How is the new version running on Vista 32bit these days? Good inbound protection? I remember Solcroft? pointing out they were passing GRC shields up with custom rules on the tested ports. If memory serves anyway....:-\
It has been over a year since I tried it and had a hard time getting my EVDO card to connect to the internet. :thumb:

I ran PC Tools firewall on Vista 32 for a while and actually liked it. One of the impressive features was that when an outbound connection was attempted, PC Tools gives you the name of the site- not just the IP address. That makes things much easier and I wish more firewalls would incorporate this feature.

For some reason there was a driver update to PC Tools firewall or Threatfire a short time ago and after that I kept getting an "advanced networking" error message on my laptop. Also, I could not run the WOT BHO (or whatever it is) and posted about that in the PC Tools forum but to no avail.

I believe there were some issues with running PC Tools firewall on a LUA where memory was not released. But only on an admin account I never encountered this.

Except for the few issues above I was overall pretty happy with it. There are some additional functions that need to be utilized from the default settings to make the firewall more secure.

Just my 2 cents worth.

Thanks for the reply ACR! Were you running their latest build? Also is it IPV6 ready?:thumb:

I was running the latest build. I believe IPV6 is accessible through the advanced rules. Maybe you could find out for sure from another poster here or on the PC Tools forum.

-{ Quote: "I was running the latest build. I believe IPV6 is accessible through the advanced rules. Maybe you could find out for sure from another poster here or on the PC Tools forum." }-

Frankly I find the responses here to be a little more timely, and a lot of posters here have tested the product. I/we can learn from their experiences before jumping through these hoops ourselves. I like Threat Fire and would like to couple it with their firewall! Just a little gun shy is all..
Thanks!!
:thumb:

Are there any rulesets that currently exist that i can import into this firewall? Ive just begun trying it out and really like what i see. Im currently using Kerio 2.1.5 BZ's Replacement ruleset, and pc tools would be a great replacement as it looks to be just as configurable as kerio 2.

Since I am siting behind a wireless router firewall I thought I'd give PC Tools Firewall a spin and run it along with Avast and ThreatFire. So far my PC is fast, my browsing is fast, and my boot times are good. I like Comodo Firewall Pro a lot and may go back to it, but for now this is turning out to be one of the best combinations I have used. Although I attribute some of this to Avast and TF, I also give PC Tools Firewall some credit. It runs very light and has a well laid out GUI that's easy to understand. It's come a long way since version 2.0 and has some added protection to it now.

That would be a light combination Duke. Have you tried the combination with Avira to see if resource usage is lighter/heavier?

Also, once you allow a program access, does the PC Tools firewall give you the option to just allow it 'for this time only'?

For example, when windows media player or a messenger program wants to connect, and it's allowed, the next time the programs are started, there didn't seem to be any further prompt screens. Can subsequent prompt screens be enabled?

-{ Quote: "That would be a light combination Duke. Have you tried the combination with Avira to see if resource usage is lighter/heavier?

Also, once you allow a program access, does the PC Tools firewall give you the option to just allow it 'for this time only'?

For example, when windows media player or a messenger program wants to connect, and it's allowed, the next time the programs are started, there didn't seem to be any further prompt screens. Can subsequent prompt screens be enabled?" }-

There is a place to check if you want it to remember your decision. Other than that being a chronic installer of security software I now have OA Personal installed. But for free I would go back to PC tools and the combo I mentioned. I have used Avira with this combo and it ran just as light, but there were two incidents that I had with Avira and Corel WordPerfect where one of my documents disappeared while open. I haven't had this happen since uninstalling it. Take care.

Can PC Tools Firewall be used for outbound filtering only ?

Why don't they combine their FireWall with ThreatFire?

Why should they combine them when you can just download both for free? The installation of the fw also gives you the option to install threatfire along with it.

-{ Quote: "Why don't they combine their FireWall with ThreatFire?" }-
Maybe because they don't want to bloat their firewall like most of the vendors did ? ::)

-{ Quote: "Maybe because they don't want to bloat their firewall like most of the vendors did ? ::)" }-
And it seems to be a good idea... PC Tools Firewall is weightless and effective to the common user. It's why I like it.

-{ Quote: "Can PC Tools Firewall be used for outbound filtering only ?" }-In which sense? Do you mean for an "allow/block" applications? which could easily be done in earlier version of PC tools firewall (simply disable the packet filtering)

I know PC tools firewall is always changing/updating, and admit it as been a while since I installed and looked.

If you can give me better info on your question (the kind of setup you want) I can look to see what is available in the latest release.

- Stem

-{ Quote: "Why don't they combine their FireWall with ThreatFire?" }-I think the replies made show the main reasons.

With having 2 separate applications, it gives the end user better options. They can install the firewall then use their own HIPS, or install Threatfire with their own firewall. Then there is always the option of making installation of PC tools firewall+Threatfire.

Personally I do prefer the way PC tools are doing this (2 separate apps).


- Stem

-{ Quote: "In which sense? Do you mean for an "allow/block" applications? which could easily be done in earlier version of PC tools firewall (simply disable the packet filtering)
- Stem" }-
Yes - this is what I mean.
You can do this in Look n Stop easily enough and since PC Tools Firewall
is based on LnS I assume it has a similar capability.

Finally installed it and FUG ME!!! It took 4 reboots in order to get my system (Vista business 32bit on my Z61M) to accept and run it, My Alltel EVDO card took the longest to fully initialize, but all is well now. Got it set up and passed GRC for full stealth! Feels good now!!
May be a keeper!!:thumb:

I have PCT FireWall plus for the last 3 weeks and so far really like it.
BUT.. I am still waiting to get approval to post my question there, and it seems to me that the forum moderator is off line for the night.
So I come here in hopes someone is around and can help answer my question.

I am setting up a new computer. I installed V8 of Roxio and it installed a log in screen for me. Okay, never had a log on before, but probably good to have. A few days went by and a new development started... the PC acts like I have set that log in screen to act like a screensaver or a sleep mode program.
I did not set up any of those programs. I am trying to track down what has caused this new behavior, and the only place I see anything that strikes me as the cause is within the PCTools Firewall program. In the configure area, it shows a file named 'userinit application' and it shows an icon next to it that looks like a window with a moon and stars. That is icon language for sleep mode, isn't it?
I also see another file in the firewall configure page 'windows NT log on application' no sleep icon next to it, but both programs are shown as having fulll permission to connect to the internet.
So my question is, can I block them in the firewall so they can't dial out?
I am hesitant to do this without getting confirmation from someone because I do not want to get locked out of my PC because it now has a log on screen, and I'm not much versed with log on's.
I can live with a log on, but not when it is now putting my PC to sleep every 10 seconds, or after every little task is preformed. It's very annoying!! Thanks for bareing with me and please help if you can!
Lisa
I could not find where to post a new thread!!

I 've been running it since yesterday and it's very light. No slow downs at all either.

The only thing that seems broken in my setup is logging. Other than that, all is fine. They could have made an easier way to handle rules, but after you understand what's happening, you can pretty much get things running smoothly.

Hi LisaK2 :)

I have been using PC Tools Firewall Plus for about 3 weeks now :D

My computer is Vista Home Premium
And there are 2 users on my computer

I'm not an experienced user :-[
And when it comes to Firewalls ... You probably know more than me ;D
I was using Norton before - No Pop Ups!
Just a lot of other problems with Norton :(


-{ Quote: "I am setting up a new computer. I installed V8 of Roxio and it installed a log in screen for me. " }-

Can you just confirm...
Was it Roxio that you believe made you have a log in screen or PC Tools Firewall Plus?


Can I ask you...
Did you turn the Windows Firewall OFF before you installed PC Tools Firewall Plus?

I'm not having the problems that you are experiencing.
I do have to log in!
But with 2 users on the computer .... We always did have to log in!

However...
Nothing has changed for me regarding logging in - Since installing PC Tools Firewall Plus.
e.g..
We only have to log in when we first want to use the computer.
It doesn't keep going back to the log in screen.

I've just had a look at my PC Tools Firewall Plus

-{ Quote: "PCTools Firewall program. In the configure area, it shows a file named 'userinit application' and it shows an icon next to it that looks like a window with a moon and stars." }-

I've got Userinit listed - I can see like a little window icon next to it
But I don't see the moon and stars :doubt:
Then again... My eyes are really bad!
So maybe they are too tiny for me to see.

Note!
I don't have Windows NT listed in my PC Tools Firewall Plus.


Something you should check... Your screen saver settings!

Make sure it's not got accidentally set to something silly ... Like 5 minutes.
And make sure .... On Resume Display Welcome Screen or Log In Screen is Not Ticked.

I tried PC Tools Firewall today, installation no problem, but it doesn't startup during reboot. After awhile it starts up by itself, but too late.
I know the software, that causes the problem : Anti-Executable v2 on HIGH.
Anyone who has the same combination and solved this problem ?

Does anyone know if phant0m's looknstop ruleset can be imported into the advanced rules in pc tools firewall?

-{ Quote: "Does anyone know if phant0m's looknstop ruleset can be imported into the advanced rules in pc tools firewall?" }-

I used PC Tools Firewall for a short period of time for testing purposes but I'm not sure if phant0m's looknstop ruleset can be imported with PC Tools Firewall. I think they are both two entirely different formats with there rulesets.

With that said, the default PC Tools Firewall rulesets are extremely good and more than secure for home users from a inbound perspective. However, PC Tools Firewall fails the most BASIC of an outbound leak test known as GRC's Leak Test. Strangely enough, PC Tools Firewall gives the correct alert for GRC's trying to connect out but when deny is selected, the firewall is still penetrated.

Even if you don't care about leak test, the fact that PC Tools Firewall fails the most basic of leak test should still be taken into consideration from a firewall's security perspective.

It's been said that this issue will be fixed in the next update release of PC Tools Firewall, but I haven't not tested the latest. On a side note, PC Tools Firewall's SPI is extremely good.

Hoodied,

Let us know when you have a chance to test the new version to see if they have fixed the outbound leak.

Thanks

I am very impressed with Pc Tools Firewall Plus. Is a great, fast and light program.

PC Tools Firewall Plus + ThreatFire is a excellent combination.

Greetings

-{ Quote: "However, PC Tools Firewall fails the most BASIC of an outbound leak test known as GRC's Leak Test. Strangely enough, PC Tools Firewall gives the correct alert for GRC's trying to connect out but when deny is selected, the firewall is still penetrated." }-

Unplug your network cable and it will still claim to leak, so there appears to be a problem with the program itself. Are you using Vista?

Can anyone tell me how can I get pop up alerts for System process outbound? Or it,s just hard coded ALLOW?

Thanks

I tried this firewall and it looked very promising, but it didn't shutdown (End Program popup), while I rebooted my computer and yes, I have UPHclean running under "Processes", but that didn't make any difference, what else can you expect from M$.

Sygate Personal Firewall Pro didn't have that shutdown problem, so I installed this firewall and everything was back to normal.

This firewall is the only one that on my PC is on par in performance with Kerio 2. Everything seems very light, even browsing while doing heavy p2p. Unfortunately, it seems that it is a cause of random reboots on my PC. Otherwise, it's a great lightweight firewall. :thumb:

-{ Quote: "Treatfire 3.0.14" }- U missed the 'h'.

-{ Quote: "U missed the 'h'." }-

Thanks Aigle. :thumb:

-{ Quote: "Can anyone tell me how can I get pop up alerts for System process outbound? Or it,s just hard coded ALLOW?

Thanks" }-Hi aigle,

I installed about an hour ago,

I do not think the system is hard coded as I currently have it blocked with no record (in the firewall) of data sent (I enabled netbios to see if that would bypass) but have not had time to fully check/test.

Have you unchecked the "automatically allow know applications", and check the access rights for "services and controller app" in the applications.

I will have a little time tomorrow to check further, as I also want to check the SPI

Hello Hoodied,
-{ Quote: "PC Tools Firewall fails the most BASIC of an outbound leak test known as GRC's Leak Test." }-The results are quite strange.
I know there was a problem some builds ago, where there was no correct checking of application already given access (by checksum verification, which is the main point of the test), but that was fixed.
I did run the test, and did get the result of a failed although the attempt of outbound was blocked and logged.
I did rename the test file /renamed to firefox (and replaced firefox with the test file). I was surprised to see a popup asking me if I wanted to allow the connect, as I would normally expect a popup warning of a changed application.

-{ Quote: "On a side note, PC Tools Firewall's SPI is extremely good." }-PC firewall as always been quite minimal of its packet filtering ability, so I dont know why you would say it is "extremely good". But I will look at this tomorrow to see if there is any improvement on what I have seen in the past.

I just installed this not too long ago, and like it a lot.

-{ Quote: "Hi aigle,

I installed about an hour ago,

I do not think the system is hard coded as I currently have it blocked with no record (in the firewall) of data sent (I enabled netbios to see if that would bypass) but have not had time to fully check/test.

Have you unchecked the "automatically allow know applications", and check the access rights for "services and controller app" in the applications.

I will have a little time tomorrow to check further, as I also want to check the SPI" }-
Hi Stem! Thanks for reply. Yes I unchecked "autonatically allow known applications". Not sure whether access rights for "services and controller app" is checked or not. I wil check and then post back.

Thanks

-{ Quote: "PC firewall as always been quite minimal of its packet filtering ability, so I dont know why you would say it is "extremely good". But I will look at this tomorrow to see if there is any improvement on what I have seen in the past." }-

I am curiuos on your findings/opinion on SPI capability of PC tools FW

Regards Kees

-{ Quote: "Hi aigle,

I installed about an hour ago,

I do not think the system is hard coded as I currently have it blocked with no record (in the firewall) of data sent (I enabled netbios to see if that would bypass) but have not had time to fully check/test.

Have you unchecked the "automatically allow know applications", and check the access rights for "services and controller app" in the applications.

I will have a little time tomorrow to check further, as I also want to check the SPI" }-
Here are my settings. Sytem still connected without alerts. Automatic allow is not checked.

200554
200555
200556

-{ Quote: "Can anyone tell me how can I get pop up alerts for System process outbound? " }-

@aigle,

"System" shows as connecting to 192.168.1.255, which is a broadcast address only. As long as that's the only ip address it connects to, I don't see a problem. Maybe you have NetBIOS enabled? If you don't need it, try disabling it to see if System stops connecting to 192.168.1.255. Still, there should be no problems with this; it's not connecting to the Internet.

Hi, thanks for explaining all this. I have no knowledge of FWs n Networking. But i can understand that the alert is benign and is the only alert for system I get but i was just wondering if PC Tools FW should also give an alert like this or not.

Aigles' question is a very good one I think, and I was hoping for an answer as well. Even though the connected IPs are "only" broadcast and deemed harmless, what if "system" by virtue of an infection is trying to call home? Will there be any alerts???

In Aigles' setup with Generic Host, LSA and Windows NT Logon having full access, if these were used to call home, there would be no alerts because they are allowed to do so.

What I don't get is what "system" is as far as an exact process executable that some rules can be applied to, to make sure an alert is given when a bug is trying to go where it shouldn't.

So, how do you ensure the firewall will alert with a popup requiring user intervention, if "system" tries to access the internet?

I'm hoping Stem or someone can jump in and elaborate because I'll admit I'm not completely sure what goes on with that broadcast address, but I think it relates to ff:ff:ff:ff:ff:ff and is all part of the "question asking" process of "what MAC address belongs to 192.168.1.1?" (ARP), so in aigle's case, who looks to be behind a router, this broadcast is looking for the ip address belonging to the router. So the pc NIC interface will ask: "who has 192.168.1.1, tell 192.168.1.10" (for example), the router will then reply 192.168.1.1 is at a5:41:b6:7d:01:a3 (for example).

Again, hopefully someone can explain and correct me if I'm wrong on this. And I agree it is a good question by aigle, because even if it's harmless, as it looks to be, why can't the user have some control over it?

-{ Quote: "
What I don't get is what "system" is as far as an exact process executable that some rules can be applied to, to make sure an alert is given when a bug is trying to go where it shouldn't." }-

I'm curious too about what exactly "system" is. Maybe it's the NIC?? That's my guess, anyways :)

-{ Quote: "What I don't get is what "system" is as far as an exact process executable that some rules can be applied to" }-

-{ Quote: "So, how do you ensure the firewall will alert with a popup requiring user intervention, if "system" tries to access the internet?" }-

"System" (or PID 4) is NT kernel. It is not a single process but a set of drivers (network ones too) communicating with windoze TCP/IP driver on kernel level. That is why a user cannot have control over it.

-{ Quote: "I think it relates to ff:ff:ff:ff:ff:ff and is all part of the "question asking" process of "what MAC address belongs to 192.168.1.1?" (ARP)" }-

On data link layer, broadcast will do that. On network layer, it is also used by DHCP. I don't know if PCTools works on data link.

-{ Quote: "Maybe it's the NIC??" }-

A NIC driver?

-{ Quote: ""System" (or PID 4) is NT kernel. It is not a single process but a set of drivers (network ones too) communicating with windoze TCP/IP driver on kernel level. That is why a user cannot have control over it.
" }-

Thanks Seer,

That nails it as the answer :thumb:

So it seems it depends on the firewall whether it will alert you to any external outbound attempts by "system" then.

Referring to this post by fcukdat (man, you have to be careful when typing out that name eh?) http://www.wilderssecurity.com/showpost.php?p=1256584&postcount=243
Kerio (old 2.x version I think) did alert to "system" phoning home by Rustock C.

Wonder if PCTFW would do the same? Anyone willing to sacrifice a computer to Rustock C to test PCTools Firewall?? ;D

-{ Quote: "
Referring to this post by fcukdat (man, you have to be careful when typing out that name eh?) http://www.wilderssecurity.com/showpost.php?p=1256584&postcount=243
Kerio (old 2.x version I think) did alert to "system" phoning home by Rustock C.

Wonder if PCTFW would do the same? Anyone willing to sacrifice a computer to Rustock C to test PCTools Firewall?? ;D" }-
That was exactly the reason I asked. CFP alerts about this benign System activity so i assume it wil alert in case of Rustock as well.

IIRC- I believe PC Tools lets you set a specific IP. I am trying to decide whether to go back to PC Tools or try Comodo again.

-{ Quote: "IIRC- I believe PC Tools lets you set a specific IP. I am trying to decide whether to go back to PC Tools or try Comodo again." }-

Yes, the PC Tools FW does seem to have excellent application advanced rule making capability. I'm trying it out on an old laptop. Comparing to Kerio 2.15, it does seem to be lacking the ability to set local ports on outgoing connection rules though, but still can control protocol, direction, IP (single or ranges), and ports.

As far as Comodo, no idea.

-{ Quote: "it does seem to be lacking the ability to set local ports on outgoing connection rules though." }-

Why do you want to set the local port on outgoing ? This is a port choosen by the operating system. I can not see any benifit on being able to control the local port on outgoing. Only see that it would cause the end users more problems in trying to set it.

-{ Quote: "Why do you want to set the local port on outgoing ? This is a port choosen by the operating system. I can not see any benifit on being able to control the local port on outgoing. Only see that it would cause the end users more problems in trying to set it." }-

Just a finer level of control. It's something I picked up in researching rules for Kerio. The system apparently should be functioning locally on the 1024 - 5000 range, and this is the range I set up for most apps and services in the Kerio rules. Exceptions are DHCP and netbios.

If an alert is raised for some app using a different local port, it could be cause for further investigation I guess. I've never had it happen, but at the same time have suffered no ill effects from doing it.

I suppose the merits of doing this could be expanded on by those more knowledgeable than myself. On the other hand, my comment was just an observation in a difference in the two firewalls. The old-time Kerio folks put the capability in for some reason :)

-{ Quote: "Just a finer level of control. It's something I picked up in researching rules for Kerio. The system apparently should be functioning locally on the 1024 - 5000 range, and this is the range I set up for most apps and services in the Kerio rules. Exceptions are DHCP and netbios.

If an alert is raised for some app using a different local port, it could be cause for further investigation I guess. I've never had it happen, but at the same time have suffered no ill effects from doing it.

I suppose the merits of doing this could be expanded on by those more knowledgeable than myself. On the other hand, my comment was just an observation in a difference in the two firewalls. The old-time Kerio folks put the capability in for some reason :)" }-

Before PC Tools firewall had automatic NDIS rules, there was rules that allowed that range on the local port. (the range is also different on vista). The one problem that did occur was if you used P2P you could burn through the port ranges, and the the OS would allocate beyond that, based on the rules then all your traffic would now become blocked.

-{ Quote: "Just a finer level of control. It's something I picked up in researching rules for Kerio. The system apparently should be functioning locally on the 1024 - 5000 range, and this is the range I set up for most apps and services in the Kerio rules. Exceptions are DHCP and netbios." }-

You can set outgoing port ranges in the Advanced Rules pane. These rules only apply if you have packet filtering enabled (I only use app control).

-{ Quote: "You can set outgoing port ranges in the Advanced Rules pane. These rules only apply if you have packet filtering enabled (I only use app control)." }-

Yup. The packet filtering Advanced Rules look very extensive. You can set incoming and outgoing port ranges, and single matches, both with conditions such as "equals" "equals or" doesn't equal" and "does not equal and". Other rule choices I'ld have to study on before using :P

The application rules seem to be weaker. If PC Tools would ever send my forum signup confirmation I could ask about a few things.

numerous Commodo posts un-related to this PC Tools Firewall topic were moved to a thread of their own for further discussion.

http://www.wilderssecurity.com/showthread.php?t=212075

Bubba

@Stem,

Have you find some time testing it SPI capabilities?

Thx K

-{ Quote: "@Stem,

Have you find some time testing it SPI capabilities?

Thx K" }-
Stem must be on vacation!! lol
;D

-{ Quote: "The application rules seem to be weaker. If PC Tools would ever send my forum signup confirmation I could ask about a few things." }-

Have you tried logging in with your user/pass? When i signed up last year I spent a while waiting for a confirmation that never came, so I tried logging in and it worked.

-{ Quote: "Have you tried logging in with your user/pass? When i signed up last year I spent a while waiting for a confirmation that never came, so I tried logging in and it worked." }-

HI Espresso, that was probably a good thing to try, but it did get taken care of by a helpful PC Tools person. Appreciate the thought though.

How are you liking the firewall? I'm still trying to get a handle on the packet filtering rules vs the application rules and how they interact. Being used to Kerio 2.1.5, it's a bit different. The protection against code injection seems good. Sure get a lot of popups when installing programs, so if a malware tries it out of the blue, it should be something for concern. Takes user cognition to allow or deny, but I'ld rather have the chance at it, than not. With threatfire on as backup, hopefully a mistake is still caught :-\

-{ Quote: " I'm still trying to get a handle on the packet filtering rules vs the application rules and how they interact. Being used to Kerio 2.1.5, it's a bit different. The protection against code injection seems good. " }-

I had the same problem at the beginning. IMHO, think the "advanced rules" as higher priority rules or "global" rules and application rules as having lower priority.

FYI, the code injection, uses the same driver as Threatfire, MCHINJDRV, so practically Threatfire uses the same driver to monitor code injection, but without prompting you all the time. IMHO, you could disable the code injection in PC Tools firewall and rely on Threatfire entirely. You will avoid useless popups.

-{ Quote: "I am curiuos on your findings/opinion on SPI capability of PC tools FW

Regards Kees" }-


Here's a little something I just started... http://www.mntolympus.org/SPFSPIFWS.html


Regards,
Phant0m``

-{ Quote: "Here's a little something I just started... http://www.mntolympus.org/SPFSPIFWS.html
" }-

Is there any test application to test how they handle these scenarios you described? If not how did you work out what the capabilities are?

Fuzzfas,

I notice that you are using Ashampoo Firewall Free. I have been interested in it, but never know anyone who used it.

Please share your experience and evaluation of it.

Thanks

The most recent version of PCTools firewall still has the bug where the GUI interface will not release memory when running in a LUA under XP SP3.

So far as SPI is concerned, I thought the UDP pseudo stateful on LnS is limited to a few special situations and requires the raw rule editor. Otherwise most software firewalls don't have it, and simply rely on application specific rules. That means with something like Skype or eMule the application rule allows for listening for UDP on all ports. My tests with LnS showed that when an application triggered rule was used, those ports were available globally.

-{ Quote: "Fuzzfas,

I notice that you are using Ashampoo Firewall Free. I have been interested in it, but never know anyone who used it.

Please share your experience and evaluation of it.

Thanks" }-

Hi Grey Owl! It's good if you want a simple firewall and you are behind a router, so you don't care much about it. It doesn't stealth ports (closed instead), i like the GUI, it's very light on resources , even under heavy p2p (one of the lowest CPU usage available and about 12 MB RAM), you can allow or block an application for a specific port (but there is no protocol control) and has an almost decent log.

The bad things, is that it has minor gui and behaviour bugs (but you get used to it, nothing important) and that it has some serious compatibility issues with some other security applications. Some antiviruses can't update their definitions, because the firewall doesn't "see" their request and doesn't give you the pop up. (AOL's KAV based virus scanner and i think Avira 7 too for example). I had also serious trouble with Threatfire (total freeze) in the past, don't know about the current TF version.

Also, unless you disable the option to protect the firewall from termination, the event viewer gives application errors for ASFWhide, which is the driver that is supposed to do the job (Twister flagged it as rootkit btw).

I just installed it to see how it will play with Twister and WinPatrol and i am sad to say that although the firewall is running, right now the sys tray icon has disappeared, so i am prone to think it has some problem with one of them too.

I think it would be nice firewall for people who want simple outbound control, because it's very light, but AShampoo hasn't released a new version for many months now and there are certainly bugs and compatibility issues. IF you are lucky and it likes your configuration, it's a nice little firewall. Unfortunately, it doesn't like mine very much.

Fuzzfas,

Thanks for all the info and your experience with Ashampoo.

Greyowl

-{ Quote: "Here's a little something I just started... http://www.mntolympus.org/SPFSPIFWS.html


Regards,
Phant0m``" }-

Wow - That's awesome Phant0m! Like you even have 8-signs firewall there which is like a very sophisticated enterprise firewall...

I see that its work in progress but it would be great if you could add Outpost Pro and ZoneAlarm. If you can add FortKnox Firewall 2008 that would be great too...

Great Work!!!

if any one is interested there is a link to a beta (soon to be released) of the next version of the PCTFW here
http://www.pctools.com/forum/showthread.php?t=52329

-{ Quote: "Wow - That's awesome Phant0m! Like you even have 8-signs firewall there which is like a very sophisticated enterprise firewall...

I see that its work in progress but it would be great if you could add Outpost Pro and ZoneAlarm. If you can add FortKnox Firewall 2008 that would be great too...

Great Work!!!" }-


Thanks dmenace!

I'll consider doing the other products, right now I don't have much time.

-{ Quote: "if any one is interested there is a link to a beta (soon to be released) of the next version of the PCTFW here
http://www.pctools.com/forum/showthread.php?t=52329" }-

I guess the pcTools thread for beta information requires special privileges... A person cannot just click on the link you giving and directly visit the page.


Regards,
Phant0m``

-{ Quote: "I guess the pcTools thread for beta information requires special privileges" }-Probably so :-\

Would you like to apply to become a Beta Tester for PC Tools products? (http://www.pctools.com/forum/showthread.php?t=52330)

-{ Quote: "A new forum for beta testers will be available with the latest information and versions, but will only be available to those that sign up." }-

If you go over to the forum there is a thread with a download link:

http://www.pctools.com/forum/showthread.php?t=52313

I hope this works better.

That last link worked for me. Currently running the latest beta. I installed right over top of the latest stable release with no problems. Nice installer, it detected the current PCTFW, notified that it would be stopped and installed over and did it. Reboot necessary. It kept the advanced config rules from the old setup but the application rules were not.

So far there are no problems with any other apps. The GUI seems snappier than the old stable release.......just a feeling, no data ;)

Running W2k SP4 on an old 233MHz laptop, with Threatfire and Antivir personal, and FF w Noscript (yeah she's a might slow, but good for a test bed ;D )

So far the beta is runnning well.

-{ Quote: "This firewall is the only one that on my PC is on par in performance with Kerio 2. Everything seems very light, even browsing while doing heavy p2p. Unfortunately, it seems that it is a cause of random reboots on my PC. Otherwise, it's a great lightweight firewall. :thumb:" }-

I must correct myself. The random reboots were proved to be caused by my updated audio drivers for the motherboard.

PC Tools Firewall was innocent. :lurking:

-{ Quote: "Why do you want to set the local port on outgoing ? This is a port choosen by the operating system. I can not see any benifit on being able to control the local port on outgoing. Only see that it would cause the end users more problems in trying to set it." }-It is down to controllability.
I know most of the time there is possibly no need to concern for local port for outbound, but I do (and others I support) have software that use various local ports for internal comms. These ports I see as reserved for that software, so I like to place restrictions on local port use.

-{ Quote: "Is there any test application to test how they handle these scenarios you described? If not how did you work out what the capabilities are?" }-I cannot speak for Phant0m, certainly as your question appears to of been ignored, but, there are a number of available applications that can be used (in conjunction) to perform such tests.
I personally use various programs, one to make (keep open) a connection, then others to create and send invalids etc. I know from simple tests that PC tools firewall is not, in my mind, classed as a packet filter, but then again, from the checks I have made with various other firewalls, that packet filtering appears not to be at the top the the list of priorities by most vendors.

I have just installed PC Tools Firewall.

I have unchecked the box "Automatically allow known applications"
But some programs are having access to the internet with no warning from PC Tools ??

It detected Avira, Firefox, K9, Filezilla.
But missed DefenseWall, Ashampoo burning studio, Jet Audio, SpywareBlaster, Revo Uninstaller and SuperAntispyware. ???

Hi Tony,

When you say it "missed", do you mean it allowed those apps to connect out without popup, if yes, could you please check the application permissions for internet access and post back the settings

I noticed that on start up some of my Vista sidebar widgets would connect to the internet before PC Tools firewall loaded. This did not happen everytime as after a few reboots PC Tools alerted me that they were trying to connect out. I guess the firewall loads at random when Windows boots up, as in no particular order with other apps?

Hi Stem, it allowed the apps to connect out without popup.

Maybe i have been staring at the monitor for too long today as i cannot see the application permissions for internet access in the settings.

I have just added spywareblaster to the applications list and set it as blocked, but it can still check for updates.

-{ Quote: "It is down to controllability.
I have software that use various local ports for internal comms. These ports I see as reserved for that software, so I like to place restrictions on local port use." }-

Where Local ports are used for internal communication between software, I assume the listen port is fixed. Which the other section connects to. Yes this should be monitored. I was talking about the port that the OS gives to you when the connection is made. If you know way of locking this down, and the app should only use that port, then there is a use. When you do not know what port the OS will give you, I still say it causes more issues then benifits.

-{ Quote: "I have unchecked the box "Automatically allow known applications"
But some programs are having access to the internet with no warning from PC Tools ??" }-
I'm using the newest Beta. To see these kind of alerts I need to check "Enable enhanced security verification":

-{ Quote: "I noticed that on start up some of my Vista sidebar widgets would connect to the internet before PC Tools firewall loaded. This did not happen everytime as after a few reboots PC Tools alerted me that they were trying to connect out. I guess the firewall loads at random when Windows boots up, as in no particular order with other apps?" }-

If there is a rule for the application is followed, so if you allow/block the app this will be followed. If the service can not communicate with the GUI to ask the user then the application is temporary allowed.

I installed PC Tools Firewall today, but it never asks me permission to open Thunderbird and MSN Messanger and they just connected to the internet without even asking my permission. Why is that?

I chose expert mode too, so I thought it would ask me.

And what's interesting is.... When I used COMODO and ZA before in the past, they would complain that a program that I use called NVU was trying to access the internet when I opened it. But with PC Tools Firewall, it opens NVU and I see my modem light go on as NVU access the internet, but PC Tools Firewall says nothing about it and doesn't give me any popup window or anything.

I then must conclude that PC Tools Firewall is not as good as COMODO or ZA and it actually lets certain things through.

Oh well, back to ZA I think.

-{ Quote: "I have just installed PC Tools Firewall.

I have unchecked the box "Automatically allow known applications"
But some programs are having access to the internet with no warning from PC Tools ??" }-

Hi all :-)

Turn off Avira WebGuard and try again.

Hi LillyTown, yes, after disabling Avira WebGuard Pctools firewall now detects the connections ???

-{ Quote: "Hi LillyTown, yes, after disabling Avira WebGuard Pctools firewall now detects the connections ???" }-Hi Tony,

Yes, the web guard is a local proxy, so traffic will go through that.

Hi Stem, is there a way of solving this then without having to leave Avira`s webguard disabled??

-{ Quote: "I was talking about the port that the OS gives to you when the connection is made." }-On XP, that does vary slightly, but usually starts around 1100, then increments up. For browser use, even torrent use (when I am checking firewalls handling of multi connections, I have yet to see ports used outside of my normal rule of local ports 1024-5000. We are looking at the use of nearly 5000 current outbound connections, so I am not sure why you would think having such a limit (for XP) would cause many problems.
I still think it should be a users choice, and is why I use firewalls which allow me to make that choice.

-{ Quote: "Hi Stem, is there a way of solving this then without having to leave Avira`s webguard disabled??" }-
Hi Tony,

You would need to intercept localhost traffic, I do not think this is possible with PC tools firewall, but I will need to install to check.

-{ Quote: "Hi LillyTown, yes, after disabling Avira WebGuard Pctools firewall now detects the connections ???" }-

I have the same experience with PC Tools Firewall Plus, Online Armor Free, Comodo Firewall Pro: a few applications are not detected (Port 80). But Comodo Firewall Pro on highest security level detects this applications on Port 53 UDP.

Avira's Premium Security Suite does not have this problem.

Sorry for my bad english. :-)

Thank you for providing the information.

Your English is very good.

Does anyone else who uses Avira premium have the same problem with certain firewalls??

Tony,

Have you considred adding a custom rule in TF? Djames, told me that in the near future the custom rule "When any process creates 1 network connection, Except when the source process is in the system process list or in the trusted process list or in the e-mail/browser list" would be provided as an predefined custom rule. Currently the e-mail/brwoser list is not an option in the Except clause (while it is known/available in the TF application).

Also they are looking how much trouble it is to add an extra trigger rule mechanisme: "When any process starts/spawns a process which is in the e-mail/browser list, Except when the source process is in the system process list or in the trusted process list"

With this implemented 95% of the users behind a hardware router with NAT (or even with SPI header level capabilities) would be fine in combo with TF. In the combo with DW it is very secure and very user firendly security setup.

Regards Kees

Thanks Kees1958.

I am not too hot when it comes to custom rules, hence my use of TF and DW as they are very secure out of the box.
That does look like a nice update they have planned for the future of TF though, couple that with the outbound feature plans for DW things are looking really good for these two software's.

There is now a new version 4.0.0.35 released.

-{ Quote: "New Features in this version include:

Better Protection: Firewall Plus now provides a more advanced level of protection against malicious programs that attempt to bypass your firewall and compromise your PC such as those that:

* Inject malicious code: Firewall Plus now blocks the injection of malicious code into authorized applications that have the ability to connect to the Internet
* Modify your system: Firewall Plus now blocks the modification of your system configurations and functionality that allow penetration of your firewall
* Control other Applications: Firewall Plus now blocks the distribution of control messages to authorized applications with the ability to connect to the Internet
* Disable your Firewall: Blocks malicious programs that attempts to shut down your firewall and disable all firewall functionality
* More Flexible: Firewall Plus now offers proxy server support for those users who utilize the added layer of protection offered by proxy servers


**Please note that the first login after the installation might take some time because the firewall is in learning mode and needs to check every Windows application that attempts to perform suspicious operations.

Changes from PCTFWv4.0.0.35 include:
PC Tools Firewall Plus 4.0.0.35 delivers improved security by enhancing its leak and kill test functionality. This enhanced functionality means PC Tools Firewall Plus has a greater ability to prevent the accidental or deliberate bypassing of the firewall (commonly called ‘leaking’)." }-

Firstly, I'm behind a router, surf and read emails safely (even sandboxed), use NOD32, ThreatFire and probably overkill with several Anti-Spywares. Having said that, I still figure it's a good bet to also use a firewall other than XP Home's. My firewall history reads like this: many years ago, ZoneAlarm (paid), then Comodo, Upgraded to Comodo v3 and Defense+, and although I really appreciated the work they do, it was just to complicated. For the past three or four months it's been using Online Armor Free. Doesn't seem to have any negative impact on system performance other than every software download seem to generate at least a half-dozen popups. But, being the freeware junkie I am, I'm considering trying this. My question then is, should I give this a spin or go by the code "If it ain't broke don't fix it"? Thank You!

-{ Quote: "However, PC Tools Firewall fails the most BASIC of an outbound leak test known as GRC's Leak Test. Strangely enough, PC Tools Firewall gives the correct alert for GRC's trying to connect out but when deny is selected, the firewall is still penetrated.

Even if you don't care about leak test, the fact that PC Tools Firewall fails the most basic of leak test should still be taken into consideration from a firewall's security perspective." }-

This is a serious fault with the leaktest Hoodied. Even when you disconnect from the internet PC Tools Firewall apparently fails ??? I'm quite sure it's blocking it because two other leaktests "tooleaky" and "firehole" are caught beautifully. I'm not too sure I trust Gibsons "leaktests" after this. I notice he seems to constantly plug Zone Alarm Free. Could his "tests" be designed to work with Zone Alarm and give the impression that other firewalls fail ? Anyway I get my tests from other sites like firewall leak tester.

@Tony
You beat me, I just wanted to post the update ;) However very nice firewall, my favorite freebie.

Hi Truthseeker :)

-{ Quote: "I installed PC Tools Firewall today, but it never asks me permission to open Thunderbird and MSN Messanger and they just connected to the internet without even asking my permission. Why is that?
I chose expert mode too, so I thought it would ask me." }-

That's a bit odd! :doubt:


I have my PC Tools Firewall Plus set for Easy Mode ... Or whatever it's called! :-\

I still got asked if I wanted to Allow or Block - Windows Live Messenger ... The First Time I Installed / Used it!
I had the Remember box ticked... So I wouldn't keep getting asked.
Or Rather... So that my little lad wouldn't keep getting asked :)

I'm sure... I also had to Allow IE

In Fact!
Everything that I install or use for the first time... I have to click Allow or Block at least once.
Sometimes up to 3 times!

-{ Quote: "**Please note that the first login after the installation might take some time because the firewall is in learning mode and needs to check every Windows application that attempts to perform suspicious operations." }-

This took so much time that I haven't got the patience to wait till the end. It was working for over half an hour on a fast dual-core.... I just rebooted and restored.

Hi Seer :)

-{ Quote: "This took so much time that I haven't got the patience to wait till the end. It was working for over half an hour on a fast dual-core.... I just rebooted and restored." }-


I'm Sure... Something must have gone wrong then :(

When I installed PC Tools Firewall Plus ...
I don't remember logging on to my computer taking an extra long time.

Maybe it depends on how much stuff you've got installed :-\

I will install PCtools firewall today.I use antivir premium.I do not use the webguard.But I use the mailguard,so if there is no intercept loopback traffic choice in this firewall,will using the mailguard be useless,or is there a way to do it properly?

Hello Zeena! :D

-{ Quote: "When I installed PC Tools Firewall Plus ...
I don't remember logging on to my computer taking an extra long time." }-

No, v3 was not doing this 'learning' stuff...

-{ Quote: "I'm Sure... Something must have gone wrong then :( " }-

Don't worry, I'll get to the bottom of it when I find more time.

Cheers, :thumb:

Hi Nick :)


When I first installed PC Tools Firewall Plus....

I just remember having to Click... Allow, Allow, Allow, Allow, Allow .... And So On!
To - Allow - Numerous things on my computer.
This lasted for just a minute or two!

Quite expected for a Firewall I suppose :D

Also...
My AVG 8 Taskbar Icon Turned Grey + ! For A Second :o
Until I Clicked - Allow, Allow, Allow .... For different AVG 8 things!
Then it immediately turned back to Colour :)


When I first installed PC Tools Firewall Plus - This is how it went for me...

For the first minute or so... The Allow or Block pop ups were constant.

The rest of that first day ... I carried on getting quite a lot of Allow or Block pop ups.

The rest of that first week ... Approx 3 to 4 Allow or Block pop ups per day.

The rest of that first month ... Approx 1 or 2 Allow or Block pop ups per day.

Now...
Allow or Block pop ups ... Approx just once or twice a month.

Obviously!
If I install something new.
Or use something on my computer for the first time... Allow, Allow, allow ;D

Hey Zeena ;)

-{ Quote: "I just remember having to Click... Allow, Allow, Allow, Allow, Allow .... And So On!" }-

You must have a bunch of rules in there :D
PcTools firewall will ask (by default) for every remote IP you connect to.
There are predifined policies (rulesets) in PCTools which you need to use to minimize the popups...

Cheers,

Note that there is a "Smart Update" available now for PCT Firewall 4.0.0.35 (after the update the version number is the same).

Hi Everyone :)


Warning!

There seems to be major problems with PC Tools Firewall Plus v4.0.0.35 :(

Look Here : http://www.pctools.com/forum/forumdisplay.php?f=30


-{ Quote: "Note that there is a "Smart Update" available now for PCT Firewall 4.0.0.35 (after the update the version number is the same) ." }-

What do you mean by...
-{ Quote: "(after the update the version number is the same)" }-
Do we get updated to v4 automatically ... But our version number will still say v3 ?

I'm getting a bit worried :-[

Why do these Internet Security Companies insist on putting out software that clearly isn't ready. >:(

They all do it!
Symantec
AVG
PC Tools

They seem to be causing more problems than the Viruses lately ::)

If you're running version 3 I don't know if version 4 is being offered through Smart Update (SU). Even if it is available via SU posts in the PC Tools forum suggest that it's better to uninstall v3 before installing v4. After installing v4 it will say Version 4.0.0.35 in the Help/About menu. There may be an update available after installing v4 which will not change the version number.

Whether or not this version is "ready" is debatable. I haven't had a problem with it. There is a feature called "Enable Enhanced Security Verification" which seems to be causing problems in some cases - it can be turned off. Hope this helps!

Hi Victek123 :)

Thanks!
-{ Quote: "PC Tools forum suggest that it's better to uninstall v3 before installing v4" }-
I've been having another look at the PC Tools forum.

It says you can install over the top of v3
However...
I Agree With You!
This seems to be what is causing a lot of the problems.

-{ Quote: "There is a feature called "Enable Enhanced Security Verification" which seems to be causing problems in some cases - it can be turned off. " }-
Yeah!
I remember reading about - Enable Enhanced Security Verification
What is it exactly?
Am I to presume this is New / not included in v3 ?
Again...
I Agree With You!
After reading a bit more on the PC Tools forum...
This seems to be another cause of a lot of problems.

-{ Quote: "I haven't had a problem with it. " }-
It's good to know someone is using it - Problem Free! :thumb:

Do you have Enable Enhanced Security Verification ON or OFF ?

Is Enable Enhanced Security Verification ON by Default ... Or does it have to be swithced ON ?
Do you think it would be OK to wait a while before getting v4 ?
Just until they've ironed out some of the problems :(

As I am really new to all this Firewall Stuff :-[
Used Norton up until a few months ago ... No Pop Ups!
Can I ask you a couple of questions about PC Tools Firewall Plus v3 please?

I've got my PC Tools Firewall Plus set for Normal User.
Because I know I wouldn't be able to cope with Experienced User mode.

But today while having a look at the settings...
I noticed that a few options are NOT enabled - And I don't know if they should be or not :-\

Enable Protection Against Code Injection
Should this be enabled?
If I enable it...
Will I get loads of Pop Ups or any other side affects?
I have an eleven year old son that uses the computer.
So having loads of Allow or Block pop ups is not an option for me :(

Enable Stealth Mode
What's this one for?
I somehow get the feeling - I'd be left with No Internet connection ... If I was to enable this :doubt:

Enable Stateful Packet Inspection
Does it inspect the packet itself... Or do I have to do it?
I get the feeling - This one is way over my head :what:


OR...
Am I just better off leaving everything set at it's default?

Sorry for being so thick :-[
I have read the Online Help for PC Tools Firewall Plus.
But it doesn't explain things good enough for me to understand exactly what the different settings are for.

:thumb:
Thanks Again!

-{ Quote: "Enable Protection against Code Injection
Should this be enabled?
If I enable it...
Will I get loads of Pop Ups or any other side affects?" }-

You will get enhanced security (leak protection) but yes, at the cost of more popups.

-{ Quote: "Enable Stealth Mode
What's this one for?" }-

It is a protection against SYN flood (http://en.wikipedia.org/wiki/SYN_flood) attacks against you. The chance of a typical home user (as you) being under such an attack is almost non-existent. That's the reason why it's off by default. You will not be left without connection if you enable it, but I personally find this option an unnecessary overhead...

-{ Quote: "Enable Stateful Packet Inspection
Does it inspect the packet itself... Or do I have to do it?
I get the feeling - This one is way over my head :what:" }-

It inspects the packet itself. In layman terms, it is a "smart" inspection of network packets. You can enable this, your firewall will use a bit more resources though. If your browsing experience is noticably affected, you can always disable this option later.

-{ Quote: "Sorry for being so thick :-[" }-

'Thick' is in the eye of the beholder ;)
Asking questions reveals a desire for knowledge. Which is good.

-{ Quote: "Hi Victek123 :)

Is Enable Enhanced Security Verification ON by Default ... Or does it have to be swithced ON ?
Do you think it would be OK to wait a while before getting v4 ?

I noticed that a few options in v3 are NOT enabled - And I don't know if they should be or not :-\

Enable Protection Against Code Injection
Should this be enabled?
If I enable it...
Will I get loads of Pop Ups or any other side affects?

Enable Stealth Mode
What's this one for?

Enable Stateful Packet Inspection
Does it inspect the packet itself... Or do I have to do it?

:thumb:
Thanks Again! " }-

If I was concerned about the stability of a new security app I would definitely wait, but v4 has improvements so I would recommend getting it eventually. Regarding the "Enhanced Security Verification" feature in v4 I'm not sure if it's On or Off by default, sorry.

Enabling protection against code injection will definitely cause more pop-ups.
Enabling Stateful Packet Inspection and Stealth mode will not cause more pop-ups. I have them On and cannot think of a good reason not to enable them. I say turn them On and observe the system - if you don't experience any issues you're good to go 8)

Hi ... Seer & Victek123 :)


Big Thank You! To both of you!

Your answers have been extremely helpful :thumb:

-{ Quote: "Even if it is available via SU posts in the PC Tools forum suggest that it's better to uninstall v3 before installing v4." }-

Yes. This worked without a lag at boot. I was installing over version 3, and even though I obviously stopped it prior to upgrading, the lag was unbearable.

-{ Quote: "Hi ... Seer & Victek123 :)



Big Thank You! To both of you!" }-

You're welcome Zeena :)

Hi Victek123 & seer :)


I don't know whether to go for it today... And install v4 :-\

How are you two getting on with it?

Is it still working OK?

I'm really nervous :-[
Nothing every seems to go right for me :doubt:

Hi Victek123 & seer :)


I never had got much patience :-[

I've gone ahead and done it!
Installed v4 ::)


And of course ... As usual ... Got in a muddle! :doubt:

Not sure if I've mixed up my Default Settings :-\

I've started another thread... Save interrupting this one, any more than I already have done :(

Here : http://www.wilderssecurity.com/showthread.php?t=214140


Thanks! :thumb:

-{ Quote: "I used PC Tools Firewall for a short period of time for testing purposes but I'm not sure if phant0m's looknstop ruleset can be imported with PC Tools Firewall. I think they are both two entirely different formats with there rulesets.

With that said, the default PC Tools Firewall rulesets are extremely good and more than secure for home users from a inbound perspective. However, PC Tools Firewall fails the most BASIC of an outbound leak test known as GRC's Leak Test. Strangely enough, PC Tools Firewall gives the correct alert for GRC's trying to connect out but when deny is selected, the firewall is still penetrated.

Even if you don't care about leak test, the fact that PC Tools Firewall fails the most basic of leak test should still be taken into consideration from a firewall's security perspective.

It's been said that this issue will be fixed in the next update release of PC Tools Firewall, but I haven't not tested the latest. On a side note, PC Tools Firewall's SPI is extremely good." }-

In fact PCTFW DOES block GRC's leaktest even though the test says otherwise. Just run a packet sniffer when testing and you will see that no contact is being made with grc.com.
It would indeed be strange if PCTFW could not even block this most basic of leaktests.

-{ Quote: "In fact PCTFW DOES block GRC's leaktest even though the test says otherwise. Just run a packet sniffer when testing and you will see that no contact is being made with grc.com.
It would indeed be strange if PCTFW could not even block this most basic of leaktests." }-

I had a look today at what was going on. It seems that the GRC test tries to connect to an address on port 80. If it connects then it says it has penetrated the firewall, does not check if it actually got any correct data back.

With the PC tools firewall, if it blocks on port 80, instead of just dropping the connection, it returns a nice web page telling you are blocked. Instead of page could not be found in a browser. The testing program goes I got data back hence you were penertrated.

pc tools firewall is a good freeware. but using it together with my antivirus avg 8.0 professional is not so good. sometimes my pc slows. so i uninstalled pc tool firewall and turn windows firewall on since i like and trust avg 8.0. so i need to choose between them.

Hi hex :)


I use PC Tools Firewall Plus - & - AVG 8 ... With No Problems or Slow Downs :D

What Version of PC Tools Firewall Plus were you using?

Are You Aware...
There have been some problems with the latest version of PC tools Firewall Plus : v4
All to do with the - Enhanced Security Verification :(

The problem at the moment with Enhanced Security Verification ....
High CPU usage .... My Core 2 Quad CPU would constantly spike at 100%
Over active Hard Drive .... My Normally silent Hard Drive started to sound like a hairdryer
Programs slower to open and close
And for some people.... Computer / Program - Freezes

So if you do decide to reinstall - PC tools Firewall Plus...
My advice would be...
Either ... Hold out for a week or two - Until they bring out the next build.
OR ... Install it - But turn Enhanced Security Verification - OFF

The current build / version is - 4.0.0.40
So wait until the next number up is released - OK


I've had to switch Enhanced Security Verification - OFF
This isn't too much of a problem ... As Enhanced Security Verification is New to v4 anyway.
v3 did Not have Enhanced Security Verification.

Enhanced Security Verification is kind of like an extra security feature ... To prevent Code Injection.
I'm not a firewall expert ... But I think Enhanced Security Verification is HIPS
V3 did have a Code Injection setting... But it wasn't turned on by default, like Enhanced Security Verification - is!

When they finally get it working right... ::)
You can have Enhanced Security Verification set to Normal Mode or Quiet Mode.

Enhanced Security Verification - Normal Mode .... A lot of pop Ups!
Enhanced Security Verification - Quiet Mode .... Not as many pop Ups!
Enhanced Security Verification - OFF .... Hardly any Pop ups!

I'll be really pleased when they've fixed Enhanced Security Verification.
But For Now...
With Enhanced Security Verification turned OFF .... PC Tools Firewall Plus is working perfectly fine for me :D