Master Rules for AtGuard
Firewall Settings

Here are some suggestions for your AtGuard firewall ruleset.

The assumption is that you have already created a rule for Bootp and Localhost

Explorer
Block; Either; TCP or UDP
Application:C:\WINDOWS\Explorer.exe

Rundll32
Block; Either; TCP or UDP
Application:c:\windows\rundll32.exe

Rundll
Block; Either; TCP or UDP
Application:c:\windows\rundll.exe

Outbound ICMP
Block; Outbound; ICMP, any type

Outbound NETBIOS
Block; Outbound; UDP
Service:Remote service:List of services: nbdatagram, nbname

NETBIOS Port 137-139
Block; Either; TCP or UDP
Service:Local service:Service range: First port number:137: Last port number:139
(do the same for DCOM port 135)
(do the same for port 445)

Put your regular apps here

2 entries for each app (DNS first, TCP second):

one for the app to use DNS
eg: Netscape DNS
Permit, Outbound, UDP, Application, C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\NETSCAPE.EXE,
Service: Remote Service: Single Service: domain

one for the app using TCP
eg: Netscape TCP
Permit, Outbound, TCP, Application: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\NETSCAPE.EXE

Outbound DNS
Block; Outbound; UDP
Service:Remote service:Single service: domain

Block Everything Else
Block; Either; TCP or UDP

To create a log for any of the above, tick the "writing an event log" box on the Logging tab.
For Outbound DNS, you may want to also tick the "dashboard notification" box on the Logging tab.
The last rule means that you should not get any firewall rule assistant boxes popping up.
Also remember, that a permit outbound rule means implicit inbound, and a permit inbound rule means implicit outbound

Why block Outbound DNS? For those nasty programs that want to talk to momma and don't let you know first. (Even a well known accounting package does this.) It also plugs the security hole of a trojan using a trusted app name. Since each app is specified by location/name, a trojan would have to actually replace the app in its directory. (Use niscrc to do MD5 checksums on your trusted apps.)

Note
Symantec bought the AtGuard technology and incorporated it into Norton Internet Security. Many people ask where the dashboard went. It's still there.
To get the dashboard in NIS 2.5 create the following shortcut:
"C:\Program Files\Norton Internet Security\IAMAPP.EXE" -appbar

For those who update NIS to 2.55 and want to keep your current Ruleset, from Sarah Dean is an excellent page and small program from Sarah Dean's Norton Firewall Update Ruleset Fixer page which helps explain the process and gives you the tools to do it.

Block IGMP. As well, a number of topics are covered here, with links to many @guard related pages.

Here is an excellent site - Privacy Security by Eric Howes. Look at the AGNIS topic.

Some Atguard utilities are here! Here is the "unofficial" @Guard FAQ.

To see if your firewall blocks possible trojan activity which uses your browser process space, please go to Robin Keir's website for a great discussion of the vulnerability and a little test program, called FireHole. Another little test program can be seen at Bob Sundling's webpage.

Other apps which are very similar to AtGuard you may wish to try. Unfortunately, none of them appear to have the Javascript, Ad and Cookie blocking features of AtGuard. However, you could use Proxomitron with the firewall - which I do.
Sygate Personal Firewall -|- Tiny Personal Firewall -|- NetPeeker Firewall -|- Look n' Stop Firewall -|- Kerio Firewall