For those who still use old KPF v2.1.5 ...

For those who still use old KPF v2.1.5 ...
Links: home · search · speed test · login · more ·

Links: Reply New Topic
Forums » Security » Security » For those who still use old KPF v2.1.5 ...
page: 1 · 2
antdude @ 3rd Nov 10:50AM:
For those who still use old KPF v2.1.5 ...

Do you get blue screen from XP rarely? I get them once in a while and rarely on my old, updated Windows XP Pro. SP3 machine. It usually happens when I am downloading datas like streaming videos, downloading files, etc.

I ran WinDbg and saw:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [c:\windows\MEMORY.DMP]Kernel Complete Dump File: Full address space is available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbolsExecutable search path is: Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSBuilt by: 2600.xpsp_sp3_gdr.090804-1435Machine Name:Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720Debug session time: Tue Nov  3 07:27:10.044 2009 (GMT-8)System Uptime: 6 days 11:43:42.103Loading Kernel Symbols...........................................................................................................................................................................................Loading User Symbols......................................Loading unloaded module list..................................................********************************************************************************                                                                             **                        Bugcheck Analysis                                    **                                                                             ******************************************************************************** Use !analyze -v to get detailed debugging information. BugCheck 8E, {c0000005, aa297084, a54514c0, 0} *** ERROR: Module load completed but symbols could not be loaded for fwdrv.sys*** ERROR: Module load completed but symbols could not be loaded for Champions Online.exe****************************************************************************                                                                   ******                                                                   ******    Your debugger is not using the correct symbols                 ******                                                                   ******    In order for this command to work properly, your symbol path   ******    must point to .pdb files that have full type information.      ******                                                                   ******    Certain .pdb files (such as the public OS symbols) do not      ******    contain the required information.  Contact the group that      ******    provided you with these symbols if you need this command to    ******    work.                                                          ******                                                                   ******    Type referenced: kernel32!pNlsUserInfo                         ******                                                                   ********************************************************************************************************************************************************                                                                   ******                                                                   ******    Your debugger is not using the correct symbols                 ******                                                                   ******    In order for this command to work properly, your symbol path   ******    must point to .pdb files that have full type information.      ******                                                                   ******    Certain .pdb files (such as the public OS symbols) do not      ******    contain the required information.  Contact the group that      ******    provided you with these symbols if you need this command to    ******    work.                                                          ******                                                                   ******    Type referenced: kernel32!pNlsUserInfo                         ******                                                                   ****************************************************************************Probably caused by : fwdrv.sys ( fwdrv+c084 ) Followup: MachineOwner--------- 1: kd> !analyze -v********************************************************************************                                                                             **                        Bugcheck Analysis                                    **                                                                             ******************************************************************************** KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)This is a very common bugcheck.  Usually the exception address pinpointsthe driver/function that caused the problem.  Always note this addressas well as the link date of the driver/image that contains this address.Some common problems are exception code 0x80000003.  This means a hardcoded breakpoint or assertion was hit, but this system was booted/NODEBUG.  This is not supposed to happen as developers should never havehardcoded breakpoints in retail code, but ...If this happens, make sure a debugger gets connected, and thesystem is booted /DEBUG.  This will let us see why this breakpoint ishappening.Arguments:Arg1: c0000005, The exception code that was not handledArg2: aa297084, The address that the exception occurred atArg3: a54514c0, Trap FrameArg4: 00000000 Debugging Details:------------------ ****************************************************************************                                                                   ******                                                                   ******    Your debugger is not using the correct symbols                 ******                                                                   ******    In order for this command to work properly, your symbol path   ******    must point to .pdb files that have full type information.      ******                                                                   ******    Certain .pdb files (such as the public OS symbols) do not      ******    contain the required information.  Contact the group that      ******    provided you with these symbols if you need this command to    ******    work.                                                          ******                                                                   ******    Type referenced: kernel32!pNlsUserInfo                         ******                                                                   ********************************************************************************************************************************************************                                                                   ******                                                                   ******    Your debugger is not using the correct symbols                 ******                                                                   ******    In order for this command to work properly, your symbol path   ******    must point to .pdb files that have full type information.      ******                                                                   ******    Certain .pdb files (such as the public OS symbols) do not      ******    contain the required information.  Contact the group that      ******    provided you with these symbols if you need this command to    ******    work.                                                          ******                                                                   ******    Type referenced: kernel32!pNlsUserInfo                         ******                                                                   **************************************************************************** EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". FAULTING_IP: fwdrv+c084aa297084 f3a5            rep movs dword ptr es:[edi],dword ptr [esi] TRAP_FRAME:  a54514c0 -- (.trap 0xffffffffa54514c0)ErrCode = 00000000eax=89b04000 ebx=8aa2f7e8 ecx=00000004 edx=00000010 esi=000001d8 edi=a545157ceip=aa297084 esp=a5451534 ebp=a545154c iopl=0         nv up ei pl nz na po nccs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202fwdrv+0xc084:aa297084 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]Resetting default scope DEFAULT_BUCKET_ID:  DRIVER_FAULT BUGCHECK_STR:  0x8E PROCESS_NAME:  Champions Onlin LAST_CONTROL_TRANSFER:  from 804fe827 to 804f9f43 STACK_TEXT:  a5451088 804fe827 0000008e c0000005 aa297084 nt!KeBugCheckEx+0x1ba5451450 80542095 a545146c 00000000 a54514c0 nt!KiDispatchException+0x3b1a54514b8 80542046 a545154c aa297084 badb0d00 nt!CommonDispatchException+0x4da545154c aa29d4a0 a5451594 a545157c 00000010 nt!Kei386EoiHelper+0x18aWARNING: Stack unwind information not available. Following frames may be wrong.a5451550 a5451594 a545157c 00000010 aa2a4834 fwdrv+0x124a0a5451554 a545157c 00000010 aa2a4834 87aa29b0 0xa5451594a5451594 48435c4f 49504d41 20534e4f 494c4e4f 0xa545157ca5451694 aa29ebfb 879ddd70 00000006 00000000 0x48435c4fa54516b0 aa29f61b 89b26d58 8aa2f7e8 00000006 fwdrv+0x13bfba54516d0 aa29f91b 89b26d58 8aa2f7e8 00000006 fwdrv+0x1461ba54516f0 aa29fb52 89c87020 89b26d58 8aa2f7e8 fwdrv+0x1491ba5451714 aa28dd85 89c87020 8aa2f7e8 a5451750 fwdrv+0x14b52a5451724 804ef19f 89c87020 8aa2f7e8 8aa2f8e8 fwdrv+0x2d85a54517f0 805831fa 89b26d40 897555dc a5451988 nt!IopfCallDriver+0x31a54518d0 805bf452 89b26d58 00000000 89755538 nt!IopParseDevice+0xa12a5451948 805bb9de 00000000 a5451988 00000240 nt!ObpLookupObjectName+0x53ca545199c 80576033 00000000 00000000 53919c00 nt!ObOpenObjectByName+0xeaa5451a18 805769aa 89521e00 02000000 a5451bc0 nt!IopCreateFile+0x407a5451a74 aa0cb65e 89521e00 02000000 a5451bc0 nt!IoCreateFile+0x8ea5451c30 aa0d22d7 8796aa58 8992b978 a5451c64 afd!AfdBind+0x34ea5451c40 804ef19f 898fe338 88d73168 806e6410 afd!AfdDispatchDeviceControl+0x53a5451c50 8057f982 88d73244 8796aa58 88d73168 nt!IopfCallDriver+0x31a5451c64 805807f7 898fe338 88d73168 8796aa58 nt!IopSynchronousServiceTail+0x70a5451d00 80579274 00000150 000000d4 00000000 nt!IopXxxControlFile+0x5c5a5451d34 8054162c 00000150 000000d4 00000000 nt!NtDeviceIoControlFile+0x2aa5451d34 7c90e514 00000150 000000d4 00000000 nt!KiFastCallEntry+0xfc0013e134 7c90d28a 71a54f14 00000150 000000d4 ntdll!KiFastSystemCallRet0013e138 71a54f14 00000150 000000d4 00000000 ntdll!ZwDeviceIoControlFile+0xc0013e1f0 71a56a32 00000150 0013e258 00000010 mswsock!WSPBind+0x1b60013e294 71a5542d 00000150 01e59270 00000010 mswsock!SockDoConnect+0x2630013e2c4 71ab4a5a 00000150 01e59270 00000010 mswsock!WSPConnect+0xc60013e310 00491c9c 00000150 01e59270 00000010 WS2_32!connect+0x4f0013e390 00491964 0170ec64 0000020a 00000104 Champions_Online+0x91c9c0013e418 0041661c 0170ec64 0000020a 00000004 Champions_Online+0x919640013e44c 0041dad0 01e56868 00614ec8 0013e590 Champions_Online+0x1661c0013e520 004204ff 01e56868 0061410c 00001313 Champions_Online+0x1dad00013e590 00572187 01e56868 0013e6f0 0013e6f4 Champions_Online+0x204ff0013e6e4 0056fd68 0015237d 00000001 d16fd662 Champions_Online+0x1721870013fef8 005982c0 00400000 00000000 0015237d Champions_Online+0x16fd680013ffb8 0059800d 0013fff0 7c817077 00360033 Champions_Online+0x1982c00013ffc0 7c817077 00360033 00350030 7ffd8000 Champions_Online+0x19800d0013fff0 00000000 00598000 00000000 78746341 kernel32!BaseProcessStart+0x23 STACK_COMMAND:  kb FOLLOWUP_IP: fwdrv+c084aa297084 f3a5            rep movs dword ptr es:[edi],dword ptr [esi] SYMBOL_STACK_INDEX:  0 SYMBOL_NAME:  fwdrv+c084 FOLLOWUP_NAME:  MachineOwner MODULE_NAME: fwdrv IMAGE_NAME:  fwdrv.sys DEBUG_FLR_IMAGE_TIMESTAMP:  3cbaab4f FAILURE_BUCKET_ID:  0x8E_fwdrv+c084 BUCKET_ID:  0x8E_fwdrv+c084 Followup: MachineOwner--------- 1: kd> lmvm fwdrvstart    end        module nameaa28b000 aa2a9000   fwdrv      (no symbols)               Loaded symbol image file: fwdrv.sys    Image path: \SystemRoot\system32\Drivers\fwdrv.sys    Image name: fwdrv.sys    Timestamp:        Mon Apr 15 03:28:31 2002 (3CBAAB4F)    CheckSum:         00020E53    ImageSize:        0001E000    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e41: kd> .trap 0xffffffffa54514c0ErrCode = 00000000eax=89b04000 ebx=8aa2f7e8 ecx=00000004 edx=00000010 esi=000001d8 edi=a545157ceip=aa297084 esp=a5451534 ebp=a545154c iopl=0         nv up ei pl nz na po nccs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202fwdrv+0xc084:aa297084 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

Thank you in advance. :)

--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
reply

shearer @ 4th Nov 09:02AM:
Re: For those who still use old KPF v2.1.5 ...

I've used Kerio 2.1.5 since 2003, and have only had a fwdrv.sys BSOD once. When I move to Win7 x64 in probably 2-3 years' time, I will sorely miss this app.
reply

antdude @ 4th Nov 09:11AM:
Re: For those who still use old KPF v2.1.5 ...

said by shearer :

I've used Kerio 2.1.5 since 2003, and have only had a fwdrv.sys BSOD once.

Interesting. Do you recall what your PC was doing that time? Downloading something?
reply

Sentinel @ 4th Nov 09:16AM:
Re: For those who still use old KPF v2.1.5 ...

I use it on 6 PCs which are all running XP. I have no problems at all. When I get a new PC I assume I will have to get it with Win7 on it and I will really be in a tough spot to replace this firewall :(
--
Who is John Galt?
reply

antdude @ 4th Nov 09:26AM:
Re: For those who still use old KPF v2.1.5 ...

said by Sentinel :

I use it on 6 PCs which are all running XP. I have no problems at all. When I get a new PC I assume I will have to get it with Win7 on it and I will really be in a tough spot to replace this firewall :(

I hope therer's a nother good one like it by the time I go to Windows 7 whenever that is (not any time soon).
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
reply

redwolfe_98 @ 4th Nov 09:51AM:
Re: For those who still use old KPF v2.1.5 ...

i use kerio 2.15 with winxpsp3 and i have never had any BSOD's relating to kerio..

if you are using any "nvidia" products, i would guess that the problem might be related, somehow, to nvidia drivers..
reply

antdude @ 4th Nov 10:02AM:
Re: For those who still use old KPF v2.1.5 ...

said by redwolfe_98 :

i use kerio 2.15 with winxpsp3 and i have never had any BSOD's relating to kerio..

if you are using any "nvidia" products, i would guess that the problem might be related, somehow, to nvidia drivers..

I used to have NVIDIA drivers due to NForce and video cards, but not anymore.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
reply

redwolfe_98 @ 4th Nov 10:17AM:
Re: For those who still use old KPF v2.1.5 ...

antdude, looking at the debug-log that you posted, it looks like the problem is, or might be, related to "Champions Online.exe", in your firewall-rules.. the debug-log reports that the "symbol" for "Champions Online.exe" could not be loaded..

if it was me, i would try different things, to try to resolve the problem:

removing the rule for "Champions Online.exe", and the "MD5 signature" for it, as well, and then recreating a rule for "Champions Online.exe"..

reinstalling the program that generated the "Champions Online.exe" file

maybe trying changing the "Champions Online.exe"-file's icon, if that was possible..
reply

antdude @ 4th Nov 10:38AM:
Re: For those who still use old KPF v2.1.5 ...

said by redwolfe_98 :

antdude, looking at the debug-log that you posted, it looks like the problem is, or might be, related to "Champions Online.exe", in your firewall-rules.. the debug-log reports that the "symbol" for "Champions Online.exe" could not be loaded..

if it was me, i would try different things, to try to resolve the problem:

recreating a rule for "Champions Online.exe"..

reinstalling the program that generated the "Champions Online.exe" file

maybe trying changing the "Champions Online.exe"-file's icon, if that was possible..

I have seen it with other network programs like seamonkey.exe, orbitdm.exe, in the past.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
reply

Ender3rd @ 4th Nov 11:50AM:
Re: For those who still use old KPF v2.1.5 ...

I am a long time user of Kerio 2.1.5 and currently have it running on 4 different XP/SP2 machines. I had blue screen issues that resulted from Kerio's interactions with the drivers for an Intel integrated LAN device on a P4C800E board by ASUS. After trying several different Intel drivers without success I disabled the onboard LAN adapter and installed a D-Link PCI adapter and never had another problem like that.

The only other issue I see with Kerio happens on my gaming machine. In the middle of online multiplayer games such as COD4, if punkbuster decides to update itself, the Kerio MD5 checker will stall the game to ask if I want to accept the new punkbuster file. I never found a way to circumvent that problem, other than to disable the firewall before gaming, which was not an optimal solution. So... that machine now runs the XP firewall with no outbound protection (unfortunately).
--
My Jeep is not an SUV. Your SUV is not a Jeep.
reply

SafireDonkey @ 4th Nov 11:57AM:
Re: For those who still use old KPF v2.1.5 ...

I get your BSOD's also once in a while, let's say once every month, but I prefered to live with 1 BSOD/month instead of a bloated and constant system slowing firewall. :D
reply

antdude @ 4th Nov 02:15PM:
Re: For those who still use old KPF v2.1.5 ...

said by SafireDonkey :

I get your BSOD's also once in a while, let's say once every month, but I prefered to live with 1 BSOD/month instead of a bloated and constant system slowing firewall. :D

Interesting so I am not alone. Yeah, annoying. Does it happen when you download or something? Too bad Kerio ended support many years ago. :( I haven't found a good light and simple firewall to replace it (only need to block incoming and outgoing). I miss Conseal PC Firewall on my 9x machines. :D
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
reply

redwolfe_98 @ 4th Nov 03:48PM:
Re: For those who still use old KPF v2.1.5 ...

isn't "lock-n-stop" supposed to be similar to kerio? could we use that as a substitute for kerio 2.15?

i am going to need to find a decent replacement for kerio 2.15, too..
reply

Blue2 @ 4th Nov 05:04PM:
Re: For those who still use old KPF v2.1.5 ...

said by shearer :

I've used Kerio 2.1.5 since 2003, and have only had a fwdrv.sys BSOD once.

I had it a few times, and it did seem to happen when I was dl'ing and so the firewall was overtaxed. If I remember correctly, increasing the MaxBufferSize in HKLM\System\ControlSet003\Services\fwdrv corrected it.

Here's a few goggle results on it: »www.google.fr/search?hl=en&safe=···aq=f&oq=
reply

shearer @ 4th Nov 09:52PM:
Re: For those who still use old KPF v2.1.5 ...

said by antdude :

said by shearer :

I've used Kerio 2.1.5 since 2003, and have only had a fwdrv.sys BSOD once.

Interesting. Do you recall what your PC was doing that time? Downloading something?

Mine occurred sometime in 2005. Was surfing web with IE6, clicked on a link and BSODed. I was thinking maybe some conflict with my Netgear WG311v2 PCI wireless adapter driver, but I'm still with this card today and the BSOD never did happen again.

I scouted for alternatives and Look N' Stop seems to be the most suitable candidate for a successor. But let me admit that I'm hopelessly in love with Kerio's simplistic & beautiful interface and no other fw app (including LnS) comes close to Kerio in this aspect.
reply

antdude @ 4th Nov 09:58PM:
Re: For those who still use old KPF v2.1.5 ...

said by shearer :

said by antdude :

said by shearer :

I've used Kerio 2.1.5 since 2003, and have only had a fwdrv.sys BSOD once.

Interesting. Do you recall what your PC was doing that time? Downloading something?

Yep, whatever happened to that open source clone? Did that project die?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
reply

redwolfe_98 @ 5th Nov 06:44AM:
Re: For those who still use old KPF v2.1.5 ...

antdude, did you look at some of the articles on that google-webpage that "blue2" posted? the articles discussed tweaking a regkey, to increase "maxbuffersize".. you could look into that.. i think i might try applying that tweak, myself..
reply

The Snowman @ 5th Nov 07:00AM:
Re: For those who still use old KPF v2.1.5 ...

If you need to find out what the correct buffer size would be try doing a search......microsoft has a webpage on the proper buffer size.

reply

SafireDonkey @ 5th Nov 08:46AM:
Re: For those who still use old KPF v2.1.5 ...

said by antdude :

Interesting so I am not alone. Yeah, annoying. Does it happen when you download or something? Too bad Kerio ended support many years ago. :( I haven't found a good light and simple firewall to replace it (only need to block incoming and outgoing). I miss Conseal PC Firewall on my 9x machines. :D

Sorry for the late reply. It doesn't specifically happen when downloading, sometimes it happens just BANG! while I'm actually doing nothing browsing related. Just at random.
I just found, using ProcMon, that it makes Explorer.exe constantly digging the same locations in registry and disk. Don't know your case, but I use a fairely large (200kb) HOSTS file, but I really don't know if it would be related to that.

Lately I have been using Comodo firewall (something which I once concluded to never ever use their softwares on my system) in a virtual machines, and honestly, it runs extremely light, and does the job very well. Allthough it doesn't have to easy way of creating particular program based rules as Kerio had, takes a whole lot more clicking and searching to do as Kerio, but I'm actually thinking about finally making a switch and kiss my good old Kerio 2.1.5 goodbye.

About the MaxBufferSize registry tweak, I remember my BSOD's started happening some years ago AFTER I increased that registry value.
reply

Blue2 @ 5th Nov 08:47AM:
Re: For those who still use old KPF v2.1.5 ...

said by redwolfe_98 :

antdude, did you look at some of the articles on that google-webpage that "blue2" posted? the articles discussed tweaking a regkey, to increase "maxbuffersize".. you could look into that.. i think i might try applying that tweak, myself..

This reg tweak was even suggested at the old Kerio website and they indicated 12,000 or higher, while other sites suggested 16,000. I did some experimenting and finally settled on 20,000 and it did not happen ever again after that.

Here is the original notice that I copied from the old Kerio website:

"Fatal Application Exit : Kerio Personal Firewall Driver: BufferAllocate: BufferSize (8814) >
MaxBufferSize (8192) - Increase buffer size" What is this error message and how do I fix it?
This typically means that the KPF engine is receiving more data than it can process and the driver buffer
becomes full. This is not normal behavior. If you receive this error you should first verify that there is not a
problem with the network, and that your PC meets the minimum system requirements for your Operating System.
Alternatively, you can manually increase the KPF buffer from the registry:
HKLM\SYSTEM\CurrentControlSet\Services\fwdrv. Modify 'MaxBufferSize' to some higher amount (e.g. 12000)."
reply

antdude @ 5th Nov 08:58AM:
Re: For those who still use old KPF v2.1.5 ...

I also use a big hosts file too, but from Spybot. Currently, it is over 310 KB.

Who else use(s/d) a big hosts file with KPF with BSoDs?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
reply

antdude @ 5th Nov 09:03AM:
Re: For those who still use old KPF v2.1.5 ...

said by Blue2 :

I have seen that error before and rarely. It usually caused by some programs, but don't remember which ones. That could be related to those rare blue screens. I changed its default 64294 to 20000 in my HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fwdrv. Do I need to reboot for this to take an effect?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
reply

antdude @ 5th Nov 09:04AM:
Re: For those who still use old KPF v2.1.5 ...

said by Blue2 :

said by shearer :

I've used Kerio 2.1.5 since 2003, and have only had a fwdrv.sys BSOD once.

Thanks. I am trying 20000. Do you remember what you used in the past?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
reply

Blue2 @ 5th Nov 09:11AM:
Re: For those who still use old KPF v2.1.5 ...

I'm not a registry expert, but I'd imagine that you'd have to reboot for the change to be registered.

In all the time I've used Kerio I've only had two very specific problems and each was resolvable.

The first were these errant Fatal Application Errors caused by the fwdrv buffer overflow, which other users reported as a BSOD. After I upped the buffer size, I never had them again.

The second was when running under W98 which was a lot more unstable than XP, occassionally I'd crash while in the process of downloading and Kerio was doing a lot of filtering. Upon reboot, my ruleset was gone and replaced by the original generic ruleset. So I've got my ruleset backed up elsewhere, but under XP that has never been an issue.

Edit: Just saw your additional question. I tried 16,000, had another Fatal Application Error, and upped it again to 20,000. I imagine that firewalls have to do a lot more filtering these days then when KPF 2.15 was initially written.
reply