SD a windows firewall control

[Davidov]

Ahoj what to grant an exemption in SD for windows firewall control.TNX

 

[hjlbx]

Ahoj what to grant an exemption in SD for windows firewall control.TNX

In SD goto Exclude Files\Folders from Shadow Mode. Navigate to Windows Firewall Control folder in C:\Programs or C:\Programs (x86) - depends on whether your system is 32 or 64 bit - and select Open. Do the same for any Windows Firewall Control folders in C:\ProgramData.

This will exclude all WIndows Firewall Control processes + data (rules) from SD Shadow Mode... and you will be able to keep any WFC rules you create while in Shadow Mode.

If all you want to do is retain WFC created while in Shadow Mode, then find the WFC data folder that stores those rules and exclude it from Shadow Mode. It should be in ProgramData - but might be somewhere else. If you can't find it, you can post a thread on WildersSecurity under the WFC subforum. Alexandru, the developer, will tell you exactly where to find the file.

Either way will enable you to retain rules.

Does that help ?

In thinking about WFwAS, rules are stored in the registry. So, I think the rules created via WFC are probably not savable by the method I outlined above.

The method above works for standard app data, but now that I thought about it - I do not think that it works for WFC...

I am trying to confirm with the developer.

Apologies in rushing... I think I was wrong - so I'm trying to rectify things by getting you the correct infos.

 

[Venustus]

Adding to the good advice above, you could also exclude your AV,if you use one,so that the updates "stick" while in SD mode!
Otherwise the updates to the virus signatures wont be there when you exit SD mode!

 

[hjlbx]

I am trying to find out more precise infos for you @Davidov from the WFC developer...

OK ?

 

[jamescv7]

In such little tiny tool of WFC from Bininsoft, according to the findings I use for files and directory monitoring; its just registered from Program Files other than that, none exist.

 

[hjlbx]

In such little tiny tool of WFC from Bininsoft, according to the findings I use for files and directory monitoring; its just registered from Program Files other than that, none exist.

@jamescv7

So WFC created WF rules are saved in C:\ProgramData - or - in registry ?

I would bet all rules are saved in the registry - and the OP could - if he wanted to - exclude those registry keys.

Whether or not it is practical to accomplish in Shadow Defender is a different matter... depends upon whether its Explorer allows user to specify an entire group of registry keys. However, I suspect using SD the user has to specify each excluded key individually - which means it can't be done unless you want to manually exclude each key (will take many days).

 

[WinXPert]

So WFC created WF rules are saved in C:\ProgramData - or - in registry ?

Only one way to find out. Test the program.

Changes in

HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\

Adding to the good advice above, you could also exclude your AV,if you use one,so that the updates "stick" while in SD mode!

SOmething I do with 360 so all signature updates are saved.

 

[jamescv7]

@hjlbx : The policy files is also located in Program Files which contains your rules/ predefined after the installation process.

 

[Deleted member 178]

in SD you can also exclude registry keys

 

[Davidov]

Thank you so much for your willingness thanks very much !!!! .-)). Try

 

[hjlbx]

Thank you so much for your willingness thanks very much !!!! .-)). Try

@Davidov

Firewall rules are in the registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

Thanks to Broadway over at Wilders Security...