PrivateFirewall V7.0.28.1 Released Today

If your paranoid about wmpnetwk.exe, best way to shut it down is go into WIN 7 service manager and disable it's corresponding service. I won't run after that.

 

Set Process Monitor slider button to high. It will then monitor and show everything running.

 

You are off topic, this is not the point! Stay on topic please.

This is good for me to learn about ANY process.

If W7 Task manager shows that wmpnetwk.exe is running, then why doesn't PrivateFirewall? This is a fair question and deserves to be answered.

Anyone have any ideas?

 

It's already on HIGH and still wmpnetwk.exe does not show up!

Surely someone must know why, or else there is something wrong with PF?

And if PF fails to show up this process, then I have to wonder what other process it is failing to show?

 

Bugger it, I removed Privatefirewall and installed COMODO FW and COMODO FW shows the file.

 

Nothing wrong with PFW, just a design philosophy you don't like

Customs guard one:
Checks all people passing the gate. Some people have got a passport from a country which is considered trustfull (e.g. travelling within the EU by EU residents). Checks the passport (of a trusted country) and photograph (file hash) and lets you pass

Customs guard two:
Checks all people passing the gate. When someone passes it checks whether thet have passport from a country which is considered trustfull. Checks the passport (signed by a trusted vendor) and photograph (file hash) and asks his boss, hey I have got somebody who wants to cross the border, I have checked him/her, seems okay to me: do you want to let him/her pass?

You like the second option. So that firewall works fine for you, Comodo is the choice for you.

By the way Itman's advice is fine, wmpnetwk.exe does a lot of I/O (with little data/bytes transfer), when you don't share music/media files accross the internet it is a good idea to shut it down (by disabling its service), especially when owning a SSD drive.

 

But the problem with PF is that wmpnetwk.exe didn't even show up at all. But in COMODO FW it does.

 

I have this feeling that this "wmpnetwk.exe" thing will never die

Here's the scoop. I noticed months ago when I experimented with PF that it appeared not to monitor localhost connections. Greg S. verified this is the case. Localhost connections are 127.0.0.0/255.0.0.0.

Unless you are using Windows Media Player to share files on your local network or over the Internet, all wmpnetwk.exe connections are localhost; if there is any communication activity at all. I have PF's Network Secuirty set to high and I never see any comm port communication activity for wmpnetwk.exe.

Download TCPView from the SysInternals web site or use the port monitor of your choice to check for wmpnetwk.exe activity.

 

Actually, you were very close to your solution here.

Wmpnetwk.exe is a WIN 7 service. Go into process monitor and see if you can find any WIN 7 services listed - you won't find any.

What causes services to run? Scvhost.exe. Svchost.exe and services.exe. Wmpnetwk.exe is a stand alone service therefore not controlled by svchost.exe. Since PF didn't detect it, it can be assumed it has never requested Internet access. It can be added manually however by going to Process Monitor, right click on any existing rule, select add new application. Then navigate to C:\Program Files\Windows Media Player directory and select wmpnetwk.exe.

Go into process monitor and look at the setting for svchost.exe. It is set to allow which is its default setting. So all services are allowed to run unrestricted? There is a posting on the Comodo forum on how to tighten with Defense+ rules for svchost. Bottom line - Comodo also in it's default config. also gives svchost.exe unrestricted rights access.

What I don't know presently is if PF interfaces with the WIN 7 firewall at some API level to use WSH i.e. windows service hardening processing. If PF does, then the allow all process rule for svchost.exe is OK. At least you have the same protection that the WIN 7 firewall gives for outbound svchost.exe service requests.

The PF application rule for svchost.exe is filtered. The only TCP port 80 rule I have is one that was created as a result of me allowing the network connectivity check dial-out at boot time. I subsequently modified that to only connect to a specific IP address. So from what I have seen PF is dynamically allowing outbound service TCP activity in accordance with WSH techniques.

Some in the security community still believe the WSH processing offered by Vista and WIN 7 is inadequate. They feel Internet access must be controlled at the service level which by the way is an absolute nightmare in WIN 7.

 

I tried running it on W7 64 after uninstalling OA Free. Unable to run it as when its loading up it just sits there with the PF screen showing and freezes the system. Only other security app running is Malware Bytes paid, Norton AV 2012.

 

I have the exact same config. as you; Norton AV 2012 and MBAM Pro. I also have MBAM Pro IP blocking and realtime protection enabled.

I also had exactly the same problem with PF as you when I initially installed PF after I had uninstalled Zemana Antilogger. Turns out the hidden driver for Zemana, antilogger.exe, was still installed and running!

So odds are OA did not uninstall clean and you still still have hidden active device drivers for it running.

What I did was uninstall PF since I wasn't sure it installed right, uninstall any hidden drivers using device manager that are associated with OA, reboot, then reinstall PF.

Tip - you need to be normal OS mode to uninstall PF. What worked for me is:

1. Boot into safe mode.
2. Do Start. Then type msconfig in the "search program and files" text box.
3. Select 'msconfig". When the System Configuration box displays, select the "Start Up" tab.
4. Uncheck the box that shows "PrivateFirewall 7.0"
5. Reboot into normal mode.

Next uninstall PF via add/remove programs.

Reboot.

Now uninstall via device manager any of the hidden OA drivers. You will have to select the view tab. Then select the "Show Hidden Devices" option. Next navigate to the "non-plug and play drivers section." Locate the hidden OA drivers. Right mouse click on it and select uninstall. Make sure these are the OA drivers! Otherwise you could screw up you OS or other installed software.

Reboot.

Install PF again. You should be good to go.

 

Thanks ! That was it working fine now.

 

It doesn't matter now, because I remove PF and installed COMODO and COMODO showed wmpnetwk.exe and I just blocked it.

I wouldn't trust using PF seeing it doesn't even show up ALL INDIVIDUAL process' running.

 

Irrelevant. Online Armour when I tested it SHOWED wmpnetwk.exe as a process and gave me ability to block it. But I ended up going with COMODO FW and it too shows wmpnetwk.exe and gives me ability to block it.

However with PF, it doesn't show wmpnetwk.exe anywhere, and if it's wrapped up somehow into Scvhost.exe, well that just doesn't help the user does it.

So that's a thumbs down from me for PF

I recommend people go with COMODO FW instead.

 

Fire up TCPView right after booting and you will observe wmpnetwk.exe activity to/from 0.0.0.0.0.0.1. That IP address is the IPv6 address for localhost.

Explains why OA and Comodo are so heavy on system resources. They are tracking irrelevant normal WIN 7 IPv6 "chatter."

 

Just an FYI- CIS is about as far as you can get from a heavy resource user.

 

Comodo heavy? LOL!

 

My experience with Comodo is after you install it, it is great performance wise. As time goes by, it just bogs down your system. I also only ran Defense+ in proactive mode and never in paranoid mode.

 

No disrespect intended, but you really should try CIS again. It's been on my current machines for well over a year and on each still acts fresh as a daisy.

 

That's what comes to my mind when I read any of your one thousand rants here.

An honest suggestion: install NIS or KIS and forget about security software experiments, you don't understand a thing about them and you probably never will. I really mean it, no sarcasm intended.

 

There were other reasons I got rid of Comodo. The only time that I was infected on my WIN 7 was when I was using Comodo. And it was more than once. I also observed Comodo doing things I didn't like. Privacyware is at least up front in it's EULA statement that it will upload data for product improvement purposes.

For those who are Matsousec fanboys and feel comfortable with all those glowing leaktest results for Comodo on its web site, remember the primary purpose of a firewall is to keep out malware. An interesting read is on Microsoft's TechNet web site on the subject of why MS will not turn on outbound filtering on the Vista and WIN 7 firewall. I guess if one ran with no anti-malware software, outbound filtering would at least let you know you are infected. The key point here is how did you get infected in the first place? Perhaps because your firewall let in stuff it shouldn't have?

 

I'm using PFW with its default install settings. Ever so often when there is a lot of network load going on (transfers internally and maxing my download) the target machine will freeze (all machines have PFW installed with default settings). If I uninstall PFW this doesn't happen. Reinstall PFW and I can recreate the issue like clockwork.

Anyone else experience anything similar with PFW? Was hoping to just use MSE + PFW + DNSCrypt for a quiet but secure setup for some family members.

 

I had the exact same issues. Even though I really like PF I had to get rid of it in favor of Comodo FW because of the freezing. It seemed to begin with the latest update.

 

Is this on a stand alone PC or a LAN with multiple PCs?

I have Network Security slider set to HIGH which shuts down all file sharing and most LAN capability. PF runs great on my single PC with WIN 7 x64 SP1.

 

I'm testing the setup on my home network, so a media server/file server, multiple laptops and desktops.
Modem > router running gargoyle > switches > pcs/servers/laptops