Advice Request Need a Firewall WFC/TinyWall

Please provide comments and solutions that are helpful to the author of this topic.

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
Hi,
So i need a Software to control Windows Firewall,
(...)
something that be quiet, and JUST notify me about untrusted programs making connections?
People forget about SpyShelter Free that is light, efficient and easy to manage firewall and HIPS alerts and rules...actively monitored action here
 

ultim

Level 2
Oct 13, 2011
86
And so far TinyWall seems worst than WFC like i can't even find a manual, pdf or something that explain what these options do like i have a "unblock LAN Traffic" i mean what does it even mean? my LAN network is blocked ? did you blocked my lan network? why?
As others have noted TW will not give you popups. To answer your other questions, TW's working principle is very simple (this is its Normal mode): Block all network access for all applications, except for those which have an exception created for them. So, you want to give network access to a program? Create an exception for it, for example by using one of the "Whitelist by..." options in the tray menu.

"LAN" stands for Local Area Network, and it basically means "Network that is not the internet" in layman's terms. So if you enable "Unblock LAN Traffic" TinyWall will not block applications that try to access other devices in your home and not the internet (such as a network printer, a media server, or a file share on your dad's computer... you get the point).

Anyway, most of your questions are already answered in the FAQ, which is also installed on your computer when you install TinyWall.

The Thing is with Application Firewalls on PC Systems there is that issue that they start to protect when you login to windows. Some other Application Firewall can start when Windows Boot but that requires them to install a Service and/or a Protocol Driver.
TinyWall is one such thing. Ever since the first release of v3, it starts filtering traffic according to your rules right from boot, not just when the desktop starts loading.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
It seems that the type of Firewall you're looking for need some kinds of malware knowledge. I mean you want it to allow trusted programs but trigger an alert if something not so trustworthy tries to make connections, right? An ordinary Firewall program may not know what's trusted and what not. As @oldschool suggested, you can configure Comodo Firewall in such way which may fit your needs. I'm not a Comodo expert so can't go into details.
The other one that comes to my mind is the Firewall of Norton. I think even in default mode it asks users permission when something suspicious tries to make connections. If it doesn't on default then you can configure it in such way. A familiar Norton user should be able to give you more info on this. But of course for using this you need to change your current AV and switch to Norton so.......
 

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
489
I am currently using Kaspersky Security Cloud because Windows Defender slows down my system, but it doesn't come with a firewall. I notice that some apps want to go online even if I configured some of them not to update or don't see why they should, and I can only those attempts with a third-party program. I don't have much time to go over any access logs and study them.

I found out that several free firewalls don't work with KSC, so I had to experiment and went back to what I used before, which was the free version of Sphinx Windows Firewall Control:


Both the antivirus and the firewall seem to be working fine. I think after installation, the firewall selects what it sees as system files and enables Internet access for them, and in read-only mode so they can't be changed. From there, anything else that accesses the local network or the 'net is flagged, from which I have to decide whether to enable or disable permanently or temporarily. If I change my mind, I go to the list of programs and then change the access type.

I'm guessing free versions of other firewalls (I used Binsoft once) operate in similar fashion, with some that use learning mode. For the one I'm using, there's no such mode, but after running various programs, I was able to flag most of the apps.

Finally, I hope this is good enough, because I don't want to spend too much on paid software. I was thinking of getting the paid AV with firewall, but it costs something like $40 for three devices for the first year (and that's discounted?), and I need to buy for six, so that's like buying a new hard drive every year.
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
Thanks for all the comments
i went with Comodo Free Firewall after all and it's working the way i wanted it.
just turned off HIPS and all other stuff and it became a solid Firewall alone
In the near future, comodo will release a new version. I'm a little interested in it.
We also recommend that you check the official comodo forums regularly.(y)

 

Shiz

Level 1
Verified
Nov 16, 2018
47
I game a lot and the firewall that I used that didn't bother me too much was the Kaspersky suite. It's not free but it's a solid suite. Currently I use wfc with andy's hard config. Wfc notifications I disabled since as a network engineer it doesn't bother me to look at logs when something I need is blocked.
 

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
489
I guess You mean the Free version, since paid one comes with FW...

Yes. I was thinking of just getting Internet Security because I don't think I'll be needing the adaptive security features and the ones for kids, passwords, and backups found in the others, but the cost is around $80 for six devices, and I think the price is introductory, which means it goes up the ff. year. It's like buying a new hard drive yearly.

My other problem is that I'm the only one who's an experienced computer user. A second knows something and the other four novices. That means I had to minimize annoyances like UACs and being called all the time if something needs to be installed, so even a third-party firewall with simple default-deny makes things complicated for me. For example, if one app is updated, then the firewall might ask if some new module that's installed should be given permission, and a novice user might end up disabling access by default. That's why only my PC has Firewall Control; for the rest, I had to settle for Firewall App Blocker, a small program that makes it easy to add apps to block in the Windows Firewall, i.e., at least to stop some programs from phoning home even if auto updating is disabled.

I might attempt trying a free firewall with different modes (like learning), but I don't know which ones will work well with KSC. In any event, I hope this is good enough for free options.
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
My other problem is that I'm the only one who's an experienced computer user. A second knows something and the other four novices. That means I had to minimize annoyances like UACs and being called all the time if something needs to be installed, so even a third-party firewall with simple default-deny makes things complicated for me.
Try VS WhitelistCloud...here is some info
a here its page
 

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
489
Try VS WhitelistCloud...here is some info
a here its page

Thanks very much! I tried this, but I'm not an expert on these matters, so is this explanation right?

I scan the system manually, and it analyzes files based on what others who have contributed to the cloud, looking for anything suspicious and flags them. For those that are, I unblock those that I consider false positives. But for the free version, scans have to be done manually. The real-time version is only available as part of the pro version of Voodooshield, which also analyzes the files using a learning mode in real time in both its free and pro versions.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Thanks very much! I tried this, but I'm not an expert on these matters, so is this explanation right?

I scan the system manually, and it analyzes files based on what others who have contributed to the cloud, looking for anything suspicious and flags them. For those that are, I unblock those that I consider false positives. But for the free version, scans have to be done manually. The real-time version is only available as part of the pro version of Voodooshield, which also analyzes the files using a learning mode in real time in both its free and pro versions.
No, the free version of WhitelistCloud runs a snapshot scan automatically at Windows startup and at default settings every hour.
For those files that seem to be suspicious you can copy the hash and look them up in VirusTotal for example and whitelist them manually.
Settings windows, whitelist and the only two files I had to whitelist manually on my laptop:
Schermafbeelding 2020-10-03 105309.jpgSchermafbeelding 2020-10-03 105407.jpgSchermafbeelding 2020-10-03 105433.jpgSchermafbeelding 2020-10-03 105454.jpg
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Interesting thread, I've recently started using Emsisoft again, found I had a licence I'd forgotten about - Not using any Windows Firewall controllers so seeing how it goes - Glad actually to see the back of integrated firewalls in Kaspersky, ESET etc
 

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
489
No, the free version of WhitelistCloud runs a snapshot scan automatically at Windows startup and at default settings every hour.
For those files that seem to be suspicious you can copy the hash and look them up in VirusTotal for example and whitelist them manually.
Settings windows, whitelist and the only two files I had to whitelist manually on my laptop:
View attachment 246855View attachment 246856View attachment 246857View attachment 246858

Thanks. So, the snapshot's done every startup and during the period set in the configuration. Do I assume that some files may be flagged after the system and apps are updated automatically?

I'm looking for something that requires the least amount of user input. Otherwise, I'll be called each time to make decisions for users.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Thanks. So, the snapshot's done every startup and during the period set in the configuration. Do I assume that some files may be flagged after the system and apps are updated automatically?

I'm looking for something that requires the least amount of user input. Otherwise, I'll be called each time to make decisions for users.
Everything works automatically, but you will have to make a decision about the flagged files.
 

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
WhitelistCloud and a Firewall-Controller / App are two different things... ;)

The WhitelistCloud is a inverted - Reputation Guard known from other AV vendors that do File Reputation the opposite way. For me WhitelistCloud is a Application Blocker / Like Faronics (Anti-Executable) / Other AV Vendors (Kaspersky/Symantec and so on...)

Why the reason / Why the difference?

On an Application like WhitelistCloud the Application is for example "OK" this means it will use all resources "IF" needed to communicate with your Local Network and therefore also the Internet. (Depends on the Application)

On a Application Firewall (Depends from Vendor to Vendor) it is possible to allow the necessary traffic to go thru (For Example a GameServer) and filter the telemetry / unknow traffic out. (Also Possible with WFC)

So since allot of developers are like non-transparent on what the Application Communicate - There are ready to use options out there... That do protect traffic... On that part I highly recommend Symantec. Almost Zero touch and works out of the box with some minimal adjustments.

AND

If you really want to get the best out of your network - I can suggest the following:

- OSI Layers ->

- Learn IP / Subnet (IPv4) ->

- Then DHCP / DNS -> (DHCP) ->

- (DNS) ->

- and then SPI Firewalls ->


Get yourself a used PC with at least two ports or a Open Hardware Appliance:

Example (Protectl [Hardware]) -> Protectli: Trusted Firewall Appliances with Firmware Protection
Example (Netgate [Hardware] / Pfsense [Open-Source and License Free]) -> Netgate SG-2100 Security Gateway Appliance with pfSense software
Example (Untangle [Open/Closed-Source / License Free with Limitations OR Payed with Premium Features] -> Try Untangle for Free! | Untangle

With that you will start to understand why there is a huge difference with HARDWARE / SOFTWARE Firewalling.

You do not need to be or get to be a "Network Engineer" it is just to understand how things work on your PC and understand how applications still can circumvent Blocking on the Application Layer or use a mix of Protocols. (Example DNS over HTTPs) or even Kernel-Zero-Drivers that bypass all protection on the PC.

With added Applications like Glasswire / NetBalancer / NetLimiter and so on... it is possible to see who started the connection and use the Hardware Firewall to Block it. Or redirect traffic from known Applications like / Netflix / Amazon Music / Amazon Video / Android OS / iOS / OSX Apps / Windows Apps / Windows Universal Apps that use hardcoded "Telemetry" / "DNS Server Settings" and allot more...

If you need more Info just msg me ill be glad to help.

Best regards
Val.
 
Last edited:

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
WhitelistCloud and a Firewall-Controller / App are two different things... ;)
Yes, you are right but the priority was...in my meaning...such phrase of OP
" That means I had to minimize annoyances like UACs and being called all the time if something needs to be installed, so even a third-party firewall with simple default-deny makes things complicated for me."
So the goal is reduce to minimum alerts, pop-ups, etc. and VSWC is an app that can help in this issue. Every started process...even by itselves...is checked and than allowed only if safe but the unknown is bloked. Blocked process can't try making connection and receive packet from outside and by this way we can silently controll such behaviour.

BTW - you post is very informative (y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top