Advice Request Need a Firewall WFC/TinyWall

[ichito]

Hi,
So i need a Software to control Windows Firewall,
(...)
something that be quiet, and JUST notify me about untrusted programs making connections?

People forget about SpyShelter Free that is light, efficient and easy to manage firewall and HIPS alerts and rules...actively monitored action here

Ten Years of SpyShelter - version 12 and more :)

"Posted on October 21, 2019 in News | Blog Homepage Today we released SpyShelter version 12.0 together with brand new edition of SpyShelter Free. 10 Years – this is how long we have been helping you to keep your privacy safe. It has been a...

malwaretips.com

 

[ultim]

And so far TinyWall seems worst than WFC like i can't even find a manual, pdf or something that explain what these options do like i have a "unblock LAN Traffic" i mean what does it even mean? my LAN network is blocked ? did you blocked my lan network? why?

As others have noted TW will not give you popups. To answer your other questions, TW's working principle is very simple (this is its Normal mode): Block all network access for all applications, except for those which have an exception created for them. So, you want to give network access to a program? Create an exception for it, for example by using one of the "Whitelist by..." options in the tray menu.

"LAN" stands for Local Area Network, and it basically means "Network that is not the internet" in layman's terms. So if you enable "Unblock LAN Traffic" TinyWall will not block applications that try to access other devices in your home and not the internet (such as a network printer, a media server, or a file share on your dad's computer... you get the point).

Anyway, most of your questions are already answered in the FAQ, which is also installed on your computer when you install TinyWall.

The Thing is with Application Firewalls on PC Systems there is that issue that they start to protect when you login to windows. Some other Application Firewall can start when Windows Boot but that requires them to install a Service and/or a Protocol Driver.

TinyWall is one such thing. Ever since the first release of v3, it starts filtering traffic according to your rules right from boot, not just when the desktop starts loading.

 

[SeriousHoax]

It seems that the type of Firewall you're looking for need some kinds of malware knowledge. I mean you want it to allow trusted programs but trigger an alert if something not so trustworthy tries to make connections, right? An ordinary Firewall program may not know what's trusted and what not. As @oldschool suggested, you can configure Comodo Firewall in such way which may fit your needs. I'm not a Comodo expert so can't go into details.
The other one that comes to my mind is the Firewall of Norton. I think even in default mode it asks users permission when something suspicious tries to make connections. If it doesn't on default then you can configure it in such way. A familiar Norton user should be able to give you more info on this. But of course for using this you need to change your current AV and switch to Norton so.......

 

[monkeylove]

I am currently using Kaspersky Security Cloud because Windows Defender slows down my system, but it doesn't come with a firewall. I notice that some apps want to go online even if I configured some of them not to update or don't see why they should, and I can only those attempts with a third-party program. I don't have much time to go over any access logs and study them.

I found out that several free firewalls don't work with KSC, so I had to experiment and went back to what I used before, which was the free version of Sphinx Windows Firewall Control:

Windows 10 Firewall Control: Sphinx Software

Windows 10 Firewall Control: Single Installation License. Simple and exhaustive solution for applications network activity controlling and monitoring. Prevents undesired programs and Windows updates, informational incoming and outgoing leakage of applications running locally or remotely...

sphinx-soft.com

Both the antivirus and the firewall seem to be working fine. I think after installation, the firewall selects what it sees as system files and enables Internet access for them, and in read-only mode so they can't be changed. From there, anything else that accesses the local network or the 'net is flagged, from which I have to decide whether to enable or disable permanently or temporarily. If I change my mind, I go to the list of programs and then change the access type.

I'm guessing free versions of other firewalls (I used Binsoft once) operate in similar fashion, with some that use learning mode. For the one I'm using, there's no such mode, but after running various programs, I was able to flag most of the apps.

Finally, I hope this is good enough, because I don't want to spend too much on paid software. I was thinking of getting the paid AV with firewall, but it costs something like $40 for three devices for the first year (and that's discounted?), and I need to buy for six, so that's like buying a new hard drive every year.

 

[Like a Western!]

Thanks for all the comments
i went with Comodo Free Firewall after all and it's working the way i wanted it.
just turned off HIPS and all other stuff and it became a solid Firewall alone

 

[sepik]

Personally, i avoid all the firewall softwares that's based on windows own firewall. I rather use third-party ones, like ZoneAlarm, Comodo or Symantec. Tried all of them. Symantec is clear winner here.

 

[show-Zi]

Thanks for all the comments
i went with Comodo Free Firewall after all and it's working the way i wanted it.
just turned off HIPS and all other stuff and it became a solid Firewall alone

In the near future, comodo will release a new version. I'm a little interested in it.
We also recommend that you check the official comodo forums regularly.

Comodo Forum

Comodo community forum to discuss and help people using security products

forums.comodo.com

 

[ichito]

I rather use third-party ones, like ZoneAlarm, Comodo or Symantec. Tried all of them. Symantec is clear winner here.

Symantec firewall?...Norton, Sygate, PCTools (Look'n'Stop engine)... which one is the winner?

 

[harlan4096]

I am currently using Kaspersky Security Cloud...

I guess You mean the Free version, since paid one comes with FW...

 

[Shiz]

I game a lot and the firewall that I used that didn't bother me too much was the Kaspersky suite. It's not free but it's a solid suite. Currently I use wfc with andy's hard config. Wfc notifications I disabled since as a network engineer it doesn't bother me to look at logs when something I need is blocked.

 

[monkeylove]

I guess You mean the Free version, since paid one comes with FW...

Yes. I was thinking of just getting Internet Security because I don't think I'll be needing the adaptive security features and the ones for kids, passwords, and backups found in the others, but the cost is around $80 for six devices, and I think the price is introductory, which means it goes up the ff. year. It's like buying a new hard drive yearly.

My other problem is that I'm the only one who's an experienced computer user. A second knows something and the other four novices. That means I had to minimize annoyances like UACs and being called all the time if something needs to be installed, so even a third-party firewall with simple default-deny makes things complicated for me. For example, if one app is updated, then the firewall might ask if some new module that's installed should be given permission, and a novice user might end up disabling access by default. That's why only my PC has Firewall Control; for the rest, I had to settle for Firewall App Blocker, a small program that makes it easy to add apps to block in the Windows Firewall, i.e., at least to stop some programs from phoning home even if auto updating is disabled.

I might attempt trying a free firewall with different modes (like learning), but I don't know which ones will work well with KSC. In any event, I hope this is good enough for free options.

 

[ichito]

My other problem is that I'm the only one who's an experienced computer user. A second knows something and the other four novices. That means I had to minimize annoyances like UACs and being called all the time if something needs to be installed, so even a third-party firewall with simple default-deny makes things complicated for me.

Try VS WhitelistCloud...here is some info

Whitelist Cloud Beta

Here's more from Dan about to a new stand-alone app. Enjoy! Hey Guys, so here is the first version of WhitelistCloud. As you guys know, this project started off as a simple online scanner to analyze and detect for Safe files as opposed to Malicious files… basically the exact opposite of...

malwaretips.com

a here its page

WhitelistCloud

www.whitelistcloud.com

 

[monkeylove]

Try VS WhitelistCloud...here is some info

Whitelist Cloud Beta

Here's more from Dan about to a new stand-alone app. Enjoy! Hey Guys, so here is the first version of WhitelistCloud. As you guys know, this project started off as a simple online scanner to analyze and detect for Safe files as opposed to Malicious files… basically the exact opposite of...

malwaretips.com

a here its page

WhitelistCloud

www.whitelistcloud.com

Thanks very much! I tried this, but I'm not an expert on these matters, so is this explanation right?

I scan the system manually, and it analyzes files based on what others who have contributed to the cloud, looking for anything suspicious and flags them. For those that are, I unblock those that I consider false positives. But for the free version, scans have to be done manually. The real-time version is only available as part of the pro version of Voodooshield, which also analyzes the files using a learning mode in real time in both its free and pro versions.

 

[Gandalf_The_Grey]

Thanks very much! I tried this, but I'm not an expert on these matters, so is this explanation right?

I scan the system manually, and it analyzes files based on what others who have contributed to the cloud, looking for anything suspicious and flags them. For those that are, I unblock those that I consider false positives. But for the free version, scans have to be done manually. The real-time version is only available as part of the pro version of Voodooshield, which also analyzes the files using a learning mode in real time in both its free and pro versions.

No, the free version of WhitelistCloud runs a snapshot scan automatically at Windows startup and at default settings every hour.
For those files that seem to be suspicious you can copy the hash and look them up in VirusTotal for example and whitelist them manually.
Settings windows, whitelist and the only two files I had to whitelist manually on my laptop:

 

[Cortex]

Interesting thread, I've recently started using Emsisoft again, found I had a licence I'd forgotten about - Not using any Windows Firewall controllers so seeing how it goes - Glad actually to see the back of integrated firewalls in Kaspersky, ESET etc

 

[monkeylove]

No, the free version of WhitelistCloud runs a snapshot scan automatically at Windows startup and at default settings every hour.
For those files that seem to be suspicious you can copy the hash and look them up in VirusTotal for example and whitelist them manually.
Settings windows, whitelist and the only two files I had to whitelist manually on my laptop:
View attachment 246855View attachment 246856View attachment 246857View attachment 246858

Thanks. So, the snapshot's done every startup and during the period set in the configuration. Do I assume that some files may be flagged after the system and apps are updated automatically?

I'm looking for something that requires the least amount of user input. Otherwise, I'll be called each time to make decisions for users.

 

[Gandalf_The_Grey]

Thanks. So, the snapshot's done every startup and during the period set in the configuration. Do I assume that some files may be flagged after the system and apps are updated automatically?

I'm looking for something that requires the least amount of user input. Otherwise, I'll be called each time to make decisions for users.

Everything works automatically, but you will have to make a decision about the flagged files.

 

[valvaris]

WhitelistCloud and a Firewall-Controller / App are two different things...

The WhitelistCloud is a inverted - Reputation Guard known from other AV vendors that do File Reputation the opposite way. For me WhitelistCloud is a Application Blocker / Like Faronics (Anti-Executable) / Other AV Vendors (Kaspersky/Symantec and so on...)

Why the reason / Why the difference?

On an Application like WhitelistCloud the Application is for example "OK" this means it will use all resources "IF" needed to communicate with your Local Network and therefore also the Internet. (Depends on the Application)

On a Application Firewall (Depends from Vendor to Vendor) it is possible to allow the necessary traffic to go thru (For Example a GameServer) and filter the telemetry / unknow traffic out. (Also Possible with WFC)

So since allot of developers are like non-transparent on what the Application Communicate - There are ready to use options out there... That do protect traffic... On that part I highly recommend Symantec. Almost Zero touch and works out of the box with some minimal adjustments.

AND

If you really want to get the best out of your network - I can suggest the following:

- OSI Layers ->

Spoiler

- Learn IP / Subnet (IPv4) ->

Spoiler

- Then DHCP / DNS -> (DHCP) ->

Spoiler

- (DNS) ->

Spoiler

- and then SPI Firewalls ->

Spoiler

Get yourself a used PC with at least two ports or a Open Hardware Appliance:

Example (Protectl [Hardware]) -> Protectli: Trusted Firewall Appliances with Firmware Protection
Example (Netgate [Hardware] / Pfsense [Open-Source and License Free]) -> Netgate SG-2100 Security Gateway Appliance with pfSense software
Example (Untangle [Open/Closed-Source / License Free with Limitations OR Payed with Premium Features] -> Try Untangle for Free! | Untangle

With that you will start to understand why there is a huge difference with HARDWARE / SOFTWARE Firewalling.

You do not need to be or get to be a "Network Engineer" it is just to understand how things work on your PC and understand how applications still can circumvent Blocking on the Application Layer or use a mix of Protocols. (Example DNS over HTTPs) or even Kernel-Zero-Drivers that bypass all protection on the PC.

With added Applications like Glasswire / NetBalancer / NetLimiter and so on... it is possible to see who started the connection and use the Hardware Firewall to Block it. Or redirect traffic from known Applications like / Netflix / Amazon Music / Amazon Video / Android OS / iOS / OSX Apps / Windows Apps / Windows Universal Apps that use hardcoded "Telemetry" / "DNS Server Settings" and allot more...

If you need more Info just msg me ill be glad to help.

Best regards
Val.

 

[ichito]

WhitelistCloud and a Firewall-Controller / App are two different things...

Yes, you are right but the priority was...in my meaning...such phrase of OP
" That means I had to minimize annoyances like UACs and being called all the time if something needs to be installed, so even a third-party firewall with simple default-deny makes things complicated for me."
So the goal is reduce to minimum alerts, pop-ups, etc. and VSWC is an app that can help in this issue. Every started process...even by itselves...is checked and than allowed only if safe but the unknown is bloked. Blocked process can't try making connection and receive packet from outside and by this way we can silently controll such behaviour.

BTW - you post is very informative

 

[bellgamin]

...So the goal is reduce to minimum alerts, pop-ups, etc. and VSWC is an app that can help in this issue. ... ...

VSWC?