- Mar 29, 2018
- 7,710
Thank you for your patience.
We investigated the issue you reported for TinyWallInstaller.msi downloaded from tinywall.pados.hu/files/. The warning you experienced indicates that the application has not yet established reputation within our system.
The certificate used to sign TinyWallInstaller.msi is currently in the process of establishing reputation in our system. Many factors contribute to establishing reputation, such as download traffic, download history, past anti-virus results and URL reputation, so it can be difficult to predict when a certificate will gain reputation. While your certificate is gaining reputation, your users can click through the warning and install your application by clicking on the link in the message: More information | Run anyway.
Once reputation has been established on your certificate, all your applications, when signed with the same known certificate and assuming nothing happens to denigrate the reputation of the certificate (such as being used to sign malware), should have a warn-free experience from the start. For that reason, Microsoft recommends that publishers sign all applications with the same digital certificate to help better expedite reputation gains and leverage known reputation for new and updated applications.
If establishing reputation immediately is critical, you may want to consider investing in an EV Authenticode certificate. An application signed with an EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or Authenticode certificate. EV code signing certificates are now being issued by Symantec / DigiCert and GlobalSign.
For more information, please refer to SmartScreen® Filter Frequently Asked Questions (https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx).
Regards,
Microsoft Windows Defender Response
Microsoft work like a Government. A dictatorship at times.Answer from MS:
Code:Thank you for your patience. We investigated the issue you reported for TinyWallInstaller.msi downloaded from tinywall.pados.hu/files/. The warning you experienced indicates that the application has not yet established reputation within our system. The certificate used to sign TinyWallInstaller.msi is currently in the process of establishing reputation in our system. Many factors contribute to establishing reputation, such as download traffic, download history, past anti-virus results and URL reputation, so it can be difficult to predict when a certificate will gain reputation. While your certificate is gaining reputation, your users can click through the warning and install your application by clicking on the link in the message: More information | Run anyway. Once reputation has been established on your certificate, all your applications, when signed with the same known certificate and assuming nothing happens to denigrate the reputation of the certificate (such as being used to sign malware), should have a warn-free experience from the start. For that reason, Microsoft recommends that publishers sign all applications with the same digital certificate to help better expedite reputation gains and leverage known reputation for new and updated applications. If establishing reputation immediately is critical, you may want to consider investing in an EV Authenticode certificate. An application signed with an EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or Authenticode certificate. EV code signing certificates are now being issued by Symantec / DigiCert and GlobalSign. For more information, please refer to SmartScreen® Filter Frequently Asked Questions (https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx). Regards, Microsoft Windows Defender Response
Meaning, there is no way other than many people downloading over Edge or buying an EV certificate, as originally feared. It is quite absurd, both that you need to build reputation to not get blocked even though they've already verified that you are not malware, and also that you can buy your reputation by paying hundreds of dollars for an EV certificate. Even with a normal digital certificate, they've already verified that my person and contact details are real, so what more do they want?
And maybe worst, any reputation that I manage to build up seems to be coupled to my exact digital certificate. So when I renew my certificate next year because the current one expires, my reputation will be lost and I can begin from scratch.
I am glad to cooperate. Good job
I installed v2.99.7. There seems to be a problem importing past settings.
Thanks, problem found, fixed in next build.Management 'Import' did not work. After returning to 2.1.11 and installing v2.99 again, I can use it without any problems.
The beta uses only dynamic filters, which are in place as soon as the service starts. Note TW runs as a service, so this is much sooner than user login. That being said, there is a delay between BFE and TW startup. I left it out from the first test version on purpose because persistent filters would completely cut your network in case of some bugs and a normal user wouldn't be able to recover at all. Now that I'm positive that things are working well, this will come soon (and obviously before TW3 final is released).Alright but Persistent filters which are stored persistently in the BFE service (in the registry) and applied while the BFE is running are indeed filtering connections at start up as per user created rules in this beta version, correct?
Hi everybody, I've just uploaded a new test version. As I said earlier, I focused on incorporating your feedback in this round. TinyWall users are the best!
Here's the changelog compared to the previous beta:
- Fix manual import of settings from version 2.1
- Fix user may not get notified of updates for a very long time (port from 2.1)
- Fix inbound whitelisting does not work if Windows Firewall is running
- Fix ICMPv6 filters for IPv6 connectivity
- Improved handling of batch whitelisting in Connections and Processes windows
- Don't forget blocked apps list when Connections window is closed
- Enable single-click toggling of special exceptions
- Sort Connections list by timestamp by default
- Support F5-refresh in Connections window
- Support Delete key for application exceptions list
- Eliminate flicker when updating Connections and Application lists
- Restore auto-update functionality
- Optimize blocked connection buffer handling
- Add work-in-progress Korean localization
- Add SmartScreen to app database
I'll wait a bit for feedback, and if things seem to be round, I'll move on to new features again.
Here is the message from @ultim posted to wilders.Well, it is always released today, you just have to know which today
This release contains some I-would-say-critical fixes, so all beta users are recommended to upgrade. Changelog:
- Profile updates for network printers and remote desktop
- Fix trying to unset password results in user lockout
- Fix parts of exit code not run when service is shutting down
- Fix GUI crashes if local config differs from service
- Fix tray menu entry visibility issue after (un)setting password
- Fix specified ports not shown in GUI when editing an existing rule
- Fix WF compatibility rules can be added multiple times
- New feature: Password-locked service requires the password to uninstall
Furthermore, I discovered that whitelisting an executable from a network share is broken in the betas. I know the reason, but I'm still scratching my head how to properly solve it, so it remains a known issue until some future release.
Download link
I uninstalled the beta version of v2.99 and tried a bit, but it doesn't seem like the auto-remember mode is working well.
It was a problematic uninstall that led to my EEK not updating.I'll look into it in the future, but tinywall may not reset Windows Firewall defaults when uninstalled.
@oldschool
Have you tried using v2.1.13? When I try to create a new whitelist, it is not learned at all. After further setting, the notification icon may be 'disabled' for some reason (the icon itself does not disappear).
Making a viable FW from scratch is difficult and time intensive, it isn't worth the effort, especially when Windows 10 is quite decent and tweakable. I rather better prevent a malicious process to run than block it to call home...because when your FW will block a malicious connection, it is already game over.
Using an analogy, it doesn't matter to stop a mortal wound bleeding, damages are done, better avoid the wound in the first place.
For a home user a FW shouldn't be a major concern.
I live with Windows Firewall for years, never had issues with it, I can't say the same with the 3rd party ones I used...
Now if I want a serious FW, I will go with corporate grades ones available in business solutions (SEP, Sophos, etc...), which have IPS/IDS, etc...and if I'm wealthy enough, I would go with a Hardware FW (but this is extreme for a home user lol).