Some say it's bad, some say it's good, so what's the conclusion? Tons of options to configure though, but does it mean it's a good 3th party FW? @Der.Reisende Looking forward for your tests with it in MH if you add it as companion for tested AV product, thanks. :emoji_v:
Rising Personal Firewall V16 (24.00.56.56)
- Thread starter Sunshine-boy
- Start date
- Status
At first glance it seems that this feature block some types of exploits. But in my opinion, it isn't very useful, since they seem to be very old exploits.
Anyway thanks for share.
In my opinion, this tool is quite outdated. I would recommend other firewalls like Comodo or ZoneAlarm. It worht mentioning other tools such as:
- WFC (WFAS based)
- Simplewall (WPF based - usermode) - Very simple - begginers tool
- Apr 13, 2013
- 3,224
Needless to say I had that option enabled when I ran my test. RF asked for some things (like RedEye and Crab) and not others (like some worms and a modified Tofsee). Also please remember that the malware I use tends to be a bit more aggressive in their actions.
I could not agree more! Too bad that this seems to be too much to expect as the bulk of Security solutions are oblivious to Worms (and other scriptor-like malware). God knows I've done enough videos on just this topic spanning a bunch of different products.
- Dec 29, 2014
- 1,716
Hey everyone. Was looking this over, and I like it overall. I do have a question about creating a rule for svchost.exe though. I want to customize the rule and then add specific rules for IPs, especially for DNS servers and local. I am having 2 problems:
1. When I go to create the rule like this:
The option for remote IPs is only for a range or for all IPs. Then when I try to add a range, the form will only accept two numbers inside the period breaks, where an ip can be 3 between each period break. So I can't enter my dns server since it's 209.244.0.3. I was hoping I could add the single ip twice into the range form boxes for a single IP, although my secondary IP is 209.244.0.4, so I could do a range for that. Here is a pic of the boxes:
2. Remembering an allow from the alert will turn off the custom setting. svchost.exe goes back to allowing everything. I suppose that similar issues would occur with rules for a block, since they are created in the same way.
Thanks for any assistance...
BTW, I think Fort Knox gets around this by creating separate rules for a process. Have to set the rule to block and then create allow exceptions. It has other issues with this, though (inconsistent alerting). Going back to Private Firewall and Binisoft WFC, it seems like there is always something missing or broken. With Comodo it's possible to manage this but creating IP rules is clumsy and difficult and can't be done from an alert. It was the same thing with Private Firewall way back. Working on a deeper level with Windows process connections should be possible from an alert in my opinion...like access to a rule creation dialog for special exceptions.
1. When I go to create the rule like this:
The option for remote IPs is only for a range or for all IPs. Then when I try to add a range, the form will only accept two numbers inside the period breaks, where an ip can be 3 between each period break. So I can't enter my dns server since it's 209.244.0.3. I was hoping I could add the single ip twice into the range form boxes for a single IP, although my secondary IP is 209.244.0.4, so I could do a range for that. Here is a pic of the boxes:
2. Remembering an allow from the alert will turn off the custom setting. svchost.exe goes back to allowing everything. I suppose that similar issues would occur with rules for a block, since they are created in the same way.
Thanks for any assistance...
BTW, I think Fort Knox gets around this by creating separate rules for a process. Have to set the rule to block and then create allow exceptions. It has other issues with this, though (inconsistent alerting). Going back to Private Firewall and Binisoft WFC, it seems like there is always something missing or broken. With Comodo it's possible to manage this but creating IP rules is clumsy and difficult and can't be done from an alert. It was the same thing with Private Firewall way back. Working on a deeper level with Windows process connections should be possible from an alert in my opinion...like access to a rule creation dialog for special exceptions.
Last edited:
Yes, but remember it's whitelisted by default - it might not give an alert (when misused, being hollowed by a malware) if not unchecked.and it appears that svchost.exe modules can be monitored also
However, it (the legit one) gave me tons of alerts after login, I have it back whitelisted.
If RPF does compare hashes or some other technique to differentiate that would be really cool!
Did you edit the whitelist when trying "Start module access check"?
Good findings @ichito!
So far, it seems compatible to TCPM.
I've whitelisted all processes of TCPM just in case.
One thing I've noticed:
While TCPM (and especially it's cloud) doesn't care whether I have my VPN on or not, Rising Personal Firewall cannot check for updates (maybe the chinese server(s) it connects to block VPN?).
Note I cannot access TCPM forums properly with VPN on, and I cannot access Rising page....
This may cripple some of the functions of RPF, using the cloud. Cannot confirm yet.
However, I get alerts on software trying to call out.
If you talk about the one by Sphinx software:
I like it a lot!
Easy to use, lightweight, quiet when common used softwares are whitelisted.
However, it does whitelist Windows processes (like explorer.exe, wscript.exe,...), you need the paid versions to change the rules.
All other processes will be autoblocked (if you ignore the warning popping up, in which you can change the rules).
Apart from above mentioned limitation, a clear recommendation.
- Dec 12, 2013
- 542
Yes...RFW whitelists or...saying better...it checks modules via its cloud (if option is enabled). Not every module is automatcialy allowed what I noticed in case of Chrome...see screenshot (BTW - I don't know why Chromium is not known by Rising's cloud?)
Each alert gives you time to decide what to do but I think it's also the time to check by firewall all detected modules...you can see in tab "Module info" that while checking some lines have status "Querying" ("Security level" column) befor they are considered safe of not.
Edit white list?... I've checked entries (modules) in each main rule but didn't notice someting suspicious.
The cloud doesn't work for me as I sit behind a VPN (F-Secure FreeDome).
However, it seems to use some offline ratings, as many Windows services are shown as "trusted" (they are even, if they get hollowed by malware - that's the trick to watch out for - see for example RegAsm.exe being hollowed by sample io.exe - here: https://malwaretips.com/threads/3-08-2018-21.85688/).
I'm not sure yet, but it seems as if RF does check file hashes.
Though you might have whitelisted existing software (here: every .exe I found for Tencent PC Manager), as soon as their components get replaced (here: once a week, when TCPM offers to in-app-upgrade), it will again alert as the components try calling out.
This can get pretty annoying by time.
For paranoid users however, a great plus in security. It seems to alert on every single process trying to call out (if not already whitelisted with it's current hash).
Sphinx Software Win10 Firewall control is much easier to handle. Once the .exe of Tencent were whitelisted, it did only alert when the upgrade was done and the installer tried calling out.
Note the free version of Sphinx will autoallow trusted Windows services as stated before.
It also does not seem to check #.
- Apr 1, 2017
- 1,782
Why? Because it's Chinese?I WOULDNT TOUCH THIS CRAP WITH A TEN FOOT POLE! Waste management team to remove it probs lmffao
The software is in English, only the website is in Chinese. Baidu has not been updated a few a years, currently has major issues with false positives and has no firewall.Im chinese
Qihoo or Baidu are free and better
I didn't read where you said you are Chinese. Maybe the Chinese version of Baidu is good, but the English one is terrible. I don't mind Qihoo's 360 TS/TSE.Zone Alarm or Comodo free are great with Mandarin GUI's
- Dec 12, 2013
- 542
Show me firewall from Baidu or Qihoo.Im chinese
Qihoo or Baidu are free and better
About windows 10 firewall control from Sphinx, what is the best way to know which program to allow enable all or just allow outgoing or incoming ? Thks
- Apr 1, 2017
- 1,782
- Apr 1, 2017
- 1,782
- Apr 1, 2017
- 1,782
- Apr 1, 2017
- 1,782
- Status
Similar threads
