anti-Keylogger - Any application that can record your keystrokes is considered a keylogger by Online Armor. There are legitimate keyloggers and there are programs that act like a keylogger even though it is not a keylogger application. If ever Online Armor display a keylogger detection, review which program is being detected. An example is the screenshot below where Online Armor thinks Virtual PC application by Microsoft is a keylogger. If you are using such application, you will allow the behavior or trust it.

    Firewall Alert on Keylogger Detection

  • Hosts file - Changes to the Windows Hosts file is monitored by Online Armor. You shouldn’t allow any program to modify your hosts file except hosts file managers or programs that can help protect a host file e.g. HostsXpert or HostsMan, SUPERAntiSpyware, Spybot-Search and Destroy, et al.

Tray Icon

Online Armor’s tray icons include handy commands to using the firewall program. When you want it to be silent, simply exit the tray icon by clicking on “Close GUI Interface”. When it is closed, the firewall protection is still active but in silent mode. This is useful for PC gamers or end-users that are using application in full screen mode.

All of the protections offered in free edition of Online Armor can be disabled or enabled using the tray icon, as well. You can also choose to block all network traffic, set a password or switch to learning mode.

OA Tray Icons

Note that the other tray icon only shows the firewall activity. If you don’t want this green icon, simply disable it via Options > Firewall tab > uncheck the box for “show firewall activity in tray.”