ultim

Level 1
Answer from MS:

Code:
Thank you for your patience.

We investigated the issue you reported for TinyWallInstaller.msi downloaded from tinywall.pados.hu/files/. The warning you experienced indicates that the application has not yet established reputation within our system.
The certificate used to sign TinyWallInstaller.msi is currently in the process of establishing reputation in our system. Many factors contribute to establishing reputation, such as download traffic, download history, past anti-virus results and URL reputation, so it can be difficult to predict when a certificate will gain reputation. While your certificate is gaining reputation, your users can click through the warning and install your application by clicking on the link in the message: More information | Run anyway.
Once reputation has been established on your certificate, all your applications, when signed with the same known certificate and assuming nothing happens to denigrate the reputation of the certificate (such as being used to sign malware), should have a warn-free experience from the start. For that reason, Microsoft recommends that publishers sign all applications with the same digital certificate to help better expedite reputation gains and leverage known reputation for new and updated applications.
If establishing reputation immediately is critical, you may want to consider investing in an EV Authenticode certificate. An application signed with an EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or Authenticode certificate. EV code signing certificates are now being issued by Symantec / DigiCert and GlobalSign.
For more information, please refer to SmartScreen® Filter Frequently Asked Questions (https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx).

Regards,
Microsoft Windows Defender Response
Meaning, there is no way other than many people downloading over Edge or buying an EV certificate, as originally feared. It is quite absurd, both that you need to build reputation to not get blocked even though they've already verified that you are not malware, and also that you can buy your reputation by paying hundreds of dollars for an EV certificate. Even with a normal digital certificate, they've already verified that my person and contact details are real, so what more do they want?

And maybe worst, any reputation that I manage to build up seems to be coupled to my exact digital certificate. So when I renew my certificate next year because the current one expires, my reputation will be lost and I can begin from scratch.
 

ZeroDay

Level 28
Verified
Malware Tester
Answer from MS:

Code:
Thank you for your patience.

We investigated the issue you reported for TinyWallInstaller.msi downloaded from tinywall.pados.hu/files/. The warning you experienced indicates that the application has not yet established reputation within our system.
The certificate used to sign TinyWallInstaller.msi is currently in the process of establishing reputation in our system. Many factors contribute to establishing reputation, such as download traffic, download history, past anti-virus results and URL reputation, so it can be difficult to predict when a certificate will gain reputation. While your certificate is gaining reputation, your users can click through the warning and install your application by clicking on the link in the message: More information | Run anyway.
Once reputation has been established on your certificate, all your applications, when signed with the same known certificate and assuming nothing happens to denigrate the reputation of the certificate (such as being used to sign malware), should have a warn-free experience from the start. For that reason, Microsoft recommends that publishers sign all applications with the same digital certificate to help better expedite reputation gains and leverage known reputation for new and updated applications.
If establishing reputation immediately is critical, you may want to consider investing in an EV Authenticode certificate. An application signed with an EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or Authenticode certificate. EV code signing certificates are now being issued by Symantec / DigiCert and GlobalSign.
For more information, please refer to SmartScreen® Filter Frequently Asked Questions (https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx).

Regards,
Microsoft Windows Defender Response
Meaning, there is no way other than many people downloading over Edge or buying an EV certificate, as originally feared. It is quite absurd, both that you need to build reputation to not get blocked even though they've already verified that you are not malware, and also that you can buy your reputation by paying hundreds of dollars for an EV certificate. Even with a normal digital certificate, they've already verified that my person and contact details are real, so what more do they want?

And maybe worst, any reputation that I manage to build up seems to be coupled to my exact digital certificate. So when I renew my certificate next year because the current one expires, my reputation will be lost and I can begin from scratch.
Microsoft work like a Government. A dictatorship at times.
 

ultim

Level 1
I am glad to cooperate. Good job:)(y)(y)(y)
I installed v2.99.7. There seems to be a problem importing past settings.
Oh, okay, that should have worked, actually. Do you mean the automatic setting migration when you install a new version over an older one, or did you use the Import button in the management window after installation? The first one only works if you did not already uninstall the previous version.
 

oldschool

Level 34
Verified
@ultim continues development of TW3 and appear to be progressing nicely.

Alright but Persistent filters which are stored persistently in the BFE service (in the registry) and applied while the BFE is running are indeed filtering connections at start up as per user created rules in this beta version, correct?
The beta uses only dynamic filters, which are in place as soon as the service starts. Note TW runs as a service, so this is much sooner than user login. That being said, there is a delay between BFE and TW startup. I left it out from the first test version on purpose because persistent filters would completely cut your network in case of some bugs and a normal user wouldn't be able to recover at all. Now that I'm positive that things are working well, this will come soon (and obviously before TW3 final is released).

You may follow @ Wilders for more details Beta-testing TinyWall
 

ultim

Level 1
Hi guys! Uhm... I'll just shamelessly copy my post from Wilders here :)

Hi everybody, I've just uploaded a new test version. As I said earlier, I focused on incorporating your feedback in this round. TinyWall users are the best!
Here's the changelog compared to the previous beta:

- Fix manual import of settings from version 2.1
- Fix user may not get notified of updates for a very long time (port from 2.1)
- Fix inbound whitelisting does not work if Windows Firewall is running
- Fix ICMPv6 filters for IPv6 connectivity
- Improved handling of batch whitelisting in Connections and Processes windows
- Don't forget blocked apps list when Connections window is closed
- Enable single-click toggling of special exceptions
- Sort Connections list by timestamp by default
- Support F5-refresh in Connections window
- Support Delete key for application exceptions list
- Eliminate flicker when updating Connections and Application lists
- Restore auto-update functionality
- Optimize blocked connection buffer handling
- Add work-in-progress Korean localization
- Add SmartScreen to app database

I'll wait a bit for feedback, and if things seem to be round, I'll move on to new features again.
I should probably create a new thread as this is hardly about version 2.1.7 anymore...
 

show-Zi

Level 19
Verified
Well, it is always released today, you just have to know which today
:)


This release contains some I-would-say-critical fixes, so all beta users are recommended to upgrade. Changelog:
- Profile updates for network printers and remote desktop
- Fix trying to unset password results in user lockout
- Fix parts of exit code not run when service is shutting down
- Fix GUI crashes if local config differs from service
- Fix tray menu entry visibility issue after (un)setting password
- Fix specified ports not shown in GUI when editing an existing rule
- Fix WF compatibility rules can be added multiple times
- New feature: Password-locked service requires the password to uninstall

Furthermore, I discovered that whitelisting an executable from a network share is broken in the betas. I know the reason, but I'm still scratching my head how to properly solve it, so it remains a known issue until some future release.

Download link
Here is the message from @ultim posted to wilders.
tinywall is now v. 2.99. 9.