vistafirewallcontrol.freeforums.org

[Hirschgoulasch]

I'm using v4.1.21.93 free edition on Windows 7 x64 SP1.

For many weeks everything was fine - just about a week ago WFC started to no more popup a confirmation dialogue when an unknown application tries to connect (or to listen).

I tried to change the .exe of the service and the control GUI to run as admin (also for all users): didn't work
I tried to change the service's account from LOCAL SYSTEM to Admin account: didn't work
I tried to set the service's account setting to allow communication between service and desktop: didn't work

So... What is the idea?

[VistaFirewallControl]

The service must be launched as SYSTEM or Admin (if elevated only).
GUI panel is insensitive to account.
Service to desktop communication is not used by W7FC

> (or to listen).

Strictly speaking you should not expect application detection on the listening.
W7FC detects connections only, incoming and outgoing.
So just listening application, without any attempts to connect to the application, will not be detected.


First of all, verify Settings/DisablePopup. Evidently, hast to be unchecked

The new application detection is based on the system core ability to gather/process underlying network events. So if the system stops gathering/processing the events you should not see W7FC blocking notification as well. Please verify, whether the blocking notifications are still available on W7FC blocking.

If there are no popups and the blocking notifications as well.
- try to just reboot. There are several known cases of the system loses the ability to gather/process the events on its own. Reboot typically helps.
- try to invoke
“netsh wfp show options optionsfor=netevents”
from command line.The result should be
“netevents = on”
Otherwise, set the events on by
"netsh wfp set options netevents = on"

Please keep us posted

[Hirschgoulasch]

The service must be launched as SYSTEM or Admin (if elevated only).

I tried both.

So just listening application, without any attempts to connect to the application, will not be detected.

I just rechecked again and again after exiting firefox, deleting firefox from the app list (and resetting statistics), exiting WFC and restarting the service, launching firefox again...

First of all, verify Settings/DisablePopup. Evidently, hast to be unchecked

Checked. Okay.

The new application detection is based on the system core ability to gather/process underlying network events. So if the system stops gathering/processing the events you should not see W7FC blocking notification as well. Please verify, whether the blocking notifications are still available on W7FC blocking.

If there are no popups and the blocking notifications as well.
- try to just reboot. There are several known cases of the system loses the ability to gather/process the events on its own. Reboot typically helps.

I just did that a few times withing the last week. That is not the matter.

- try to invoke
“netsh wfp show options optionsfor=netevents”
from command line.The result should be
“netevents = on”
Otherwise, set the events on by
"netsh wfp set options netevents = on"

Status is “netevents = on” - not the matter.

[VistaFirewallControl]

Please try to switch OFF
"netsh wfp set options netevents = off"
And back ON
"netsh wfp set options netevents = on"
You may be shown with a meaningful message.

Actually the system core is responsible for the events gathering/processing solely; W7FC just uses the API to pick up the events.

We could provide you with simple test program to verify the event operability.
The test will be a pure diagnostic utility beyond W7FC.
If there are no events coming from the system, the typical system repair process should be used (restore points or so)

[Hirschgoulasch]

...after "netsh wfp set options netevents = off" it's just impossible to restart that -> Access is denied.

I'm not firm with netsh - so please tell me if it's just a reboot or did I just break it on purpose after your hint?

The "simple test program" - what is it? If it could help me out of that then yes, please provide me.


---

btw the Event Viewer doesn't list anything under WFP.

[VistaFirewallControl]

>..Access is denied…

That means an inconsistency in the underlying system objects. W7FC can’t be involved in the problem.

Netsh usage is not a hint, it’s just a pure system operations to switch the events on/off.

We register a single incident with the events previously. The user tried to manipulate with system32\wfp\wfpdiag.etl (the core events database) manually. The system turned out broken after that. Please find the related thread in the forum if you would like to.

The internals are not documented unfortunately. Netsh is the only system level operation to manipulate the events. The operation is documented and safe (according to the documentation at least, i.e. no any warnings are mentioned in the documentation).
On consistent systems the events can be switched on/off any time without a hassle.

Unfortunately we can hardly suggest a reason and a solution either, the problem is pure system related.

>The "simple test program" - what is it? If it could help me out of that then yes, please provide me.

The test could make sense if the underlying operations were correct completely, but the events availability is still questionable. So if the netsh related operations fail, the test makes no sense.