TinyWall Firewall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    244
    Location:
    United States
    The special exceptions is that in the behavioral shield or global exclusions?
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Special Exceptions is part of TinyWall Firewall Settings. It allows internet connection to all Avast processes, except the two I listed.
     
  3. tcarrbrion

    tcarrbrion Registered Member

    Joined:
    Dec 15, 2007
    Posts:
    105
    I have been using TinyWall for some time and I like it. I do have one small problem with it. Every not and then I log in to Windows (Windows 7 64 bit) and it says something like "tiny wall service not running" and the interface will not work. If I reboot into my admin account I get a user account prompt and it does something and then it works. I guess it is installing an update.

    I think I have this problem because I do not allow the UAC prompt with my normal limited user account.
     
  4. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    1) Can I tweak TinyFW to always ask permission for NEW outbounds and so I designate the allow deny label?

    2) To LnS users current & old. Does tinywall offer anything over & above my 'good ol' LooknStop win7x64?
     
    Last edited: Sep 11, 2013
  5. BrollyLSSJ

    BrollyLSSJ Registered Member

    Joined:
    Dec 3, 2008
    Posts:
    24
    I sometimes got the same and I allow UAC with my normal account. It has probably something to do with the antivirus (ultim mentioned that something like that happens if a hips is interfering), though I am not sure about that. I used KIS on the computers where it happened. At the moment it did not occur with KAV.
     
  6. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I find the 'Show connections' -window really helpful in allowing apps restricted.
    I start an app and something is there blocked related to that application I Unblock them and open Manage-window. And have both windows open.

    The apps unblocked are given unlimited access but as I can see like in this case with Java update that both javaw.exe and jucheck.exe need only outbound TCP 443 access. And if I get pissed off by that jucheck reminder, I then know to delete it from exceptions to be at peace.

    An alternative approach would be I guess to change the Tinywall controller to 'Allow outgoing' to not get those kind of updaters into Application Exceptions at all.
     
    Last edited: Sep 13, 2013
  7. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    No you cannot do that. You can whitelist them by the app window click or more difficult by the process or executable. Or use the Connections window approach I described in the previous post.

    Deny is pretty much useless approach with Tinywall since all is denied by default unless allowed = whitelisted. It is an option though and you can make such rules too. It could be of use if you allow something and want to see it blocked and see what effects that might have without removing the rule from application exceptions.

    Or if you are behind a router/hardware firewall you can also put Tinywall into Autolearn mode which basically allows all and makes rules for them exe's taking internet access while in the Autolearn mode. Just you know you are not having any kind of firewall protection from Windows firewall while you are in that mode.

    Autolearn is not the same with Tinywall as with some 3rd party firewalls containing HIPS learning only for it. It is more dangerous since it concerns internet access to your computer and if you have some wireless public connection your Windows should be updated. It can be very useful though if you are behind some other protection to makes things easy sometimes.
     
    Last edited: Sep 13, 2013
  8. Shiri

    Shiri Registered Member

    Joined:
    May 11, 2013
    Posts:
    55
    Location:
    USA

    I had the same problem because I had the UAC at the MAX, so I went back to 'NORMAL' and TinyWall Icon is ok now..... I had to re-boot a couple of times to get it back :)







    :)
     
  9. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I am really impressed by your efforts ultim to give us a Windows firewall controller. This might be the most popular controller so far, andruds not free one being the second. And I think the other Sphinks one is not exactly as much using the Windows firewall as yours 2s.

    For me the main incentive to stay away from HIPS firewalls like Comodo and Online Armor etc is that they put some kernel hooks that will many times cause troubles with Sandboxie, my most trusted internet security program of keeping my computer clean while surfing. Or even with antiviruses like Avast I am currently using.

    And what to trust with 3rd party firewalls with their to make svchost.exe allowed wide? Even if it is not they never tell exactly. It is we never know our computers are exactly clean and some services running wanting to go out by that loophole.

    So yours is such a wellcome one that causes no conflicts to my Windows 7 system.
     
    Last edited: Sep 14, 2013
  10. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    There is a bug in having a password set in TinyWall 2.1.4. It occurs at least in my normal limited right Windows 7 user account.

    You should always keep the TW GUI locked!
    If you unlock it, TW will autolock it after a while but it makes the GUI also loose the connection to the actual firewall control.
    It does not show updated as locked and what I do is I 'Quit' it and reload it.

    Takes only a few seconds, but if you don't know this bug of the GUI loosing the connection to the controller it can be most misleading. When not knowing why the TW does not seem working.
     
  11. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    The developer is looking into it, according to their reply to my post.
     
  12. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    Yes, I did think someone had found that out before me.

    Another thing I just found out, which sure is not new to many others. You should export the rules. My TinyWall needed a reinstall because it stopped working and of course all the rules were gone.
     
  13. BrollyLSSJ

    BrollyLSSJ Registered Member

    Joined:
    Dec 3, 2008
    Posts:
    24
    Yes, had that today and I doubt that it has something to do with a HIPS. Or does the Kaspersky AV also has a HIPS?
     
  14. Shiri

    Shiri Registered Member

    Joined:
    May 11, 2013
    Posts:
    55
    Location:
    USA


    Hi,
    Have you seen this 'FontCache-System.dat' ? Hitman Pro found it and wiped out Tiny Wall for some reason o_O Tiny Wall disappeared and I rebooted and still won't install. Just running on Win 7 firewall now. Other people said they had it and it messed up everything. I'm trying Avast Free now for the last few weeks....Finally got it going ok now.






    :doubt:
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    I have ~FontCache-System.dat in "C:\Windows\ServiceProfiles\LocalService\AppData\Local", but Hitman Pro never detected it.
     
  16. Shiri

    Shiri Registered Member

    Joined:
    May 11, 2013
    Posts:
    55
    Location:
    USA

    If you Google or Bing it (What is FontCache......) you will see others had these problems too. It was bad, knocked out your security, can't move your pointer, had to do a ctrl-alt-delete to end the horror :p







    ;)
     
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Well there are a lot of files associated with FontCache, I don't know why HitmanPro would find them unless they were modified (possibly malicious). Don't forget to Maintenance > Export Settings or make a disk image next time. :)
     
  18. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    ultim I've been checking your TW rules with my limited knowledge from kerio 2.1.5 firewall.

    Using this approach: https://www.wilderssecurity.com/showpost.php?p=2282142&postcount=13

    So far DHCP and DNS seem just fine and are service limited that was not possble with kerio 2.1.5. About ICMP filtering I don't know anything.

    One possible tightening that should work if I remember right for Time sync. : your rule allows all local ports incoming for svchost.exe, W32Time-service from remote port 123 UDP protocol. Local port could be again if I remember right limited to also 123. But as the only service is W32Time that is maybe unnecessary.

    Windows update is to all TCP remote ports svchost.exe, wuauserv-service. Again I don't know if limiting ports to what are actually needed brings any more protection as it is a service limited.

    Thats what I have checked so far. Network Discovery rules go propably over my head but next to do.

    Would be nice if there was a possibility to add/override these Special Exceptions. This is a nice firewall as it is though.

    EDIT: I noticed you can make application exception being also a Windows service based and local and remote ports specific for TCP and UDP protocols so not much is in need for the Special Exceptions I did put into my wishlist. What is missing is the IP restrictions. Otherwise this is a very flexible firewall controller already.
     
    Last edited: Sep 21, 2013
  19. Seven64

    Seven64 Guest

    ultim has vanished.
     
  20. Shiri

    Shiri Registered Member

    Joined:
    May 11, 2013
    Posts:
    55
    Location:
    USA

    Here's what HitMan caught. Whatever it was, it made my security disabled, Tiny Wall was stopped/removed and my mouse died. Must have been a piggy back virus riding this...... o_O


    IMG_0569 (640x480).jpg











    :(
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    That file should not be malicious unless it has been modified some way by malicious code. Hitman Pro detected that file on my machine about a month ago as suspicious, but i'm not really sure why. I checked it on Virus Total, and I did not get any hits. Right after that Hitman no longer detected it as suspicious. Is there anyone that does not have that file on their machine?
     
    Last edited: Sep 21, 2013
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    It would be interesting to know what the threat is if it is a threat. Try scanning it with Virus Total. Keep us posted.
     
  23. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I had an interesting experience a few minutes ago. Involves TinyWall and Sandboxie and google Chrome updating (I found that out later) Well I was running also a VPN internet connection but that is not involving it.

    I sandboxed Firefox, ok. Then I tried sandbox Chrome and no internet connection for it. I knew I had a rule for it, so what is wrong. Checked if the Chrome internet settings had changed, no. Tried again, same result, no intwernet connection. Remembered TW connection window opened it and tried again and yes I saw what was blocked. It was Chrome but the path was the sandboxed one. I could unblock it fine and sandboxed Chrome worked.

    I deleted the sandbox and removed the rule for sandboxed path Chrome. And yes unsandboxed Chrome could use the old rule. But it showed having updated. So somehow TW was needing that pathed rule while Chrome was updating.

    Now Chrome gets into the Sandboxie with the old original rule again just fine. That rule did not need any renewal even if Chrome updated, but was not recognized while Chrome was updating for the sandboxed instance.

    This could have happened if TW had been set to an average Joe /mom & pop and also their Chrome set to start only inside a sandbox and would have cause a bit of a puzzle. for the updating time at least.

    Well I had Web Shield and Mail Shield stopped permanently for Avast, if they had been on the browser would have piggypacked through that proxy just fine. And no trouble would have been maybe noticed.
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Why do you even sandbox Chrome in the first place? Anyways, TinyWall needs a specific path to the executable, but not the same checksum in my experience. Why Chrome was sandboxed probably has something to do with it creating files when updating.
     
  25. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    Sandboxie is one of the best inventions for keeping your computer clean in regards to internet surfing. It is not a privacy tool against most things in that report. You can of course clean the sandbox to hide your surfings but some logs will remain.

    So the answer to your question is to keep my Chrome clean and to keep my windows system clean. What ever you install or what viruses/malware you get will stay contained inside that sandbox.

    I did not know Chrome had a sandbox too so thank you for the information. It explains what happened. I'll still keep SBIEing it. To protect my system if not the Chrome itself. As you mentioned there, executing downloads and starting other apps from Chrome. They are covered with Sandboxie, not Chrome.

    My TW rules don't need any sandboxed instance rules specially made. If ultim was here , he could maybe answer why. It puzzles me since I would too imagine those kind of rules to be in need. None of the firewalls i have lately dabbled with, Comodo, Zone alarm and Online Armor need special Sandboxie rules for internet applications.

    Edit: When you run sandboxed applications, Taskmanager or Process Explorer or TW Connections window will show real system paths for them. So it is some Ronen Tzur secret how he implements it.
     
    Last edited: Sep 22, 2013
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.