Advice Request How should Simplewall firewall be configured?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Hi Brothers

Level 2
Thread author
Verified
Apr 19, 2018
71
I'm using simplewall right now, been using it for a few days, with Filtering enabled 24/7

Other than "custom" software which other people might not have, like games or stuff like discord photoshop etc., these are my currently allowed processes that should be common for most people:

svchost.exe - when checking for Windows Updates
smartscreen.exe - checking files with smartscreen
sihclient.exe - when Windows automatically checks for Windows Updates
nissrv.exe - Windows Defender related
msmpeng.exe - automatic Windows Defender definition updates
googleupdate.exe - automatic Google Chrome updates
chrome.exe - the browser itself
nvidia geforce experience.exe - required to use Geforce Experience
nvidia web helper.exe - same, thought I might mention these cuz many people have nvidia gpus and might use Geforce Experience
nvprofileupdater64.exe - might be related to updating the account within Geforce Experience, have to test this one more


And here is processes I've disallowed that should be common:

nvtelemetrycontainer.exe - Geforce Exprience doesn't work if I disable running this process, however it doesn't need to connect to the internet
nvcontainer.exe - no harm so far from not allowing this process, Geforce Experience and everything working fine
taskhostw.exe - don't even remember when this one needed connection, it must have been once or twice thus rare cuz I really can't remember
System - when playing League of Legends, this process is started by it, decided it might be worth mentioning, no harm so far noticed
lsass.exe - periodically every like 15-20 mins or so, this dude wants a connection, no harm noticed so far, also every time when opening Battle.Net
systemsettings.exe - when checking for Windows Updates manually, this process always asks me to connect, Windows Updates seems to work fine without it
rundll32.exe - I had this process ask me for connection once, decided to check it but by the time I did it had already closed, no idea what it might have been for
jhi_service.exe - this is located in C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL , haven't noticed anything breaking yet and it only asks me for it when I first start my PC, "Intel Dynamic Application Loader Host Interface 11.7.0.1060"


Does someone know exactly what these processes might be doing and if they're necessary? Are they worth allowing? Anything I should/shouldn't allow, not necessarily listed here? Is using "Allow listen connections for all" setting fine or can I disable it? It's enabled by default. I've also enabled "Prevent port scanning" and "Enable boot-time filters" (Description: Prevent data leak during system startup, even before Base Filtering Engine service starts) which are under the "Experts-only" settings, but I figured out they might be safe, haven't noticed anything breaking so far. Also what does the "Resolve network addresses" setting do? Do I want it?
 

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
svchost.exe - when checking for Windows Updates

svchost.exe - use special rules for internet time synchronization. & during update for sure you have to allow it.

askhostw.exe - don't even remember when this one needed connection, it must have been once or twice thus rare cuz I really can't remember

taskhostw.exe- it starts some windows services during boot-time.

sass.exe - periodically every like 15-20 mins or so, this dude wants a connection, no harm noticed so far

blocking net connection to lsass should not create any problem

System - when playing League of Legends, this process is started by it, decided it might be worth mentioning, no harm so far noticed

playing multiplayer over any client creates direct connection to your system or NT kernel. I've never allowed this type of connections while playing over gameranger & till now haven't faced any problem.



jhi_service.exe - this is located in C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL , haven't noticed anything breaking yet and it only asks me for it when I first start my PC

you may block its service.

rundll32.exe - I had this process ask me for connection once, decided to check it but by the time I did it had already closed, no idea what it might have been for

you can live without allowing net access to rundll. At this moment I can't recall any important process which needs net connection through rundll32.exe. Tbh, it's a passive process. & blocking its network access should not create any ill-effect.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top