Windows Firewall instead of OneCare Firewall RRS feed

  • Question


    I have a computer where I would like to use the Windows built-in firewall, but I would like to use all the other features of OneCare.


    Is there anyway to turn off the OneCare firewall, and turn on the Windows firewall?



    Monday, November 26, 2007 9:02 PM


  • Although you *can* technically do this, there is no reason to do so *and* OneCare will be in "red" status if you do. OneCare is not designed to be part of a mix and match security solution.



    Tuesday, November 27, 2007 6:09 PM

All replies

  • Yeah, open up the program and choose "Change Settings" from the right hand bar.  The first tab is firewall, and you can disable it from there.  Windows security will pickup that you dont have a firewall on and show a little red shield in your tray, double click that (or use the control panel) and enable it.


    You can also configure the access and advanced settings of the firewall from this tab giving slightly more robust features than the Windows firewall has..






    Tuesday, November 27, 2007 1:09 PM
  • Although you *can* technically do this, there is no reason to do so *and* OneCare will be in "red" status if you do. OneCare is not designed to be part of a mix and match security solution.



    Tuesday, November 27, 2007 6:09 PM
  • I agree completely - the fact that you have the more robust configuration options within onecare enables you to have better control over what it does as opposed to sharing the platform with another security solution.


    I am in no way suggesting that you should disable this component of Onecare.

    Wednesday, November 28, 2007 4:45 AM
  • While I agree that it does provide more robust configuration, the user on the system is not running with administrator privileges, and doesn't really want to deal with having to use the "run as" command, or switch user accounts to allow an application through the firewall.  She just wants the system to work.


    The built-in windows firewall provides the level of functionality/protection that I'm looking for so there is an ease of use, and saves me time from having to update the firewall rules every time an application updates.





    Wednesday, November 28, 2007 3:40 PM
  • If the user is only using digitally signed applications, they should not be prompted to allow anything - it just works. Unfortunately, if you turn off the OneCare firewall the user will forever see the red "at risk" state of OneCare and may overlook a problem in another area.



    Wednesday, November 28, 2007 7:54 PM
  • I guess not all of the apps then are digitally signed.  For example, I had to add rules for several Citrix applications and a VPN client. 


    It would be nice if on a future release there was another setting on the OneCare firewall below the recommended setting that matched that of the built-in firewall.  Or perhaps to allow the program to recognize when the OneCare firewall was turned off, but the built-in firewall was enabled and still show the green state.



    Thursday, November 29, 2007 4:42 PM
  • Having the ability to import settings or even manage them from a OneCare Circle Hub PC for all PCs in the Circle has been suggested and it would be very helpful. The latter won't be done as that would defeat the purpose of the all-in-one security of OneCare.



    Thursday, November 29, 2007 6:39 PM
  • There certainly *IS* a reason for doing so on my XP MCE system!  With the OneCare forewall enabled, Intel's Desktop Utilities (IDU) won't run and neither will LimeWire.  The MS support person looked at my logs and said that since those programs change the ports they use every time they're run, the only thing to do right now is to disable the OneCare firewall when I want to run them.  IDU monitors my temps and so I can't ever activate the OneCare firewall.


    Tom Lake


    Friday, December 7, 2007 4:36 PM
  • Hi, Tom.

    It would seem to me that Intel has a pretty screwy program if it changes the ports every time it runs. And why would a desktop monitoring utility need access through the firewall anyway? If sounds like they need to fix their program. Limewire is, of course, another story. Not taking into account that file sharing programs are the single biggest source of malware, it also should behave normally with firewalls and provide a narrow range of ports it needs for you to open. Both programs, if they have not already been packaged that way by the programmers, need to be digitally signed and recognized by OneCare as safe. Turning off the OneCare firewall reduces your security level since the Windows firewall offers inbound protection only.


    Friday, December 7, 2007 7:08 PM
  • I just tried it.  Windows Security Center won't allow me to turn on Windows Firewall if OneCare is loaded.  I get the message:


    We're sorry.  The Security Center could not turn on Windows Firewall.....


    I also tried turing it on from Control Panel but the On/Off radio buttons are ghosted.


    Tom Lake

    Saturday, December 8, 2007 9:47 PM
  • That is by design. The OneCare firewall takes over and the Windows firewall is disabled by OneCare. To enable to Windows firewall you need to uninstall OneCare or make a change in the registry to remove the Group Policy restrictions.



    Monday, December 10, 2007 6:02 PM
  • Thank's for a good straight answer!


    Thursday, December 13, 2007 4:57 PM
  • Hi There, the discussion of wihch to put on is moot. One Care will continously change it back to it's own firewall. You can't have the two. If you disable the firewall your green light goes to red and you'll never know if there's a real alert. Personally, I don't understand why you would want to revert to Window's Firewall. One Care is a total protection program.


    I use the OneCare firewall and am content with it. If you consider the Windows firewall better, I would like to know why, pls, Skyzyk 

    Monday, December 17, 2007 2:47 PM
  • Skyzyk ,


    I can't speak for anyone else, but for my situation it is not a case of which is better, and I have not stated that either one is better.  I have other security controls in place where I am comfortable not using the outbound protection that is afforded by OneCare firewall.  If I don't use the outbound protection, it saves me time approving applications, and saves my wife frustration of applications that are not digitally signed not working.


    While having outbound protection is great and all, most people don't read or understand the warning and just hit the "Approve" button anyway, which defeats the purpose of the outbound protection.  Or worse, they get frustrated that something isn't working, and turn off the firewall.


    In my opinion, I would rather use the built in firewall, and provide only a Limited User Account for day to day use, than have outbound protection, but give the user Administrator privileges for day to day use.





    Monday, December 17, 2007 3:59 PM