vistafirewallcontrol.freeforums.org

[aliens]

Hi,

i wonder why rules for Apps on mounted Volumes (e.g. Truecrypt) wont work after rebooting W7.
Only because the drive letter isnt available at bootup?

I start W7 and mount a volume x:\ with some portable apps on it, lets say i start x:\Programme\ThunderbirdPortable\ThunderbirdPortable.exe.
W7 Firewall Control pops up and i enable all for this program. It works fine for this session,
but after restarting the computer and mounting x:\ again, the program isnt allowed to acces the network anymore. Its blocked.
So i tried the right mouse buton on the program list and "Refresh" hoping to get it work again but it wont.
I need to delete the rule and let the W7 FW Control pop up again to Enable all again. Seems to be the only soultion.

Anyone know how I get this work?

[VistaFirewallControl]

Reapplying the previous settings could be enough.
The mentioned refresh just refreshes the application list from the underlying database. The option is rather for multi-user environment and does not touch application settings.

The problem is in volume mounting specifics.
WindowsFilteringPlatform (WFP), W7FC is based on, uses so called Volume paths to determine the application to protect (e.g. \Device\HarddiskVolume25\Folder\appname.exe)
W7FC operates on habitual (so called) Dos Path level (e.g Drive:\folder\appname).

Every time a drive is remounted windows assigns a new volume paths to the drive in spite of the same drive letter (e.g. X: ) is assigned to the drive. So the application security rule re-applying is required.

What to do
- get v3.2 from http://vistafirewallcontrol.freeforums.org/the-latest-betas-releases-t6.html
- mark the auto mounted drive is “removable” in TrueCrypt settings

The latest version only includes an option to verify VolumePath-to-DosPath correspondence on the startup/reboot/remount and refreshes the paths of all the applications located on removable drives.

[aliens]

Thanks for your answer.

So the application security rule re-applying is required.

Not sure what you mean/how to do. You mean manually deleting and re-adding rule?

- mark the auto mounted drive is “removable” in TrueCrypt settings

I installed 3.2 and adjusted TrueCrypt settings to mount as removable. But programs are still blocked after reboot and remount. But what do you mean with automount? For now i mount volumes (normal container-files in ntfs) with a mount.bat using a keyfile.

I read the auto-mount devices section in the TrueCrypt Docs but it seems like only partitions/devices headers are scanned?
But I'm still not really sure what this auto-mount thing exactly does

I could create a small partition instead of a container to store the network related programs on, if its needed..

[VistaFirewallControl]

“Re-applying” means opening the EditApplication dialog (by double clicking the program in the program list for instance) and pressing OK.
The procedure just deletes all the previous settings for the application and sets the (the same) selected zone again. While setting the zone W7FC converts the Dos style application path to the current (volume path) implicitly so takes into the account all the remounting specifics.

Here and below we expect
(a) the problem application is physically and finally existed at the same full path and listed by W7FC at the same path (including drive letter)
(b) The system recognizes the mounted volume as “removable”
(c) the problem is always solved by reapplying the zone. (i.e the problem is actually in automatic the reapplying process only)
(d) 10-20 seconds delay should be expected after a new mount occurred and the re-applying process is performed.

All 3.x versions are able to detect mounting removable medias on-the-fly (i.e Removable, Remote, Network, CD/DVDROM and Ramdisk).
Only 3.2 is able to do the same on the firewall start as well.

So if you mount the truecrypt drive _after_ the firewall is started everything should work on any 3.x version.
If you mount truecrypt drive _before_ the firewall start, on the system startup (e.g mounting an entire partition as truecrypt disk) 3.2 is required. 3.2 just adds the same re-applying process on the firewall start.

So please verify (a)(b)(c) and (d) above. If the problem still exists, please provide us with a step-by-step instruction for how to reproduce the problem (including TrueCrypt version).
Alternatively we could provide you with a logging version (pls contact support [at] sphinx-soft [dot] com if required).

[aliens]

Ok got it working now, thanks.
It didnt work when manually mounting the volume in TrueCrypt with removable option activated.
Then I wrote a new batch file with the option "/m rm" in it, now it works on every startup.
Oh and i switched to password instead of keyfile authentification.
I'm glad it works now.

[norddigi]

Hi! I have the same Problem.

When I Start Win7 and mount a volume like s:\ with some apps on it (like Seamonkey or Opera) W7 Firewall Control pops up and i enable all for this program.
It works fine for this session.
After restarting the computer and mounting s:\ again, the program is not allowed to access the network anymore.
It’s blocked. No chance.
I must edit the App-settings again…

____________
Win 7
Truecrypt 6.3 - TC Partition is set as “removable”
I test with 3.3.7.14 Beta and V 3.0 (release)
First the Firewall starts

[VistaFirewallControl]

At first glance we would recommend to start W7FC _after_ TC giving W7FC a chance to re-check the already mounted device.
Also we would like to reproduce, please specify the mounting details. What is encrypted by TC - an entire HDD partition?

[norddigi]

It is a several Partition.

Now I use 3.3.7.14 Beta and TC 6.3A

And now it works steady! Thanks for your good assistance.

1. WIN7 with firewall starts
2. I mount Truecrypt

Prior to that
- I uncheck volume as “removable" (!) don't know why
- delete TC Favorites and create new one (I have 2 TC-Partitions, only one with programms)

[VistaFirewallControl]

Glad to hear that. Actually "removable" option is important for W7FC correct operation with TC.

[norddigi]

Yes, and it is interesting that the Win7-Explorer mark the TC-Volumes like a removable Disk.
But in the TC-Setting it is unchecked and everything works.

Glad to hear that. Actually "removable" option is important for W7FC correct operation with TC.