Battle TinyWall Vs SimpleWall

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
hello everybody
I want to discuss the difference between Tiny wall and simple wall from features and protection restrictions mechanisms
I think Tiny wall is for configuring advanced windows firewall rules however simple wall is for managing WFP (windows filtering platform)
Which is better for protection? less in conflicts after configuration ?? Has many effects as a defense mechanism?
correct me if any of my understanding is wrong
 
Last edited by a moderator:

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
Only first time after installing. I using the portable version so everything is set for even after new Windows installation.
I don't know if TinyWall rules can be imported in SimpleWall! :unsure:
Tiny wall export extension is specific for tiny wall (.tws) which is different than windows firewall rules export (.WFW). so i donot know if it could imported in simplewall or not. which extension the exported rules from simple wall has ?
may you try to rename the extension and import. but i think the export from Tinywall has also Tinywall settings also (not firewall rules only) so it might not be compatible with simple wall software
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
yes Learning mode is great method to take off a lot of hassle to whitelist some programs if you couldn't get to the exact service or exe which need internet access to make your program work as intended file to make your program work

@ultim has written this about learning mode:

- From the FAQ:
"Why doesn't auto-learn learn the rules I need?
To prevent unintentionally learning rules that could make almost every program access the internet, TinyWall's auto-learn function has been restricted from learning rules for system or svchost processes. Furthermore, due to technical limitations in Windows, auto-learn cannot recognize services. As a result, TinyWall's auto-learn mode is mostly only suited to learning traditional desktop applications installed by the user themself."
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Tiny wall export extension is specific for tiny wall (.tws) which is different than windows firewall rules export (.WFW). so i donot know if it could imported in simplewall or not. which extension the exported rules from simple wall has ?
may you try to rename the extension and import. but i think the export from Tinywall has also Tinywall settings also (not firewall rules only) so it might not be compatible with simple wall software
SimpleWall uses xml format. Yes right. Those won't work as they are two different programs.
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
@ultim has written this about learning mode:

- From the FAQ:
"Why doesn't auto-learn learn the rules I need?
To prevent unintentionally learning rules that could make almost every program access the internet, TinyWall's auto-learn function has been restricted from learning rules for system or svchost processes. Furthermore, due to technical limitations in Windows, auto-learn cannot recognize services. As a result, TinyWall's auto-learn mode is mostly only suited to learning traditional desktop applications installed by the user themself."
yes i was talking about desktop application not system process or services. instead of tracing certain program process to whitelist it in Tinywall you could use autolearn. for example i faced this problem with pycharm before although i whitelisted all executable files in its installation path and all running process i couldn't update or install plugins from its market until i used auto learn mode.may be the program was utilizing some system process which enabled when i used auto learn mode actually i don't know but the problem is resolved
 
  • Like
Reactions: Protomartyr

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Guys don't forget that a portable program isn't protected by UAC by default.
And simplewall isn't digital signed with a certificate like TinyWall or MalwareBytes Windows Firewall Control.
These doesn't matter if one trusts the program. Just cause TinyWall and WFC are digitally signed and triggers UAC doesn't mean they are better. Nowadays even many malwares comes digitally signed. SimpleWall is open source so one can check the codes to see if it's doing anything suspicious underneath while other two are closed sourced no way to check that but it doesn't mean that SimpleWall is better. All three are very good products, trusted by the community with no bad records so far.
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
These doesn't matter if one trusts the program. Just cause TinyWall and WFC are digitally signed and triggers UAC doesn't mean they are better. Nowadays even many malwares comes digitally signed. SimpleWall is open source so one can check the codes to see if it's doing anything suspicious underneath while other two are closed sourced no way to check that but it doesn't mean that SimpleWall is better. All three are very good products, trusted by the community with no bad records so far.
But it is better to verify the program at least before using it.yes it is trusted you should at least verify the the binaries aren't modified "remember the C cleaner installer modification accident before in the official website
also this may problem with any AV software utilizing trusted application control such as kaspersky. need an exception
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
But it is better to verify the program at least before using it.yes it is trusted you should at least verify the the binaries aren't modified "remember the C cleaner installer modification accident before in the official website
also this may problem with any AV software utilizing trusted application control such as kaspersky. need an exception
Yeah I agree. Verifying the hash is useful in this case.
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
@SeriousHoax i am trying simple wall right now
for blocked process i chose open containing folder and it doesn't open it could you know the reason ?
1587942615114.png

also additional question is there any of blocked exe could break something and if that how do you know i want to know if there is any guide to know if this process is optional or mandatory to allow :unsure: :unsure: ??
i read that hxtsr.exe is important process related to office (outlook) and should be allowed unless it is malicious what do you think ?
 
F

ForgottenSeer 85179

@SeriousHoax i am trying simple wall right now
for blocked process i chose open containing folder and it doesn't open it could you know the reason ?
View attachment 238189
also additional question is there any of blocked exe could break something and if that how do you know i want to know if there is any guide to know if this process is optional or mandatory to allow :unsure: :unsure: ??
i read that hxtsr.exe is important process related to office (outlook) and should be allowed unless it is malicious what do you think ?
If you don't know what you do, you better don't block internal system processes ;)

It will break important stuff!
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
for blocked process i chose open containing folder and it doesn't open it could you know the reason ?
Maybe an unexpected bug that I haven't faced. Open containing folder works for me.
I see that you even blocked svchost and System/ntoskrnl. No no don't ever do that. svchost, system are the main system process and allowing it internet connection is a must.
If you want then there's one thing you can do to harden it, which is what I did and that is, create an allow outbound rule for TCP protocol for remote port 80, 443 only and set svchost.exe to use this rule. I can assure you that it never breaks anything because legit processes only make connection via svchost in the ports.
svc.PNG
You may also wanna enable taskhostw.exe because some scheduled tasks requires it.
I don't know about hxtsr.exe because I don't use any MS Office/Outlook. So, if it is necessary for this to work then you should enable it.
also additional question is there any of blocked exe could break something and if that how do you know
I think the logging option isn't enabled by default. You should enable it. By default it will open it in Notepad but you can customize it open it another app eg: I prefer Notepad++ so that's what I did. Check log for checking all blocked connections.
log.PNGlg.pngll.PNG
Also enable resolve network address and check apps for digital signatures.
d.PNG
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
If you don't know what you do, you better don't block internal system processes ;)

It will break important stuff!
Removed it and reverted back to Tinywall again
it blocked my network connections
i will try to learn more about it then try installing it again
also couldnot tun it using SUA and it didnot start after window boot.i donot know why ?
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
it written during installation it should run as administrator i did and it is installed
however it didnot run after reboot also it seems it couldnot run after reboot because of hard configurator is enabled
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top