PrivateFirewall V7.0.28.1 Released Today

[siketa]

Try it with this settings:

1) turn off Training mode
2) turn on "Manual Control" and check both options (Display alerts... and Disable Auto-Response) under Basic Settings
3) turn on "Always display alerts for new outgoing connections" under Basic Settings
4) turn on "Enable Process Detection" under Advanced Settings
5) raise "Process monitor" setting from Medium to High in main GUI

[kupo]

Quote:

Originally Posted by JoeBlack40

At the first pop-up,i allowed.At the second one i blocked.And there were no more pop ups from Privatefirewall.
BTW,the data June 23 is screwed up,don't know why.

Have you reported this to Privacyware?

[Scoobs72]

From memory, PFW fails the PCFlank Leaktest because it doesn't protect COM Interfaces....or at least it doesn't protect the relevant one here.

[JoeBlack40]

Quote:

Originally Posted by siketa

Try it with this settings:

1) turn off Training mode
2) turn on "Manual Control" and check both options (Display alerts... and Disable Auto-Response) under Basic Settings
3) turn on "Always display alerts for new outgoing connections" under Basic Settings
4) turn on "Enable Process Detection" under Advanced Settings
5) raise "Process monitor" setting from Medium to High in main GUI

All these settings doesn't help,the word string is still sent to the PcFlank site without a beep from Privatefirewall.

Quote:

Have you reported this to Privacyware?

I guess i will as i don't like at all this behavior.

[Scoobs72]

Quote:

Originally Posted by JoeBlack40

All these settings doesn't help,the word string is still sent to the PcFlank site without a beep from Privatefirewall.


I guess i will as i don't like at all this behavior.

Real-world scenario time - if you've already clicked "Allow" for the first two alerts that PFW gave you, why do you think you're possibly going to click "Block" for an alert that tells you that a protected COM interface is about to be accessed?

[arran]

Quote:

Originally Posted by Scoobs72

Real-world scenario time - if you've already clicked "Allow" for the first two alerts that PFW gave you, why do you think you're possibly going to click "Block" for an alert that tells you that a protected COM interface is about to be accessed?

no he clicked block on the second alert he didn't click allow on both alerts only the first one.

[JoeBlack40]

Quote:

Originally Posted by Scoobs72

Real-world scenario time - if you've already clicked "Allow" for the first two alerts that PFW gave you, why do you think you're possibly going to click "Block" for an alert that tells you that a protected COM interface is about to be accessed?

Please read again my post.I allowed only the first alert.

[Scoobs72]

Quote:

Originally Posted by JoeBlack40

Please read again my post.I allowed only the first alert.

So you blocked the second alert, but you didn't terminate the process? Why would you possibly do that in a real-world scenario? Sorry, but I see this as just another daft leak-test. If the user is going to allow the execution in the first place, then block the next alert but not think to terminate the process, then how are they possibly going to understand what to do with a COM interface alert that has relevance to Internet Explorer only?

[arran]

Quote:

Originally Posted by Scoobs72

So you blocked the second alert, but you didn't terminate the process? Why would you possibly do that in a real-world scenario? Sorry, but I see this as just another daft leak-test. If the user is going to allow the execution in the first place, then block the next alert but not think to terminate the process, then how are they possibly going to understand what to do with a COM interface alert that has relevance to Internet Explorer only?

Scoobs you are missing the point. the main purpose of having a firewall with HIPS is to not only block execution of unknown programs but to also "Control the Behaviour" of programs that you regularly use. for example in a real life scenario if you like VLC and you choose to use VLC as your preferred video player how are you going to be able use it if you block the first warning and deny it to execute and run?? A decent out bound firewall should be able to block it from accessing internet if you don't want it to on the second warning.

[JoeBlack40]

Quote:

Originally Posted by Scoobs72

So you blocked the second alert, but you didn't terminate the process? Why would you possibly do that in a real-world scenario? Sorry, but I see this as just another daft leak-test. If the user is going to allow the execution in the first place, then block the next alert but not think to terminate the process, then how are they possibly going to understand what to do with a COM interface alert that has relevance to Internet Explorer only?

I wanted to see this with Privatefirewall's default actions.So when it says BLOCK,i expect it to block the action,not fooling around and have me click on "Details...Terminate" bla bla bla.First action allow to execute,second action block connection to internet.This is how it suppose to work,for me at least in real-world scenarios.

[ichito]

I will try to more complicate such situation:
- first...alert during installation and we enable installation mode
- second...alert after installation when we try to run first time the new apps - so we set "allow"
- and next when tne new app try to connect to the internet for example to check update...we can deny that action because we want to updating app only manualy by running installer of new version.
It's real scenario for example to media palyer, image browser, movie/music converter, some system conservation tools, etc.

[Scoobs72]

Quote:

Originally Posted by arran

Scoobs you are missing the point. the main purpose of having a firewall with HIPS is to not only block execution of unknown programs but to also "Control the Behaviour" of programs that you regularly use. for example in a real life scenario if you like VLC and you choose to use VLC as your preferred video player how are you going to be able use it if you block the first warning and deny it to execute and run?? A decent out bound firewall should be able to block it from accessing internet if you don't want it to on the second warning.

That's a false analogy. Non-malware applications do not use the PC Flank firewall bypass method, so in reality you have full control over VLC and any other applications requiring outbound internet access.

What we're talking about here is malware, and it's my assertion that anyone that has allowed the execution of malware, but then blocks the next (rather innocuous) alert because they have now become suspicious, wouldn't sit there letting the application run in the background. They'd terminate it.

[vojta]

Quote:

Originally Posted by Scoobs72

That's a false analogy. Non-malware applications do not use the PC Flank firewall bypass method, so in reality you have full control over VLC and any other applications requiring outbound internet access.

What we're talking about here is malware, and it's my assertion that anyone that has allowed the execution of malware, but then blocks the next (rather innocuous) alert because they have now become suspicious, wouldn't sit there letting the application run in the background. They'd terminate it.

Totally agree.

[arran]

Quote:

Originally Posted by Scoobs72

That's a false analogy. Non-malware applications do not use the PC Flank firewall bypass method, so in reality you have full control over VLC and any other applications requiring outbound internet access.

What we're talking about here is malware, and it's my assertion that anyone that has allowed the execution of malware, but then blocks the next (rather innocuous) alert because they have now become suspicious, wouldn't sit there letting the application run in the background. They'd terminate it.

Actually I have seen non malware applications piggy backing on my browser to call home, you never know if say for example the VLC developer or any other software developer decides to release an update causing VLC to piggy back on the browser so as it can call home. by your analogy we might as well not bother using a firewall with hips and instead just use an anti executable.

[lllbob]

This firewall seems ok. Using v7.0.29.1 on vista 32 bit. Runs smooth.
Passed shields up, but my isp is behind a nat anyway.. so it would pass with no firewall I'm sure.
Nice. No blue screen crashes. Another good firewall. Only had to add a few rules for ICS.
They should include a default ics rule in future updates. or maybe it was just my setup.
It's kinda rigged. lol. pc1 shares usb 3G modem to wifi router. It works lol.

Although I used jetico2 at first. A real tight firewall. Good. but a little too good.
I could never get ics to work. internet connection sharing. without disabling the firewall.
Also the drivers didn't uninstall either. had to manually disable them.
It was still a good firewall.. it was as close to Sygate firewall that I could find for vista.

Had to get rid of outpost security suite free firewall.. it started giving bsod's.
Op uninstalled nicely though. no drivers left behind.
It was mostly this: driver_irql_not_less_or_equal tcpip.sys
And a few of these: page_fault_in_nonpaged_area ntkrnlpa.exe
and windbg never pointed to any op drivers. just tcpip.sys and ntkrnlpa.exe
and it always happened when a browser was running. not when playing a game.
OP worked great for a while though. then it was crash after crash.
All crashes stopped immediately after uninstalling outpost.. and installing PrivateFirewall.