vistafirewallcontrol.freeforums.org

[bobwya]

Hi,
I have a server rig running Windows 7 Professional (x64). 2 harddisks are mapped into drive letters 'A:\' and 'B:\' (I don't have a floppy drive attached).
The problem is that my (licensed) copy of Windows 7 Firewall Plus does not like this setup. My install and boot drive is drive 'C:\'
(all my programs are installed on this drive - some are mapped onto it via hard 'junction links' but that is irrelevant).
But whenever a harddisk is mapped to 'A:\' Windows 7 Firewall (3.5.1.131) starts assuming that all executables (not in it's database) are stored on drive 'A:\'! This means it blocks
any new applications because the rule setup for them is mapped to a program on drive 'A:\' which of course does not exist! The true path to the program executable on drive 'C:\'
get the default rule of being totally blocked from network access!

I could write a script to continually fix the registry keys for Windows 7 Firewall Plus (basically replacing any program paths starting A:\... with C:\...) but really I don't want to!
I want to get a product, which paid hard cash for, to do the job it's supposed to do!

Also on a topic tangent the Firewall **should** hash any executables that access the network. It's no use creating a rule only for an executable path when the code of the executable
could easily be hijacked by malicious software!
Thanks
Robert

[VistaFirewallControl]

Regarding the driver letter problem you asked support about 3 days ago and we did answer you. For now we could just repeat the same recommendation please try 3.8.202, some fixes have been made with volume-2-dos (and vice versa) path mapping.

Regarding the hashes.
Generating/checking the hashes adds practically nothing to the real security and acts rather as a marketing approach. The mentioned software hijacks processes (i.e running executables) not exe files.
The processes consist of executables and DLLs (including loaded dynamically). Due to dynamic DLL nature list of required DLLs can be hardly practically maintained.
On the other side, any third party DLL can be injected into a process on the legal basis; the related API is documented and used massively. As the result, even hashing the process memory will produce multiple false alarms.

[bobwya]

Regarding the driver letter problem you asked support about 3 days ago and we did answer you. For now we could just repeat the same recommendation please try 3.8.202, some fixes have been made with volume-2-dos (and vice versa) path mapping.

Sorry 'bout the support email (found it in my Yahoo online bulk folder!!) I would love to try v3.8.202 however your website only has v3.5xxx available to download at present...

Regarding the hashes.
Generating/checking the hashes adds practically nothing to the real security and acts rather as a marketing approach. The mentioned software hijacks processes (i.e running executables) not exe files.
The processes consist of executables and DLLs (including loaded dynamically). Due to dynamic DLL nature list of required DLLs can be hardly practically maintained.
On the other side, any third party DLL can be injected into a process on the legal basis; the related API is documented and used massively. As the result, even hashing the process memory will produce multiple false alarms.

Ok thanks for the informative answer. I did think that data execution protection on newer processors was supposed to allow users to stop that sort of thing happening... I still like Tiny Personal Firewall but it only ever ran on Windows XP 32-bit systems - so wasn't much use to me in the long run (when I switched to Windows XP x64)! It had executable and dll hashing I think from memory (it's ages since I used it). So you would basically allow executables when that bit of software was updated - otherwise you would know something was wrong...

Thanks
Bob

[VistaFirewallControl]

>Sorry 'bout the support email (found it in my Yahoo online bulk folder!!)

Probably the filtering process is configurable……

>I would love to try v3.8.202

http://vistafirewallcontrol.freeforums.org/the-latest-betas-releases-t6.html

[bobwya]

>Sorry 'bout the support email (found it in my Yahoo online bulk folder!!)
Probably the filtering process is configurable……
>I would love to try v3.8.202
http://vistafirewallcontrol.freeforums.org/the-latest-betas-releases-t6.html

Ok the Yahoo filtering is so good I forget to check the web mail interface regularly for incorrectly marked SPAM!!

OK so I've tried the new beta version out for a bit. The path problem is fixed. However there are still 'issues'.

1) I don't mind having to setup rules to manually port forward my Bit-torrent client and sFTP server. However I had to delete
default application rules (registry keys setup under the local user). These appear not work as they do not specify the full path
of the program. I just end up with all these applications and services being blocked - with no indication they are being blocked
(either in the firewall GUI or via a popup) = not so good!

2) I still can't register the product - the firewall blocks itself!! (I had to set it to open mode to do this)

3) I have the Windows port of get_iplayer installed. This uses 'perl.exe' to access the internet. However this executable was not
detected as attempting to access the internet - so I had to add a manual rule for it... (Either this was the problem or I
had to manually add the firefox.exe executable to fix it - as it was not detected as trying to access the internet - see point (1) again)

Anyway apart from these niggles we appear to be making some progress - certainly I am able to run the firewall now!!

Bob

[bobwya]

Ok so I've done some more testing with the Beta version of Windows 7 Firewall Plus. There is definitely a whopping bug in it (even for a beta release) - it's just not detecting when **any** applications are trying to access the internet!! Having to manually add all my internet enabled applications to the firewall configuration is not good... I do a bit of programming myself and I would be very embarrassed to be "selling" code like this for hard cash!!

Also my get_iplayer install only works properly with the Windows 7 Firewall (plus) set to "open". Otherwise it isn't finding any flash streams. Again I can't actually find what is being blocked because the firewall GUI does not detect any new applications that are being blocked from accessing the network.

My setup (Windows 7 Professional x64, UAC off, 3 ethernet ports on MB - 1 in use - NAT'd, DHCP from a Billion router/DSL2+ modem) is pretty bog standard BTW...

[VistaFirewallControl]

The ability to detect new applications is based on blocking notifications gathered from the network core directly. Sometimes (rarely) the core skips generating the notifications on its own. As the result W7FC can’t detect new network access attempts. It does not affect the network protection. Reboot helps always. We still can’t find any W7FC dependencies, if the core stops notifying the notifications are not registered even with the samples provided by the OS manufacture.
So we recommend reboot. If the problem repeats we will be happy to investigate the problem in depth, however we are not able to reach the reproducibility.

FYI: we do not sell the beta version