vistafirewallcontrol.freeforums.org

[slownick]

Heyllo folks,
I am new to the app "windows 7 Firewall Controll". Just after installing and switching to Modus "normal" all Network is blocked, no connection to my router and so on. I can only get internet by using the modus "allowing all", but this cannot be the sense of a firewall, right? So What do I have to to or what is wrong?

Thanks
Nicp

[VistaFirewallControl]

Sorry for the delay.

Typically W7FC specifies the blocking reason precisely, if an application is blocked by W7FC.
Did you see any?
Mode:EnableAll takes precedence and can override any block.
However Mode:Normal is not so aggressive, so may be overwritten (over blocked) by a third party (firewall or antivirus).
For instance an antivirus has online filtering option and passes all the network traffic through a related AV service. Incorrect permissions for the AV service can make the entire network inaccessible as the result.

Please also verify WindowsFirewall policy that can be accidentally changed to block all the traffic (incoming and outgoing) as well.

We would be happy to make more useful suggestions if you provide us with more details.

[slownick]

No Windows firewall ist activated and set to inform me whenever a program wants access.
Butr all conenctions als blocked and I do not get informed. Only works when I allow all. So what else can I do or check?
I do not know what tot ell you more as I have to clue.

[VistaFirewallControl]

We still have nothing to catch on unfortunately.
The fact is all the connections are blocked without W7FC applications detection and blocking notifications.
So the W7FC application list is empty. Correct? (any screenhost?)
None of the W7FC related rules are triggered. That means the traffic just did not reach the W7FC rules and is blocked (not allowed) before W7FC.
If you have no an evident network filtering third party (firewall or antivirus), WindowsFirewall (with Advanced security) is still the first candidate to verify/manage against the applied security policy and existing blocking filters (including Action/Default option).

Also there is a reason to verify the underlying connectivity.
For instance whether you router is pingable being blocked from the normal (http?) access.

Did you try to just restart the system? Sometimes (rarely) the system internal (mistaken) state prevents from generating the blocking notifications the W7FC application detection is based on.

Did you try to add a web browser into the application list manually and set the browser to EnableAll. After that the router should be accessible with the browser.

Yours system is W7? 32-bit?

[slownick]

Thanks for your help.
Ok now it works for Firefox, but I do not know exactly what it was that helped.
To give you some background info. Yes I am using Win 7 in 64 bit on a Mac with Vmware Fusion. The internet is bridged via Mac. And I guess this was the problem. I clicked on the button "allow remote pc" on the tab "blocked events". Nothing visible changed, but later on I got a connection via Firefox. I also verified again my zone and activated it again, maybe this helped also. I use the zone "web+FTP" , I guess this is a good standard zone? I also ticked the option to use this zone for all apps. Now I have Internet with almost every app, but still secure?
BUT Windows Update fails! And now e about a blocked connection in my list in Windows 7 Firewall Controll, so no way to allow it.

[VistaFirewallControl]

Thank you for the clarification.
The bridged network can hardly be a problem, directly at least.
W7FC filters the traffic on a higher, not NIC dependent level.

Unfortunately we have no a strict the problem perception still.
The facts are (resuming)
- no ability to detect applications automatically (no apps automatically listed)
- no ability to show blocking notifications
- Mode:EnableAll works as expected.
- manual application addition works as expected

We suspect the inability of the system code to generate any network related blocked events at all.
The events are used by W7FC to list non-listed applications and to display the blocking notifications.
The system core has no special options to manage the events. The events are always on and there is no a documented way to affect that.
Theoretically we could admit a temporary, rare system instability, which can be repaired by system reboot always.
Also the problem may be in system time (timezone) settings preventing W7FC from extracting correct events from the core. It’s hypothetical entirely however.

Although we could suggest something to check.
- BFE (BasefilteringEngine) service in services.msc must be started/running. It’s started by default, hardly may be switched off so we did not investigate the decencies in full.
- The virtual machine memory load. We suspect under low memory conditions the system network core may omit generating the required events correctly. Our statistics of running W7FC/64 on Vmwre is positive always, we did not force low memory conditions however.

> use the zone "web+FTP" , I guess this is a good standard zone?
For web browser only, due FTP data port ambiguity, the zone (in the default state) is virtually equal to EnableAll.

> also ticked the option to use this zone for all apps.
It’s NOT recommended because of the above,

>Now I have Internet with almost every app, but still secure?
Hardly.

>BUT Windows Update fails!

WindowsUpdate is made in the name of svchost.exe (Host Process…). The recommended zone for that is Local+DNS+DHCP+Update(svchost).
Probably there is a sense to add svchost.exe to the list manually as well.

[slownick]

Thanks for your help,
but unfortunately still no progress on this. I do not understand why this is so problematic.
Even did a reinstall without any pos. progress.

- Ok so I checked BFE (BasefilteringEngine) --> it is upa nd running
- Timezone is set to Germany (where I live) and is set to auto update
- I gave 2 Gigs RAM and 1 Gig is allocated to Vmware

Interesting part is, that as soon as I switch to normal mode I loose Internet/wifi-connection, which I can see also directly in the windows status bar indicated with this yellow warning sign.
Maybe the "original microsoft windows 7 firewall" does also not pass messages and shows pop ups for blocked apps? Is there a way to check this?
I deinstalled WFC and just used the windows integrated firewall. Then I let Zipeg check for updates or updated "Runes of magic" so I used and outgoing and ingoing connection but all of them worked without any blocking or any notice at all. So is the a configuration problem with the win7 firewall?

Nothing else I can check?

[VistaFirewallControl]

>I do not understand why this is so problematic.

We have no a strict idea as well. We had no such issues before.

>1 Gig is allocated to Vmware

1Gig for w7-64 is not too high value. Could you please check memory load (via TaskManager, for instance) in the virtualized OS.


>Interesting part is, that as soon as I switch to normal mode I loose Internet/wifi-connection,

Pretty explainable. Under mode:Normal only listed applications follow the specified zones without any ability to detect new applications services.
Practically it means there is no enough applications listed, but the applications activity is vital.
For instance LocalSystem zone is recommended for the “system” meta application. Unfortunately there may be no way to add the application to the list manually as there is no related EXE file.

>which I can see also directly in the windows status bar indicated with this yellow warning sign.

Probably due to the “system” (actually the OS core process) and svchost.exe limited connectivity.

>Maybe the "original microsoft windows 7 firewall" does also not pass messages and shows pop ups for blocked apps? Is there a way to check this?

WindowsFirewall (WF) may hardly cause such problem. The events are generated by WindowsFilteringPlatform (WFP), not WF. WF is just a control panel to WFP (BFE), W7FC is the control panel to WFP as well.

> So is the a configuration problem with the win7 firewall?

WindowsFirewall is an independent control panel to the same security core (WFP). The required events are generated by the security core.

>Nothing else I can check?

Maybe the logging version could clarify the problem.
Please contact support [at] sphinx-soft [dot] com referring the thread, we will prepare the version and send you the link.

[VistaFirewallControl]

Could you please try to recall whether WindowsFirewall was ever able to prompt regarding a program. Although the incoming access is detected by WindowsFirewall only, it’s not too complex to simulate.

[slownick]

Yes the windows firewall is able to generally prompt on incoming connections.
I tried with updates which did not cause a prompt I then tried an incoming data package via ICQ instant messaging, which caused a prompt.
(I attached a screenshot - unfortunately only in german)