vistafirewallcontrol.freeforums.org

[nieroster]

Hello,

I do not want to use the remote management feature introduced in v4.5.1.15. The problem with this feature is, that it constantly seems to search for other PCs in the network and this seems to keep the NAS busy although not accessing it.

I have not found any setting on the settings tab (why?). There is only the option to disable it right after installation, but this does not seem to affect the behaviour at all. At the bottom there is still the option to select a different machine and a "searching..." status every now and then. So it seems that the feature is still active.

If I have installed the program without unchecking the remote feature in the first place, do I have to do a complete uninstall/reinstall to deactivate the feature? Or does a reinstall over an existing installation help (although it does not seem so)? Is there some associated registry setting to deactivate it? If yes, which?

Regards,
Franz

[VistaFirewallControl]

There is no way to switch all the remote related options off at the moment.
Seems there is a need to implement the options rapidly.
Actually there are 3 related features

1) Remote accessibility to the installation.
There should be no any related harm. No incoming management – no the related activity at all.
You could optionally delete a special user account W7FC creates from the system to be sure there will be no remote incoming management possible principally.

2) Remote peers discovering.
It’s a once-per-10secs running background thread sniffing network neighbourhood. The discovering is made via the system API exclusively, so no harm should be involved.
The system itself discovers the peers in the same way exactly.
We would be curious in reproducing a related problem if any.
Could you try to set a AllApps disabling rule to NAS, for instance, for the experiment.

3) Remote management on the discovered peers.
This is done by selecting a listed computer the drop down box.
However if the selected item is marled (This PC), i.e. the current computer, no additional activity is produced.

Could you please comment (2) and (3)

Also we are publishing the next beta build. The related operations are re-implemented.

[nieroster]

Thank you for the quick reply! See my comments below:

1) Remote accessibility to the installation.
To my mind this is an issue when thinking of Wireless LAN for example. Ofcourse I use encryption and MAC filtering, but no system is 100% safe.

2) Remote peers discovering.
Is W7FWC generating traffic here? Or does it just access the system provided data?
How do I set an AllApps disabling rule to NAS? And wouldn't this prevent accessing the shared folders of the NAS as well?

3) Remote management on the discovered peers.
I have selected This PC of course, but every few seconds (can be ten) I see "searching..." next to it. And in the drop down field the NAS is listed.

So correct me if I'm wrong: The option after installing W7FWC is meant that no remote control of this PC is allowed but not the remote access to other PCs with a W7FWC installation. So the W7FWC network detection mechanism is active all the time and cannot be disabled?

Regards,
Franz

[VistaFirewallControl]

>1) Remote accessibility to the installation.
To my mind this is an issue when thinking of Wireless LAN for example. Ofcourse I use encryption and MAC filtering,

Do not think so.
W7FC has no independent remote controlling request “listeners”
W7FC relies (finally) in the system’s RPC. So if the physical access is available (not firewalled),
if the related system services are started (this is by default however) and the user (that W7FC creates for the controlling) is authorized by the native system’s mechanism, after that only W7FC can be accessible to the remote operations.
So if do not have login/pass of the W7FC user account – no chance.

> but no system is 100% safe

Following the logic even switched off computer is about to be 100% only. It can be switched on accidentally.
Undoubtedly any remote access is potentially unsafe but W7FC does not “stand” before the native protection and authorization.


>2) Remote peers discovering.
Is W7FWC generating traffic here? Or does it just access the system provided data?

It calls Windows API for the peers discovering (no own traffic is generated).
The calls finally causes UDP broadcasts of the system (there is no other way to discover obviously). The system does the same on its own, if enabled (W7FC follows the permissions).
So formally it asks the system for the data and uses the data then

>How do I set an AllApps disabling rule to NAS? And wouldn't this prevent accessing the shared folders of the NAS as well?

Better insert Windows7FirewallControl.exe into the program list manually and apply a zone with
ZoneResult=Enable and a single rule (Rule(result)=Disable) with A.B.C.D NAS’s IP.


>3) Remote management on the discovered peers.
I have selected This PC of course, but every few seconds (can be ten) I see "searching..." next to it. And in the drop down field the NAS is listed.

Update, the discovery logic is changed in 4.6


>So correct me if I'm wrong: The option after installing W7FWC is meant that no remote control of this PC is allowed but not the remote access to other PCs with a W7FWC installation. So the W7FWC network detection mechanism is active all the time and cannot be disabled?

Correct with a note. The detection mechanism is not independent, not W7FC installations are detected, but Windows computers are detected only. If a computer is detected you can (explicitly, by changing a PC from the drop down box) ask to connect to a W7FC installation (if any on that PC). The above is correct for 4.6 at least.
Note: 4.5 tries to connect to W7FC remote installation automatically for any peer found.

[nieroster]

Thanks a lot for your answers!

For the moment I reverted to 4.1 (therefore the really annoying re-registration issue) and there are no problems with the NAS anymore. I hope in future versions you will include an option to deactivate this feature completely for users that do not need it.

Enabling any form of remote access by default is not a good idea anyway. Although there might be situations where this feature is meaningful, personally I cannot imagine any home user requiring this.

Regards,
Franz

[VistaFirewallControl]

There is lot of users with several computers at home.
The new approach allows controlling all the computers form a single point and allows to avoid purchasing multiple single-installation licenses.

[RangerXus]

Greetings:

Can you expand on your statement "The new approach allows controlling all the computers form a single point and allows to avoid purchasing multiple single-installation licenses."?

I was thinking remote management allowed one W7FC installation to manage the rules on another computer's W7FC installation. Your statement implies that the remote would not have to have a licensed copy.

Is there documentation on this new feature somewhere?

[VistaFirewallControl]

>I was thinking remote management allowed one W7FC installation to manage the rules on another computer's W7FC installation. Your statement implies that the remote would not have to have a licensed copy.

Depending on the version.
The Plus version (with the feature included) has to be licensed per every installation media.
The Network/Could edition is able to control multiple computers.
However the license allows controlling _from_ the single point _only_.
The other computers will not be able to control the permissions locally.

So, informally, any controlling point requires licensing, controlled point licensing - version dependent.


>Is there documentation on this new feature somewhere?

Included in 5.x beta.

[RangerXus]

Thanks. I read the help and understand now.

There is no pricing on the cloud version. I am assuming it will be priced more for sites that have a lot of computers that need firewalls and not for home environments that need only one to three licenses.

[VistaFirewallControl]

There will be several separate licenses, for instance, for 3,5,10,50, unlimited computers in the network. Obviously the licenses will be priced differently.