Windows 7 Firewall Control Plus

Is there anything of a factual nature that we disagree about?

 

Setup is right.

You can test it if you download this for example : http://holdemindicator.com/

Download it, install it, run it, and you will see Allow rules in Inbound.
btw don't worry, app is completely safe, it's very small, you can delete it without any trace after.

For example, in utorrent there is in Options setting which adds exception to the firewall.
It does the same thing as example above, except in utorrent you can choose will it be added or not.

Bottom line is : if that can be done from outside that easy, then that's not good.

Or ... maybe there is something wrong with my OS and I have to reinstall it.

I hope you or someone else will try above examples and confirm or deny these issues.

 

Okay, but only after I allowed it through the UAC prompt, otherwise it can't set the rules.

 

Okay, so UAC is the key then.

Thanx for that info, good to know.

 

You're welcome. The UAC, however, did not provide clear details on what the process was trying to do, only that it was seeking elevation consent. Personally, I would find it hard to trust a program that triggers these alerts after already giving it consent to install. uTorrent, for instance, at least makes it clear it needs to create an inbound firewall rule.

 

Just to make sure and try to find the exact problem I have here ...
As I can remember I think I've tried with UAC but with Admin account and I had no alerts.

You are running with Standard User Account and UAC settings at default ?

 

Hi pabrate,

I tried again, and this time I disengaged Applocker by changing policy to "Audit only" in all three protection areas just to make sure it wasn't interfering. I have UAC set to maximum (Default) and still holdemindicator could not force rules into the inbuilt fw. The first of two alerts I got can be seen in the ss. This alert happened after I hit the "Finish" button at the end of the install procedure. The next was cause by UAC (sorry Snagit could not activate while UAC had the screen dimmed).

 

Hi wat0114 ,

Thank you for playing with this.

Anyway, I don't like UAC and find it pretty complicated for usage, there is much better software for that and it's free

Meanwhile, I switched to Norton firewall , it's awesome !
I'm suprised by the fact that it's not using driver , that is just great.

 

I've tested the plus version and I'm not really impressed... The name is misleading, because it doesn't "control" or even need the windows firewall. It's just a basic 2-way firewall, and not a good one at that. For example every time you see a prompt, it stops the connection so it doesn't work until you restart it...

 

>> For example every time you see a prompt, it stops the connection so it doesn't work until you restart it

yes, thats right - and pretty annoying - some times it not possible to restart
app without losing work.

>> It's just a basic 2-way firewall

what did you expect? W/FC ist not comparable to Outpost or OA or any bigger one.
The power of the plus version is beyond the gui - depends of your needs:
simple yes/no or some specified urlsorts only.

 

Hi wat,

I've installed today on brand new PC Windows 7 Ultimate and I wanted on that system to use only internal security features.
So, first thing after setup was to put UAC at Maximum.
I turned DEP ON for all apps.
I've installed MSE.
Now comes firewall, everything is on default, public profile (Block incoming and Allow outbound)
Then I installed Holdem Indicator, there was UAC alert about running this software and I allow it.
App then executed and inserted rules in Incoming to Allow without any alert.
How come Firewall didn't alert me about Incoming connections ?

What I need to do in order to achieve that ?
Yes, UAC alerted me about running this app but that doesn't have to do anything with firewall.
I want program to run but I want to be alerted should I allow Incoming connections for this app or not.

Thanks.

 

It should alert, however, with lower permission bypass can be made (but I look at XP with that comment). If you have no apps that require inbound, then allways a good policy to block all inbound with no exception(IMHO)

- Stem

ps

I am upgrading my systems to win7_64, so I will be looking at this version of win firewall. Should be interesting,... maybe,..

 

What do you mean by lower permission ?
btw I'm running as Administrator account.
And I need one application for Inbound (utorrent) , so Block All is no good for me.

So far, this is my only problem (to get alerted if some app wants inbound).

If anyone is interested in solving this, please take a look at this app I'm talking about, when you execute this app Incoming rules will be inserted without any alerts.

Link

 

pabrate, I don't know why you don't get the alert. I'm not at my Win7 pc now (my son has commandeered it for his game playing ) to re-check if there's something different in my setup, other than the fact I do have outbound blocked by default, but I don't see why that should be necessary for alerting on an app installing inbound rules.

 

I really don't know why.
But looking at your previous posts again now , I can't see that you had firewall alerts for this app as well.
OK, if I don't allow it to run via UAC then rules are not made but app will not run

Take your time and test it when you can, thanks

 

You are right, the firewall does not alert.

 

So, what do you think is going on ? Why is this happening ?
I see that as a major problem for me in order to use Windows firewall as my firewall.
Like I said, all I need is alert (or auto-block) for Inbound connections.
Or if that can't happen, I would also be fine with "block everything inbound" , but to be able in that case to allow exceptions that I put manually.

 

Simple... the program is made to run with elevated/admin rights. And this means that has full control on everything including windows firewall.

For explaining better, everytime you run it checks to see if there are block inbound rules for tcp and udp for itself in the private profile and if it finds any it deletes them and then create allow rules.

Personally I would stay far far away from any application that behaves like this.
Haven't you asked yourself why should such a program need administrator rights to run? Why can't it run from a normal account?

Panagiotis

 

I understand all that, it needs admin rights because app is attaching itself to Poker application (another app) and calculates odds and other stuff (from another process obviously).
In order to do that admin rights are needed.
Program is perfectly safe, I'm using it for five years. I'm not worried about that.

However, every firewall I used so far alerted me about whatever connection is needed from this app, the only one that is not doing that is Windows firewall.
Problem here is that I don't see why running this app with admin rights is interconnected with firewall and alert about inbound connection.
In fact , bottom line is this : Firewall should alert me no matter what rights are for the app that is running. In my view I don't see why Win firewall is even "working" with UAC.
It's simple, I run app, UAC asks for elevated rights, I allow, app starts running, firewall detects that inbound connection is going to happen and pops alert, I choose what I want to choose and that would be the end of story.

 

It shouldn't be viewed as a problem, let alone a major one. How many apps are you going to use that impose themselves in the rules this way? So far it seems only one. For me I've never encountered one that does this. Besides, holdempoker is an application you willfully installed because you trust it, and it's simply creating the rules it needs - rules that you would otherwise have to create if it didn't do it for you. Win7 fw is very simple in its functionality outside of its excellent filtering abilities. It does not give you all the hand-holding functions that most 3rd party fw's give you, but it does its basic job of filtering and, if desired, controlling connections on selected programs, but this latter functionality requires some effort, head scratching sometimes, to set up. However, I'm betting you will find it to be the most stable built-in fw you've ever used.

 

Nope, windows firewall is made to alert you when a program has/needs inbound connection and it's been blocked; so that you can unblock it by creating an allow inbound rule.
It is not made to warn you when a inbound rule is created by a program with admin rights. For that there is UAC, which warns you that a program can make modifications on your pc.... Which in this particular case are modification of the firewall rules....

Panagiotis

 

I find built-in fw to be very good and I would love to be able to use it, otherwise I wouldn't bother with all this

I said I see that as a problem because if one app can do it , then any other can (and that's the problem).
Now I understand better why firewall is doing that, thanks to you guys (UAC / elevated / admin rights)

To be honest I don't know why Holdemindicator inserted those inbound rules in firewall, because in reality it doesn't use (nor need) inbound connection.
Even for outbound connection, it only checks license key once when started and after that it doesn't use internet anymore.
I know that for a fact because I was concerned when I start using it what information is sent and with packet sniffer I was able to see that only one or two packets are sent on app launch (license check and new version updates check) , nothing else is communicating from then on.
Beside sniffer I know it doesn't need inbound because other firewalls are not alerting me that this app wants inbound comm.
I just allow outgoing only on port 80 and that's it.
But what bothers me here is like I've said before, inserting inbound rules in firewall without my knowledge.

OMG, I just think of something, when I said that no other firewalls alerted me that there is inbound connection with this app, maybe that's why Win7 firewall didn't alerted me (because it didn't catch that app really want's inbound) , it just received exception to be made in rules (like utorrent for example)

 

I get it now fully

tnx once again for really good information.

 

I've tested several apps and concluded that "problem" is in apps that have option to include their rules into win firewall (exclusions).
Some have option to select or deselect inserting those rules but some don't and they just add them.
Also, if you for example edit those rules and instead "Allow" put "Block" , they will revert back to "Allow" on next run.
Personally I don't like this concept and it's too bad they made it to work that way.
But then again, that's just me
What can you do, heh ...

 

Not quite true.
The problem is only for those apps that run with admin rights.
Skype, Utorrent, Emule, etc. if not run with admin privilages cannot modify the rules, even if they want to....

If you disable UAC and run in an admin account, is your personal choice to allow each and every program to have full control over your system and not only the firewall....

Panagiotis