sepik

Level 1
When installing a new AV. First to do is to scan whole system and data drives. I think an AV calculates hash of all the files. Then when you open an file explorer and browsing the file structure, it does not have to scan all the files, because hash are already "scanned". Do not enable "scanning archives while downloadin". It slow dows the system a lot. For example, i've tried Zonealarm Antivirus(old Kaspersky engine, still gets the latest signatures tho). After installing and scanning, its really fast and effective. Zonealarm Firewall is really good, what comes to how a malware can disable your layered protection. I've tried several softwares to disable Zonealarm firewall, but failed miserably. It loads so early, that rare even none malwares cant connect to servers DURING boot-up.

So, never ever use a WFP based firewall :)
 
Reactions: roger_m and dash

dash

Level 2
When installing a new AV. First to do is to scan whole system and data drives. I think an AV calculates hash of all the files. Then when you open an file explorer and browsing the file structure, it does not have to scan all the files, because hash are already "scanned". Do not enable "scanning archives while downloadin". It slow dows the system a lot. For example, i've tried Zonealarm Antivirus(old Kaspersky engine, still gets the latest signatures tho). After installing and scanning, its really fast and effective. Zonealarm Firewall is really good, what comes to how a malware can disable your layered protection. I've tried several softwares to disable Zonealarm firewall, but failed miserably. It loads so early, that rare even none malwares cant connect to servers DURING boot-up.

So, never ever use a WFP based firewall :)
I'm seeing that, the Windows Firewall is slow to load. What kind of oversight was that..

Agree about the initial scanning, I try to give an AV at least a day.
 

dash

Level 2
So, never ever use a WFP based firewall :)
Yeah, I guess it does seem a bit reckless, though I wonder how big of a deal it is. I've got Norton on my Windows PC right now though and I set its startup priority to Aggressive.

As far as the AV-C report here, I want to look at these results. I wonder why Symantec didn't score better. I'm not going to change my AV though. :D
 
Last edited:

shmu26

Level 72
Content Creator
Trusted
Verified
If you have malware running right away at system startup and calling home before Windows Firewall even starts, then the malware must be installed as a service. If that's the case, the malware has admin rights, and your system is already pwned.
 

sepik

Level 1
Shmu26, you're absolytely righ about this. Comodo and Zonelarm uses their own firewall driver, especially zonealarm one that cannot be "killed". Thats why im using it, only because of its kernel based, own driver.
So malware that do encryption during boot-up, that is "OK", but cannot connect to cc servers, well because of zonealarms firewall driver during boot-up prevents that.
 
Reactions: roger_m

Mr.X

Level 7
Verified
ZoneAlarm was one of the first vendors to switch to WFP when Microsoft pushed it out on Windows Vista. WFP is "official" way of making a proper Firewall component in Windows nowadays (like through an NDIS 6.xx driver).

Another member posted a thread on the forum awhile back about WFP and Windows Firewall myths... so before you get your knickers in a twist because I told you that ZoneAlarm uses WFP, just remember that it isn't the same thing as "ZoneAlarm uses Windows Firewall", because that's simply not the case. It's important that I address that now because I am a fortune teller as my main career, and boy, I could see some real temper tantrums upcoming.

If you're making a Firewall for Windows in 2019 and aren't using WFP then you're doing it wrong and should start seeking a priest to perform your exorcism - WFP is robust and extensively used.
 

Nightwalker

Level 12
Content Creator
Verified
All 3rd party firewalls uses the Windows Filtering Platform since Windows Vista, even ZoneAlarm.

Check Point is the first major security vendor to utilize the next generation Windows Filtering Platform application programming interface (API) for Microsoft Vista. This also marks the first time that ZoneAlarm’s exclusive Operating System Firewall protection has been made available for Microsoft Vista. By leveraging these and other leading technologies, ZoneAlarm Internet Security Suite delivers superior levels of protection and reliability.

Not critizing you personally @sepik, but your advise is misleading.

Like @Mr.X perfectly mentioned, WPF is solid and all vendors should utilize it.
 

shmu26

Level 72
Content Creator
Trusted
Verified
ZoneAlarm was one of the first vendors to switch to WFP when Microsoft pushed it out on Windows Vista. WFP is "official" way of making a proper Firewall component in Windows nowadays (like through an NDIS 6.xx driver).

Another member posted a thread on the forum awhile back about WFP and Windows Firewall myths... so before you get your knickers in a twist because I told you that ZoneAlarm uses WFP, just remember that it isn't the same thing as "ZoneAlarm uses Windows Firewall", because that's simply not the case. It's important that I address that now because I am a fortune teller as my main career, and boy, I could see some real temper tantrums upcoming.

If you're making a Firewall for Windows in 2019 and aren't using WFP then you're doing it wrong and should start seeking a priest to perform your exorcism - WFP is robust and extensively used.
@Mr.X if you are a professional fortune teller, than maybe you can tell me which priest I will be using to exorcise my firewall? Please?
 
Reactions: Nevi and oldschool

Mr.X

Level 7
Verified
You can use WFP in user-mode though depending on what you want to do, for example, you can use it to prevent port scanning in user-mode. Some things can be done in user-mode whereas others can only be done in kernel-mode.