vistafirewallcontrol.freeforums.org

[claudiubotezatu]

Hi,

As I mentioned in a previous post, I did not get a warning from W7FC durring activation ( should have got an Outbound connection pop up)
So I decided to to block both Windows7FirewallControl and Windows7FirewallService in Outbound rules of the original Win 7 firewall.
To my surprise, on next boot, W7FC poped up an window about C:\program files\windows7firewallcontrol\windows7firewallcontrol.exe outbound connection which I denied this time in W7FC rules; now I can see that windows7firewallcontrol.exe is permanently trying to "phone" home, see duble arrow under Run on the attachment.

Why is windows7firewallcontrol.exe required to permanenttly stay in touch with "mother ship" using a hiden connection of which regular user is not aware of and W7FC will not warn you , and what amount data is being vehiculated thru this connection?

No harm intended, but I was unable to get any info about Sphinx software (there is nothing like "About us") so I do not know what is the company reputation.

Thanks,
Claudiu

[VistaFirewallControl]

>As I mentioned in a previous post, I did not get a warning from W7FC durring activation ( should have got an Outbound connection pop up)

The activation is performed explicitly from within the same program. So the application detecting/listing is redundant as the action is explicitly initiated by you.


>To my surprise, on next boot, W7FC poped up an window about C:\program files\windows7firewallcontrol\windows7firewallcontrol.exe outbound connection which I denied this time in W7FC rules;
now I can see that windows7firewallcontrol.exe is permanently trying to "phone" home, see duble arrow under Run on the attachment.

1. Double arrow means the process running (W7FC is actually running), the arrow does not indicate the traffic activity. Please read the manual.
2 The detection is based on the initial blocking of non-listed applications. W7FC gathers all the blocking events, including events from WindowsFirewall (WF). So being blocked by WF, W7FC prompts regarding the unlisted application. Anyway WF blocking is final (the blocking takes precedence) in spite of whether it’s enabled by W7FC itself.
3. W7FC does not try to “phone” permanently. If you would like to be sure, dump the traffic yourself first please, before making the incorrect assumptions
The “home” connection is established only for the registration.
All the other connections are established to your router to manage uPnP (configured).
Uncheck Port Forwarding/Sync to suppress.
The next version to come will add another background, only in-LAN activity only. The activity is intended to manage other W7FC installations (if any) on the LAN to create joined security policy.


>Why is windows7firewallcontrol.exe required to permanenttly stay in touch with "mother ship"

That’s not correct.

>using a hiden connection of which regular user is not aware of and W7FC will not warn you ,

You explicitly asked for the network based operations. So the activity is not hidden.

>and what amount data is being vehiculated thru this connection?

uPnP and the (expected) in-LAN operations are implemented via the system core, so W7FC does not initiate the activity directly, but via calling the native system services only.
The utility to dump the network traffic are available from third parties. You can verify every byte (if any) sent. The low level connection establishing and the data exchange are beyond W7FC scope.