Advanced Port Blocker Help

Emsa Advanced Port Blocker is an internet Port Blocking Tool, Connection Viewer, TCP Monitor and Logger.

It works by monitoring TCP connections and accesses to ports on your computer and blocking certain connections if necessary, as configured by per user rules. It also works in reverse, blocking certain unwanted connections from locally installed software to remote servers and websites. So basically all connections are monitored and automatically blocked whenever necessary.

This tool is particularly useful today when we have very little control over the massive amounts of data being sent from away from our computer to unknown third parties.

A ton of our own private data is sent automatically to lots of unknown companies and servers without us being informed about what is being sent. Also, some remote users might be trying to connect to our computer without our knowledge or consent in some cases. This tool comes in handy to bring this very needed control back to us. You can allow whatever connections you want to be permitted, and control/block everything else.

The product features a built-in connection monitor/viewer, allowing the user to track connections in realtime. The built-in Logging utility saves all the actions to disk and the log can be used for later inspection. Additionally, hostname-based blocking allows the program to automatically detect and block certain websites or group of websites based on rules set by the user. Wildcards are supported for hostnames and in this way a large range of hosts can be defined.

Port blocking works by setting blocking rules. Rules can be set for local ports, remote ports and remote IP addresses; also hostname-based rules can be set. Ports and IP addresses can be added in multiple ways, either as single port/single IP address, or port/IP list and IP range. Combined rules can be set by configuring more than one rule type; for example a remote IP address + local port will prevent certain remote websites to connect to your local computer running software.

There is a lot of flexibility in configuring rules. Also, the programs features an "Allowed IP list" that works as a whitelist for certain IP addresses. The product automatically detects local IP addresses on startup and therefore they can be automatically added to allowed list, this ensuring all local communication is never blocked (recommended).

This product is lightweight, small in file size and occupies a rather small amount of memory. While this is a challenging task for the amount of operations it performs, we went to great lengths to ensure the highest performance and minimal load is available.

• Fast blocking engine, low CPU usage, small memory utilization
• Combined blocking rules: Remote IP addresses can now be mixed with local ports and remote ports, and in this way a combined blocking rule will be created; this allows much better blocking control
• Block by Hostname with wildcard support - simply add a hostname and all ip addresses associated with that hostname will be blocked while connecting. Wildcards are available; for example *google.com will block any remote IP address belonging to this domain
• Multiple ways of specifying Ports and IP addresses: Single item, List or Range (Start Port - End Port)
• Embedded multi-thread DNS resolver - the program resolves hostnames via any IP address that connects to your computer, and provides information about domains/websites/servers connecting and exchanging data with your computer
• Improved connection viewer; displays Local Port, Remote Port, Local IP, Remote IP, Remote Hostname (resolved), Process ID (PID) and Process name
• The Logging feature logs all connections, detected hostnames and connections blocked - the log is saved to disk and can be analyzed later
• One log per day supported / OR single log
• Block ALL connections (panic mode) while still logging everything that happens
• Block only new connections and log while keeping the existing connections active (beta feature)
• All connections and lists can be exported to file, either as CSV or TXT
• Statistics of connections table - Displays number of connections breakdown by TCP state
• Freeze connections list - permits the user to temporarily "freeze" the user interface. In this way the interface will not change all the time due to the ever changing dynamic of IP connections. In this way the user can better view the situation or focus on a particular entry in the list; the program still runs normlally in the background and logs everything
• Manual refresh connection - refreshing the connections while in frozen state - get a new static snapshot over the connection table. Useful when looking for a particular momentary record or visually focusing on a specific set of connections
• Delete all log files - will delete /cleanup all program's log files - useful when log per day option is used
• AutoRun at system startup - will start the program right when the computer is restarted and logged
• Run minimized - automatically minimize the program to system tray icon on startup
• Many others

Emsa Advanced Port Blocker continuously monitors the local computer TCP connections table for any changes.

When a new connection occurs, this will be detected within a millisecond, and it will be checked immediately against all the blocking rules configured by the user that might apply. The full check takes only a fraction of a second. If there is a blocking rule match, then the connection will be immediately terminated by the program. In order to benefit from continuous blocking, please keep the program always running (minimized in system tray).

Due to the way it works, the program can be safely used in conjunction with any existing firewall as it will not interact with it. Furthermore, it does not require special drivers that often interfere with Windows system stability in some cases. It is lightweight and compatible with all modern Windows systems starting with Windows 7. The blocking engine runs on separate threads, and therefore it will not be affected by whatever state the interface is in, ensuring port blocking works with maximal efficiency.

Important: Please note that this is a powerful tool, able to block any program from communicating, including background services. However this is what our users actually intend! But it has to be done properly. Therefore, just make sure you set all the rules correctly based on your needs. You do not want to mistakenly block programs that you still want to be able to connect (for example a backup program, anti-virus or system updates - these should normally be allowed to run). BTW this program does not intervene, change or close other programs; it just limits their ability to communicate via TCP connections as per the user's blocking rules.

By default, the program does not block anything, and all programs are allowed to communicate normally. In order to start blocking, you need to create at least one blocking rule.
Once installed, you can find the program in your Start Menu (Windows 7), or Desktop if you have chosen to place a shortcut on desktop during install. On Windows 8.1 you can also use the search function to locate the program on Modern UI. Just click on the icon to get the program starting.

Stopping: To stop the program, simply close the main window by clicking on the close button at the top. A confirmation message will appear then the program will terminate. Although the main window closes immediately, please note that the shutdown sequence might take a few seconds to allow the clean shutdown of background networking threads. If you click on minimize this will place the program in system tray as an icon (still running in background).

Please note that while the program is closed and not running in background (system tray), it does not block any ports.

To keep Advanced Port Blocker run in the background, minimize the main window and the product will minimize to an icon in the system tray. While minimized, it will still run normally and block connections as per user rules. To show the main window again, click on the system tray icon.

If you want the program to automatically run at startup, please go to the Options tab and check the "AutoRun at system startup".

Check this one if you want the program to always start minimized to system tray icon ( in the Options tab ).
In the next page we start presenting the main program tabs and how they should be used.
In this tab you will immediately notice the main connections view window. This is a grid-style viewer that shows the status of all TCP connections, and displays the following data fields:

• Local Port
• Remote Port
• Local IP address (computers might have several local addresses depending on number of networking interfaces)
• Remote IP address (the IP of the remote computer
• Connection State
• Hostname (once resolved, hostnames appear in this column)
• PID = process id (the same as you will see in Task Manager)
• Process name = the application being connected.

If you double-click any cell in the main grid, the contents of that cell will be copied to clipboard so then you can paste it elsewhere.
If this option is enabled, Advanced Port Blocker will constantly attempt to match any new remote IP addresses with their hostnames (resolving IP addresses).

Please note that hostnames do not appear instantly in the list; they have to be resolved first. This is called reverse DNS lookup, and might take a few seconds to complete for each connection (sometimes up to 15 seconds or so if the remote DNS server does not respond quickly).

Whenever there is a new remote IP address detected in local connections table, a reverse lookup is performed automatically to get the hostname of that IP. The list of hostnames will gradually get filled within the connections window, over the next few seconds. The program uses multiple threads to resolve remote hosts, however a balance is kept between the speed of resolving and system resources usage to keep the program as lightweight as possible.

Process names are also detected loaded for each application that connects to the internet. This is an important feature as now you can tell what application is connected to what remote IP (and website).

Protected processes usually appear in the list a few seconds after product launch as they use a different detection process. The PID (process id) is the same as you commonly see in Task Manager.

On the right side of the connections tab there is also the connection statistics box. This is a small list of how many connections are currently active per each type of TCP state. At the bottom of the list, the grand total is also displayed.
On the top right side of the connections tab, there are a few options that control how the connections viewer works. Here they are: If checked, the interface shows only active connections, currently connected (ESTABLISHED state). By un-checking this checkbox you will be able to view ALL connections including ports that are opened in listen mode. This is useful to view what applications are currently listening on certain ports. It is pretty normal to have tens of different applications listening at once on a given computer. Side note, with Windows 10 the number of default connections in the system is much bigger than the older operating systems.

This checkbox hides the connections between applications running on local machine (localhost). It is normal for various applications or components to communicate between each other via TCP connections, it is one of the ways to ensure inter-process communication. In most cases you would want to leave this option checked (it is checked by default).

You can turn hostname resolution off by un-checking this option, and this will save network communication and CPU time. However new hostnames will no longer appear in the list as new IP's connect to the system. Hostnames already resolved are cached by the application so they will continue to show until Advanced Port Blocker is restarted.

Once you have a fixed set of rules that you are fully happy with and just want to run the program continuously in the background, you can turn this option off to save CPU and network load.

This will temporarily "freeze" the user interface, useful for users when they want to take a better look at a certain entry or copy a specific entry. Please note that while interface is frozen, blocking still occurs normally in the background and it is also being logged. The log can be later used for more in-depth analysis.

This button becomes active when Freeze option is checked. When you click on it, you take a new snapshot of the current connections situation.

This button allows exporting the connections list to a file. File extension can be either .txt or .CSV. The program exports the data as CSV in Excel-friendly format, that can be later imported into programs like Microsoft Excel, OpenOffice or LibreOffice etc. Two additional options set some extra customization, whether to add column headers to the list and whether the fields should be quoted as strings. It is recommended to keep these two options checked.

This important tab allows the user to configure certain blocking rules for Advanced Port Blocker. When adding a rule, all further incoming requests that match the rule will be blocked. Also, existing current connections matching any of the rules will be terminated as well.

For a test, simply add port 80 and port 443 in the right hand list (middle option). Select "Single port" then add remote port 80. Repeat for remote port 443. After this, open your browser of choice and try to navigate to any common website. You should not be able to navigate and browser will show an error like "connection reset", this is because Advanced Port Blocker is blocking web connections that commonly use these two ports.

To resume normal functioning, right click on the Rules list and delete the two ports from the list. Normal browsing should be functioning again.

Important note: Please note that you should use this kind of wide blocking only temporary! Most modern applications and system services are using port 80 and 443 for communication, including anti-virus software, online backup software, cloud software and so on. It is OK to block these ports for a test, but leaving them permanently blocked is NOT recommended as this would disrupt the functioning of most programs in your computer. Instead, block the IP address or hostnames that you do not want to communicate with your computer (create a more specific rule).

This program uses the normal IPv4 format, or 'x.x.x.x' where x is a number between 0 and 255. An example of IP address is: 192.168.0.1 (this is commonly used by home routers and gateways). When a valid IP address has been entered in a text box in program's Rules section, the text box color turns blue.
There are three types of rules: Local Port, Remote Port and Remote IP address. They can be used independently or in a combination. When used in a combination, blocking only occurs when all conditions are met. So for example if you enter a local port and a remote IP address, all IP addresses will be able to connect to that port except the IP address you specified in the rule.

There are also 3 selection types: Single, List and Range. You can specify single ports, (example: 80), or comma separated List (example: 110,220,443) or a range (example 80-500). When specifying a range of ports or IP addresses, all ports and addresses within that range will be blocked.

When clicking on the main rules list, there are a few menu options:

• Delete - for single rule deletion
• Delete ALL Rules - will remove all the rules
• Save List To file - the rules list will be exported as a text file.

The rules are persistent and will be reloaded when the program is restarted.

There is a special IP address in any computer you need to be aware of, namely 127.0.0.1 (or localhost). This is the internal IP address of your computer. This is enabled by default so you don't block communication between your computer and itself.

Apart from this one, computers often have additional 'local' IP addresses that might be used to connect to remote servers. There can be several 'local' IP addresses depending on how many network interfaces are available.

Also, the '0.0.0.0' IP address often appears in the list. This is a placeholder IP address that actually means there is no IP address currently assigned to that TCP connection. It is usually visible for Listening ports.

There are a number of important settings within this tab, that work in conjunction with the rules set in the Rules tab: Use this setting in order to 'whitelist' certain IP addresses. So for example you can block anyone from accessing port 22 on your computer (or any other port), but you can whitelist a number of certain IP addresses so they can still connect.

Note: When a valid IP address has been entered, the text box color turns blue. (right) - This is where the detected local IP addresses appear. These are detected on program startup. If you change network interfaces or plug in an USB network stick, you might want to restart the program so the new local ports will be detected.

If you check this option, local IP's will automatically be added to the allowed list, so programs can communicate locally with no interruptions. We highly recommend to keep this option checked.

There are 2 master blocking options here that will override anything else:

• Block all new connections - program will keep existing connections open but will not allow new ones. The blocking rules will also function as well. (Note: this is a beta feature and we are still perfecting it)
• Block Everything - this one does exactly what it says, everything will be blocked. Use carefully as this will prevent ALL programs from communicating (stops all communication immediately).

Please use these options with caution as they will significantly impair internet communication for the local computer. By right clicking on any list available here, you will be able to save the list contents as a text file.
There are a number of important settings within this tab, that work in conjunction with the rules set in the Rules tab: Use this setting in order to 'whitelist' certain IP addresses. So for example you can block anyone from accessing port 22 on your computer (or any other port), but you can whitelist a number of certain IP addresses so they can still connect.

Note: When a valid IP address has been entered, the text box color turns blue. (right) - This is where the detected local IP addresses appear. These are detected on program startup. If you change network interfaces or plug in an USB network stick, you might want to restart the program so the new local ports will be detected.

If you check this option, local IP's will automatically be added to the allowed list, so programs can communicate locally with no interruptions. We highly recommend to keep this option checked.

There are 2 master blocking options here that will override anything else:

• Block all new connections - program will keep existing connections open but will not allow new ones. The blocking rules will also function as well. (Note: this is a beta feature and we are still perfecting it)
• Block Everything - this one does exactly what it says, everything will be blocked. Use carefully as this will prevent ALL programs from communicating (stops all communication immediately).

Please use these options with caution as they will significantly impair internet communication for the local computer. By right clicking on any list available here, you will be able to save the list contents as a text file.
This is a more complex setting available on the Blocking Settings tab. Here is how it works.

Each remote IP address connected to your computer is often associated with a remote hostname (similar to a domain name). You might often want to prevent certain hostnames from connecting to your computer. For example, if you do not want google.com to connect to your computer (or reverse) you need to add google.com and/or www.google.com in the list.

Wildcards: The hostnames can be specified as such (example: google.com ) or with a leading or trailing wildcard ( * character). For example, *google* will block any remote hostname that contains the 'google' keyword, from connecting to your computer. It will not block outbound connections, as described below.

Important notes:

• Autoblock Hostnames works only for INBOUND connections. It will block remote computers connecting to your computer (inbound). It will NOT block outbound connections, like visiting a site if you add that site to the hostnames list.
• This function is not 100% reliable because DNS reverse resolution is also not 100% reliable. If an incoming connection IP cannot be resolved to a hostname for any reason, it will not be blocked.
• Please note that hostname-based blocking does not occur instantly. It actually takes several good seconds until blocking gets triggered, and for very good reasons.The reverse resolution process works in the same way as when you are clicking on a website link; often it takes good seconds until the website starts to load up. DNS resolving takes a variable amount of time, several seconds in many cases.

The program only has the remote IP address at the beginning to work with. An internal DNS resolver thread is automatically launched, and it will find out the hostname for that particular IP address. After the hostname has been found, if there is a matching AutoBlock hostname rule, then that particular IP address will be automatically added to the block rules and stay blocked from now on.

Due to this fact, there will always be be a time window gap of several seconds, until that IP address (detected via hostname) is automatically blocked. The good news is that it will stay blocked from now on. However within this time gap there is no blocking yet, and some data will still be sent, as the program does not know yet what is the name of the remote host that just connected, it is still awaiting for the DNS resolving to complete.
Although very useful, the logging feature is actually simple to use. Just click on the 'Logging Enabled' checkbox to enable logging.

The log will be saved in your program's installation folder, under a file called 'blocker.log'. (usually into C:/Program Files(x86)/Emsa Advanced Port Blocker/blocker.log).

If checked, separate log files will be generated for each day, example: 20160812_blocker.log will be the file generated on August 12, 2016.

Also logs new IP addresses when they are resolved. Useful at the expense of a little extra disk space.

Deletes all .log files on disk in the program installation folder (quick cleanup). Useful when the Separate Log Files per Day option is used.
This tab is pretty self-explanatory. Here are the options and how they work: If you want the program to automatically run at startup, please go to the Options tab and check the "AutoRun at system startup". When you restart and log in, the program will then automatically start. To disable AutoRun later, un-check the same box.

Please also note that the program launches only when logged into Windows; therefore some users might opt to automatically log into Windows to have the program starting right away.

On the Options tab there is the "Start Minimized" checkbox. Check this one if you want the program to always start minimized to system tray icon.
Many years ago, we felt that there was need for a better, simple and handy way to control connections from / to our computers. Operating systems do not offer by default any visual information as to what connections are being made and what ports are used for data transfer. So there's a lot going on between the scenes, without us even knowing!

We felt that there was a need for us PC users, to get better control over this process. Of course there are firewalls that can be used for this purpose; but firewalls are often difficult to manage. Particularly Windows Firewall is quite difficult to manage for the average user, at least in our opinion. There was also the need for a live view over the connections to be built-into the application.

So we have decided that there was a definite need for a handy tool that sits in the system tray, displays connections and allows the user to block certain ports or IP addresses from connecting. That's how our classic Port Blocker has been born. and it was available as a freeware for more than a decade, gaining hundreds of thousands of downloads over this long period of time.

Recently, together with the launch of Windows 10, some of our products did not work anymore (including Port Blocker). Others became obsolete as years passed by, and were removed. There was a growing pressure to improve our existing products; but software development is very expensive, and freeware does not pay development bills. After testing other options we have decided improve the products by switching them to paid versions, while keeping them at very low prices so virtually anyone can benefit from using the product (most of our programs come at a price of a coffee and a muffin). We have upgraded existing products, fixed bugs, added new features, and improved their compatibility with new OS'es like Windows 8.1 and Windows 10.

Then, we decided to build the Advanced Port Blocker - the next improved version of the program, far better and more featured than the original Port Blocker. There was demand from our users for this product; and we also needed it as well. So here it is. We believe you'll enjoy it, or maybe enjoying it already...!
This program is currently in active development. New features are being developed right now (we still have a list of them) and new versions will be released periodically, with new features and bug-fixes as well. Therefore, make sure you revisit our website from time to time and download the latest version. Chances are new versions will be faster, bug-fixed but also carrying new features you might definitely need.

Please note that this is a new software product release, and various bugs might still be in. Let us know if you spot any; don't let them just crawl there. We are here to squash them for you, right away.

We definitely welcome user feedback and new features requests. If you need a new feature that is not available, it is very important to tell us now. We always strive to add all features that are requested by our users. Therefore, simply contact us now and request a new feature. Chances are, it will be added shortly for your benefit.