Hi all,
I have been using PCTools fw for a while on my vista (32 bit) box, but recently it has started causing BSoDs when i run certain games, and there is also this somewhat worrying issue raised by Stem:
-{ Quote: "Unfortunately after checking, I see that windows explorer is NOT being blocked even with rules in place to do so. I have set the rules for windows explorer to log and even the firewall logs these packets being allowed, that should be blocked.
" }- who's accompanying thread (http://www.pctools.com/forum/showthread.php?t=56269) in the pctools forum has been left to die...

Anyway, I'm looking for a replacement firewall (free) that can run happily on vista, but that also limits HIPS-like functions to network facing apps and their parent / child programs, ala CPF v2. Does such a program even exist?

Any recommendations, along with your experiences would be most welcome. :)

Hello,

First of all. You say that you have recently started getting BSOD, so what as changed to cause that? Have you had updates for your games? I know some games security software can cause some firewalls problems (well, I have seen it reported in the past).

For the problem with "Explorer", that can be worked around, the only draw back is that you will get a popup for "Explorer" to connect after each re-boot-> when you first connect out, it is just a case to untick the "remember" in the popup windows when you allow.

As you are using Vista, have you not thought of using the inbuilt firewall?


- Stem

Hi argus tuft :)

The BSOD are being caused by just one setting in the Firewall - Enhanced Security Verification

ESV .. For Short!

Have You Tried Turning ESV Off?

I've got PC Tools Firewall Plus on my Laptop and Desktop Computer ... But with ESV - OFF


Note!
Starting Since Version 4 ... PC Tools Firewall Plus .. Now Comes With - Enhanced Security Verification ( ESV )
ESV .. Is a relatively new feature that PC Tools have added to their Firewall ... But It Has Problems ::)
Can Cause.. High CPU Spikes, Manic Hard Drive, Freezes, Blue Screens :argh:
So!
Even though - PC Tools Firewall Plus .. Is a great little Firewall
Enhanced Security Verification .. Is Best Left - OFF .. Till they get it right! ;)

Hi Stem,
I honestly can't think of a single thing that changed, one day the game ran fine, the next a BSoD every single time I run it. I suppose that the securerom / punkbuster cr*p may have updated itself, but as the game itself, along with punkbuster A and B are supposedly blocked from connecting, i don't really see how ???

I haven't really looked into using the inbuilt Vista firewall, partly as I assumed that it would have hard coded exceptions, such as explorer built in. Looking at the configuration window for it, I must say that it doesn't seem particularly promising at first glance.

@ Zeena, I already have had ESV disabled for a long time, so sadly the fix isn't that simple :(

Hi argus tuft,

With PC tools adding the ESV just so they get better rating on the leak tests has not helped, certainly as the ESV does not work correctly, as it does lock up the system when certain applications start that dont have pre-defined rules.. but it may be direct conflicts with the network drivers.

I have only just got around to installing Vista, so I have not had time to test any 3rd party firewalls yet on that OS.

-{ Quote: "I haven't really looked into using the inbuilt Vista firewall, partly as I assumed that it would have hard coded exceptions, such as explorer built in. Looking at the configuration window for it, I must say that it doesn't seem particularly promising at first glance." }-

I do remember some mention that the windows system applications in Vista would be allowed direct internet access due to signatures, but I have not yet seen that. Going over to a "block outbound" policy with the default rules will actually give you problems connecting out, as the current rule only allow DHCP, the DNS client and some IGMP and ICMPv6, and there are specific rules to allow those, if you where to remove those rules, then all outbound would be blocked.
I know the Vista firewall can be off putting as there are no popups to tell you what rues are needed, so if you do not know what rule are needed for an application, then there is a need to enable the firewall logging and check what is blocked and then create rules from that.

I am in the middle of putting together a guide on setting up the vista firewall which I will be posting here (when time permits to finish it).
I do not play on-line games, however, if there is an online game with a trial period, I will download and set up on Vista to see what rules are needed, and add the setup/rules needed to the guide.

- Stem

Hi argus tuft :)

-{ Quote: "@ Zeena, I already have had ESV disabled for a long time, so sadly the fix isn't that simple " }-

I'm Probably Wrong! :-\
But please just check your PC Tools Firewall Plus ... To make sure ESV hasn't been automatically turned back ON.

The Reason I Say This...
About 3 months ago - There was an update to PC Tools Firewall Plus
After that update...
I noticed that my ESV had been automatically tuned back ON again.
I left it ON for one week .. With No Problems! :D
But then following another update to the Firewall ... 3 Blue Screens :argh:

ESV - OFF .. Again! ::)

hello argus tuft

you can try comodo firewall

or

online armor free

its run on vista 32 bit but not on vista 64 bit


which vista version youre running home permium business ultimate......


i am running one pc on vista home premium but its on outpost firewall life time license......


:)

-{ Quote: "
Anyway, I'm looking for a replacement firewall (free) that can run happily on vista, but that also limits HIPS-like functions to network facing apps and their parent / child programs, ala CPF v2. Does such a program even exist?

Any recommendations, along with your experiences would be most welcome. :)" }-
Hi,
I'm using RISING Firewall (Free Edition), and perhaps can help you check the "Enable Module Rules" option, and uncheck the "Enable Trusted Application Recognition" from the "NetControl" tab for all you are searching, I don't know, but my own experience with this soft has got very friendly things and BSOD's free.

Good luck with it! ;)

argus tuft, when your system blue screens what error codes are you getting and do any of the BSODs also provide a driver as well?

Hi, the stop code is 0x0000008E (0xC0000005, 0xA1759C5C, 0xEFB7B5E0, 0x00000000)
and the driver referenced is
pctplfw.sys - ADDRESS A1759C5C base at A1747000, datestamp 493d93cc

that was the only one i bothered writing down, but they always reference pctplfw.sys, and i think its the same stop error each time.

0x8E errors are almost always caused by hardware and are particularly strong indicators of corrupted memory. However, they sometimes can be caused by faulty drivers.

pctplfw.sys from what I can gather is a PC Tools driver. If this keeps showing up I would say either a) update or b) reinstall and see if you keep getting BSODs.

-{ Quote: "Hi all,
I have been using PCTools fw for a while on my vista (32 bit) box, but recently it has started causing BSoDs when i run certain games, and there is also this somewhat worrying issue raised by Stem:
who's accompanying thread (http://www.pctools.com/forum/showthread.php?t=56269) in the pctools forum has been left to die...

Anyway, I'm looking for a replacement firewall (free) that can run happily on vista, but that also limits HIPS-like functions to network facing apps and their parent / child programs, ala CPF v2. Does such a program even exist?

Any recommendations, along with your experiences would be most welcome. :)" }-

None of the current crop from PCT FWP isn't as good as the 3.14 version with I use on Windows Server 2003R2 Enterprise Edition SP2, Windows XP Pro SP3 I had Vista Business SP1 running the 3.14 without any issues. But when you use 4, 5 and whatever they have now just crap.

Other than FWP ArmorNet2 comes in second if you do P2P, but they haven't update it so other than that I can't stand Comodo, Outpost, Norton don't get me started.

-{ Quote: "0x8E errors are almost always caused by hardware and are particularly strong indicators of corrupted memory. However, they sometimes can be caused by faulty drivers.

pctplfw.sys from what I can gather is a PC Tools driver. If this keeps showing up I would say either a) update or b) reinstall and see if you keep getting BSODs." }-

Nope. 8E errors are coding errors as a rule.

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)

in this case it is enough to enclose a code into __try __except to avoid bugcheck.

In most cases this bugcheck comes with subcode C0000005, which does mean "Access violation". Even if access to invalid or protected memory cannot be avoided this situation can be handled.