SD a windows firewall control

Status
Not open for further replies.
Davidov

Davidov

Level 10
Thread author
Verified
Well-known
Sep 9, 2012
470
1,543
868
42
CR
Ahoj what to grant an exemption in SD for windows firewall control.TNX
 
Davidov said:
Ahoj what to grant an exemption in SD for windows firewall control.TNX
Click to expand...

In SD goto Exclude Files\Folders from Shadow Mode. Navigate to Windows Firewall Control folder in C:\Programs or C:\Programs (x86) - depends on whether your system is 32 or 64 bit - and select Open. Do the same for any Windows Firewall Control folders in C:\ProgramData.

This will exclude all WIndows Firewall Control processes + data (rules) from SD Shadow Mode... and you will be able to keep any WFC rules you create while in Shadow Mode.

If all you want to do is retain WFC created while in Shadow Mode, then find the WFC data folder that stores those rules and exclude it from Shadow Mode. It should be in ProgramData - but might be somewhere else. If you can't find it, you can post a thread on WildersSecurity under the WFC subforum. Alexandru, the developer, will tell you exactly where to find the file.

Either way will enable you to retain rules.

Does that help ?

In thinking about WFwAS, rules are stored in the registry. So, I think the rules created via WFC are probably not savable by the method I outlined above.

The method above works for standard app data, but now that I thought about it - I do not think that it works for WFC...

I am trying to confirm with the developer.

Apologies in rushing... I think I was wrong - so I'm trying to rectify things by getting you the correct infos.
 
Last edited by a moderator:
  • Like
Reactions: Davidov, Sr. Normal, jamescv7 and 1 other person
Adding to the good advice above, you could also exclude your AV,if you use one,so that the updates "stick" while in SD mode!
Otherwise the updates to the virus signatures wont be there when you exit SD mode!
 
  • Like
Reactions: Davidov, Sr. Normal and frogboy
In such little tiny tool of WFC from Bininsoft, according to the findings I use for files and directory monitoring; its just registered from Program Files other than that, none exist.
 
  • Like
Reactions: Davidov
jamescv7 said:
In such little tiny tool of WFC from Bininsoft, according to the findings I use for files and directory monitoring; its just registered from Program Files other than that, none exist.
Click to expand...

@jamescv7

So WFC created WF rules are saved in C:\ProgramData - or - in registry ?

I would bet all rules are saved in the registry - and the OP could - if he wanted to - exclude those registry keys.

Whether or not it is practical to accomplish in Shadow Defender is a different matter... depends upon whether its Explorer allows user to specify an entire group of registry keys. However, I suspect using SD the user has to specify each excluded key individually - which means it can't be done unless you want to manually exclude each key (will take many days).
 
hjlbx said:
So WFC created WF rules are saved in C:\ProgramData - or - in registry ?
Click to expand...

Only one way to find out. Test the program.

UovDsJd7ISXimVUQ_iWggZVCN-qPp5X1jcQHOSBPw2Q=w702-h274


Changes in

HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\

venustus said:
Adding to the good advice above, you could also exclude your AV,if you use one,so that the updates "stick" while in SD mode!
Click to expand...

SOmething I do with 360 so all signature updates are saved.
 
Last edited:
  • Like
Reactions: jamescv7, Davidov, Sr. Normal and 1 other person
@hjlbx : The policy files is also located in Program Files which contains your rules/ predefined after the installation process.

EGaoyN5.png
 
  • Like
Reactions: Venustus
Status
Not open for further replies.

You may also like...