Steam is one of those apps where multiple separate issues can easily confuse the user. Fortunately I also have Steam so I have first-hand experience and can help out a bit. Of course TinyWall is running constantly on my PC, and I can tell it basically works nicely with Steam once you figure out what you need to whitelist. The first issue is that Steam needs multiple executables to be whitelisted, at a minimum steam.exe and bin/steamwebhelper.exe. I have exactly these two whitelisted, and they are enough to log-in, browse the store, download games/updates and make purchases. Optionally, if you use the in-game overlay you also need to allow gameoverlayui.exe, and for other features (in-home streaming?) probably even more stuff. The other thing about Steam is that it is one of those apps that start by blindly trying to modify the Windows Firewall rules even when not needed. This instantly triggers TinyWall's firewall protection and breaks connections. This sometimes results in that Steam cannot log-in on the first try even when it is whitelisted, but if you give it a second to cool down and then try once more it will work.
I have no problems with Steam connectivity, but have this weird message: "Steam client, possibly compromised". http://s23.postimg.org/n4rsbyiqj/steam.png I am like WTF?
And a question - does anyone know easier way to put hosts in the blocklist? The only way I found is in safe mode. Oops, sorry for the double.
Can you please check the file properties of Steam.exe in Windows Explorer? Then under Digital Signatures, open the signature details, and check if Windows tells you whether it is valid or invalid.
Well, I'm able to do it anyway under safe mode. Please, make it official feature! It says: "The certificate in the signature cannot be verified", even though it's signed by Symantec Time Stamping Services Signer - G4
That is why TinyWall says it is possibly compromised. With other words, the file is digitally signed, but there is either no proof the signature is valid or it is outright invalid. Though you should look at the main certificate instead of the timestamp signature in general, but I assume the results would be similar.
I am running into some issues with wifi connectivity when using TinyWall. I am running it on win10 home 32bit system. every time I try to connect to a wifi network (doesnt matter if its public or private) or when I turn wifi on and off, I get "no internet access" error for a few seconds.. then everything is working as it should be. its kinda irritating. during this "downtime", the wifi icon in taskbar has exclamation mark in a yellow triangle in it. any way to solve this?
found out that while there is the exclamation mark on the wifi icon (while i cannot connect to the internet) I also cannot click on tinywall icon, nothing happens.. cannot change the settings/manage/etc after a few seconds when the network connect, tinywall is operable again. i also found out that when i disable firewall, the wifi is working without any issues at all.
For some yet unexplained reason Windows Firewall has gotten considerably slower in Windows 10. This in turn of course makes TinyWall also take longer, since it has to wait on Windows Firewall for all operations. For now IMHO a few seconds of delay on new network connections should be tolerable, though I have to say I'm aware of a few cases where this delay is more serious. All these cases have Windows 10 in common, and I've been able to independently confirm this regression based on measurements. I do think though in 95% of cases this shouldn't be a problem. BTW, this and many other things will soon be a thing of the past (for certain definitions of "soon').
I tried owner's website and it wouldn't work either earlier, then I tried Download.com and it worked Shiri
Ok, the owner's website is working for me right now. If it is still not working for you then you may have a web filter blocking it.
Hello! Is it safe to "Allow outgoing UDP and TCP traffic" for browsers and dropbox, not "Allow only specified ports"?
@ultim Perhaps in Learning Mode, add setting so user can specify that rules created by Learning Mode will also include specific protocol + destination port(s). Otherwise, you have to figure out which protocols and destination ports must be used to create more strict rules. That is tedious. It is strange behavior that I must switch from Learning to Normal mode to see rules created.
I think it is time again to remind of the TinyWall rules and modes. On this page of this thread are posted the Recommended Special exceptions, as well as some of the Optional ones+the TW modes+etc.: https://www.wilderssecurity.com/threads/beta-testing-tinywall.309739/page-37 Posts #905 - #908. Autolearn is not there but the rules are the same as for Disable firewall. I never use it. If you readers are new to TinyWall, I suggest try the Detect-button. I myself have not used that either for years, so my knowledge what it might whitelist is not upto date. But it sounds good, though you might want to remove some rules it makes if you don't want those apps to internet. Back to Autolearn, it is best be behind a router firewall etc. If you are really wanting to use it. And my suggestion is to remove some rules that it makes from apps you dont want connect to internet. EDIT: A question comes to mind regarding this Autolearn. Perhaps some mode like 'Autolearn outgoing' could be implemented? And this way the firewall would have still incoming protection when the mode is running. Or if such a thing is even possible? And perhaps this to be somehow linked to my wish list feature to Manage/General 'Don't whitelist incoming connections'-checkbox. Well if I were you ultim, I'd just ignore most of us users wishes to implement this and that etc. and concentrate what is most important to you.
An update. I discovered it was indeed tinywall causing my bugs. e.g. blocking udp on steam when set to allow, I investigated and see tinywall installs its own service so its not 100% windows firewall in my view with just the UI on top. In the end I went back to windows firewall notifier which on windows 8.1 is quite stable (the live network traffic tab crashes but thats only issue), on windows 7 the notifer crashes after a short time so if you want alerts you have to reinitiate it but thats a minor issue because it still will block anything not whitelisted. Also tinywall wipes all custom rules and reset's microsoft built in rules on installation, whilst windows firewall notifier doesnt do that. However avoid the new v2 of windows firewall notifier, that thing is very buggy.
Is it possible you disabled the dnscache service and that is why you get problems? Steam has no connectivity issues with TinyWall, as described earlier by me and also confirmed by other users. TinyWall v2 is 100% just sitting on top of Windows Firewall. The TinyWall service you see is the process that actually controls Windows Firewall, and is there to babysit the firewall even when the GUI is closed or the user is not yet logged in (it also makes multi-user control possible). The GUI you can interact with merely sends commands to the service, which then translates them into instructions for Windows Firewall.
dnscache was disabled, however that doesnt break steam when not using tinywall. However the blocked packets were outbound to 27xxx ports logged. There was a rule granting steam full outbound access. Windows 7 windows firewall has its own bug I discovered today as well, which is it blocks 127.0.0.1 outbound traffic when outbound filtering is enabled, which in turn was preventing VLC player working when using it to stream content from my STB. I had to disable windows firewall to get it to work (yes I do have a rule to allow it). I tested the same on windows 8.1 and it works thankfully so when I upgrade windows this week it should be fixed. Seems even microsoft struggle to code a stable firewall.
The reason for that is, it is assumed that DNS-lookups will be done by dnscache on the system, so TinyWall allows this for dnscache only (assuming the corresponding special exception is enabled). When dnscache is disabled though, the DNS-lookups are done by the individual processes themselves, so in this case you need to additionally whitelist the DNS-ports for each process so that they can make lookups. When TinyWall is not installed, the only reason your system still works even without dnscache is because Windows Firewall popups automatically give access to all ports once you whitelist an application. To sum things up: If you disable dnscache and you have TInyWall installed, you need to allow DNS-ports for each whitelisted executable or else they won't be able to make lookups.
ultim I assume you by mistake missed what I previously posted. It was already whitelisted all udp/tcp traffic was allowed. I think you are making the mistake that assuming it is operator error (aka my mistake), but I can assure you the udp traffic was whitelisted not just for dns but for all udp ports.
Yes, sorry for that. When others and also me can confirm that Steam works with TinyWall (I also checked with dnscache disabled), then I need to make sure that the problem you are seeing is not a user mistake. Please don't take it the wrong way. For the same reason, please check just one more thing for me: Do you also have steamwebhelper.exe whitelisted for UDP/TCP?
