A personal firewall (e.g., the Norton firewall and ZoneAlarm) is a gatekeeper to the Internet. For the purpose of security, it either grants or denies Internet access, depending on how it is configured. Most personal firewalls will deny access by any program, and each new version of any program, unless you have specifically allowed access. Neither a browser nor any other program can control the firewall. If it could, that would completely defeat the purpose of the firewall.

A firewall will usually ask you whether to allow a program to connect to the Internet. In order for ShopFactory to work, you must grant it access. If you deny access, you must reconfigure the firewall to allow access.

This FAQ provides information on how to configure different firewalls to allow ShopFactory access to the Internet.

Firewall pitfalls

• When your ShopFactory program is installed or updated, you must configure the firewall to recognize the new version.
• With some firewalls, if you attempt to close or uninstall the firewall, the display closes but the engine continues to block Internet access. The EnumProcess tool for Windows lists all running processes and will help find any firewalls that may be running.
• Some firewalls require you to reboot your system for changes to take effect.
• Some firewalls have bugs in their access list. Try removing all programs, or all mention of ShopFactory from the access list.

• Firewalls can also interfere with Internet access by blocking certain operating-system tasks such as Windows "svchost.exe".
• "I had a firewall once but I removed it". Here's how to properly uninstall ZoneAlarm, Norton
  

CA Personal Firewall

The CA (Computer Associates) Personal Firewall was formerly known as "eTrust Personal Firewall". A number of support documents are available here. The following instructions are from the article Having trouble accessing applications after installing CA ISS or CA Personal Firewall 2007 (if you need more help, the article includes screen shots).

1. Open CA Personal Firewall
2. On the left panel, click on Firewall.
3. On the right, select the Application Control tab.
4. If your program has already requested internet access you will already find it within this list. To ensure the program is given the necessary access, click on the program name and then click on the Delete button.
5. A Confirm popup will ask if you want to delete the application, click Yes.
6. Close CA Personal Firewall
7. Open the program you wish to grant access. A few seconds after the program opens you will see a CA Personal Firewall Security Alert message. Within this box there will be the option to Allow or Deny the program and the ability to remember this setting. We recommend that you check the box to remember the selection for your default web browser and email program so check this box and then click on the Allow button.

Comodo Firewall Pro

This is the freeware version of the Comodo firewall. An earlier version was called Comodo Personal Firewall.

1. Right click on the icon in the system tray and select open.
2. Click on security, and then application monitor. That should display a list of applications and their rules.
3. If there is a existing rule for SFEditorU.exe select it.
   1. Press edit (or right click on the rule and select edit from the context menu).
   2. Press the application browse button and browse to your SFEditorU.exe file.
   3. Select "Specify a parent". Press the parent browse button and browse to Explorer.exe (Windows Explorer) in your windows directory.
   4. The general tab should have allow, "TCP or UDP", and IN/OUT. If it doesn't, change the settings.
   5. Press OK.
4. Otherwise press Add.
   1. Press the application browse button and browse to your SFEditorU.exe file.
   2. Select "Specify a parent". Press the parent browse button and browse to Explorer.exe (Windows Explorer) in your windows directory.
   3. The general tab will default to allow, "TCP or UDP", and IN. Change the direction from IN to IN/OUT.
   4. Press OK.

The list of rule s should have a line with SFEditorU.exe, [any], [any], TCP/UDP In/Out and a green check mark next to Allow.

Comodo doesn't have just one rule for ShopFactory, it creates ones that also specify what application launched ShopFactory. If you don't need this fine grained control rather than pressing the parent browse button select "skip parent check" to make it use one rule (and avoid specifying who can launch it). If it already has multiple rules selecting "skip parent check" in any of those rules should automatically delete the other ShopFactory rules.

eTrust EZ Firewall

1. Double click the EZ Firewall icon in the system tray
2. Ensure that the ‘Lock’ icon at the top is in the unlocked position.
3. To the left of the window, click ‘Program Control’
4. Click the ‘Programs’ tab from the top.
5. Look for your internet program (e.g. "ShopFactory") and ensure that the permissions under ‘Access’ and ‘Server’ have a green check mark (allow).
6. Look for Generic host process for win32, (Win XP and Win 2000 only). Again, ensure that the permissions under 'Access' and 'Server' have a green check mark (allow).
7. Look for Application Layer Gateway, ensure 'Access' and 'Server' have check marks.
8. Try accessing the internet again.
9. If you are still unable to connect, remove all instances of your internet program (e.g. "ShopFactory") and Generic host process for win 32 from the program list. You can remove them by right click the name and selecting remove from the popup window.
10. Once this is done, try accessing the internet again. You should get a firewall alert asking for access permission to allow the processes mentioned above, please allow them, this should get your internet working again.

Additional information is contained in CA support document, I cannot surf the Internet since installing EZ Firewall

McAfee Personal Firewall

1. Right-click the McAfee icon, point to Personal Firewall, then click Internet Applications.
2. In the Permissions list, right-click the permission level for an application, and click Delete Application Rule.

The next time the application requests Internet access, you can set its permission level to re-add it to the list. S ee this for more information.

Norton Internet Security

The Norton firewall must be configured to allow updated programs to use the Internet. If your ShopFactory application cannot access the Internet, this Symantec Knowledge Base article may help. If not, the Symantec support site offers extensive resources, including the AutoFix Tool for home users and a FAQ page.

Outpost Firewall

Make sure the Rules Wizard firewall policy is on.

PC-cillin Internet Security

A common error using the firewall component of PC-cillin Internet Security is to deny internet access to the essential process, "svchost.exe" (Generic Host Process for Win32 Services). If you mistakenly deny access, you must remove the associated entry from the list of firewall exceptions, as follows:

1. Open the PC-cillin Internet Security main console (double-click the PC-cillin icon on the Windows taskbar).
2. Click "Network Security" on the left.
3. Click "Personal Firewall" on the right.
4. Go to the "Profile Name" section and click the profile being used. This is the profile that has an icon beside it.
5. Click "Edit". The Edit Personal Firewall window appears.
6. Click the "Exceptions" tab.
7. Find and click the entry for "Generic Host Process for Win32 Services".
8. Click "Remove".
9. Click "OK" then click "Apply".
10. Check the Internet connection.

Sygate Firewall

Sygate blocks type 3 and 4 ICMP traffic by default, which can cause timeouts and failed FTP uploads. To unblock ICMP, see this post.

Windows Firewall

The Windows Firewall in Windows XP filters only inbound traffic. In Windows Vista, the Windows Firewall can filter both inbound and outbound traffic; however, outbound filtering is turned off by default.

In some cases, you may need to remove ShopFactory from the Windows Firewall exceptions list, if listed, and re-add it. The following instructions are for Windows XP sp2 (Windows Vista should be similar):

1. Close ShopFactory
2. Start -> Settings -> Control Panel -> Windows Firewall
3. General tab - Make sure the firewall is switched on and "Don't allow exceptions" is unchecked.
4. Exceptions tab - Find the ShopFactory entry and delete it.
5. Check the box next to "Display a notification when Windows Firewall blocks a program".
6. Click "OK" to exit the Windows Firewall window.
7. Start ShopFactory.
8. Windows Firewall should then ask whether you want to keep blocking or unblock. Select "Unblock".

For more information, open the Windows Start menu, go to Help and Support and search on "Firewall", or see these articles:

• Troubleshooting Windows Firewall settings in Windows XP Service Pack 2
• Windows Vista Help: Understanding Windows Firewall settings
• The New Windows Firewall in Windows Vista and Windows Server "Longhorn"

ZoneAlarm

Some Internet service providers (ISPs) send out "heartbeat" messages to see if you are still using your connection. By default, ZoneAlarm blocks these messages, and you may get disconnected. For more information, press the "Help" button and search for heartbeat in the index. Some ISPs provide a specially configured version of ZoneAlarm that you can use, or else you can configure ZoneAlarm to allow these incoming messages.

ZoneAlarm behaves in other ways the user may not expect:

• Closing the ZoneAlarm window by clicking on the 'X' in the upper right does not stop the firewall; it just minimizes the window to the system tray. To shut it down (briefly!) for testing, right click the icon in the tray and select "Shutdown ZoneAlarm".
• Uninstalling ZoneAlarm from Settings | Control Panel | "Add or Remove Programs" may not actually uninstall the firewall. The ZoneAlarm user interface (control center) may be uninstalled while leaving the actual firewall running. To completely remove ZoneAlarm, run the uninstaller in the ZoneAlarm program folder.

To configure ZoneAlarm to allow ShopFactory access to the Internet:

1. Open the ZoneAlarm control center
2. Select "Program Control" on the left
3. Select "Programs" on the top
4. Find the application's entry (e.g., ShopFactory/SFEditorU.exe) in that list and make sure there is a (green) check mark in the "Access Internet" column. Make sure the application version shown in the bottom of the window matches the version you are using.

If the previous instructions don't work, right click on the application's entry (e.g., " ShopFactory") and select "Remove". Do this for all entries for that application. The next time you start the application, ZoneAlarm should ask you whether you want to allow access.

For more help with ZoneAlarm settings, see the Zone Labs support article, Getting Started with ZoneAlarm.