There's a log of dropped packages. That is basically what you want, isn't it? But yea, it's not very usable.
That's the notifications i believe, if the app isn't allowed it will prompt you to allow or deny. In a quick search on github a connections log seems impossible according to henrypp
It works only if you started the program there and enabled it at least once. I believe WFP rules are user specific, just like system settings, but maybe I'm wrong. EDIT: Oh, I misinterpreted your post.
Nope, simplewall doesn't work on standard user acc. I think the preemptively set filters still work (haven't tested), but opening the interface (the "program") itself doesn't, which is required to get notifications for new connections and change existing rules (filters). You can try those "save credentials" shortcuts and stuff, I couldn't make it work though I didn't try much, but even if you do, you can then run any program as admin with those saved credentials, and so can malware, essentially eliminating the point of using a standard user account. You can also try http://www.robotronic.de/runasadminen.html and see if you have any success On my own machine personally I stick with admin acc, UAC sucks anyway and if you run programs which normally don't need admin as admin, that means they are now admin and they abide by the admin permissions rather than the user ones, meaning you don't have to give permissions to non-elevated programs since the program in question is running as admin and not a "user", which means if a non-elevated malware tries to do bad stuff they won't be able to cuz there are no user permissions, because the programs which might normally need user permissions are now running as admin and thus only need admin permissions and not user permissions, and non-elevated malware can't get to the admin permissions, on top of that there are a ton of programs that require admin anyway and running as standard user acc is an additional annoyance even if it actually did provide more security which I doubt
simplewall v2.3.7 (5 November 2018) https://www.henrypp.org/product/simplewall Download Changelog sha256 checksum
simplewall v2.3.8 (7 November 2018) https://www.henrypp.org/product/simplewall Download Changelog sha256 checksum
@henrypp Please fix: Notifications appear very late. (30s) If two applications are blocked, only one notification pops up.
Better go to this page and report there: https://github.com/henrypp/simplewall/issues Just a suggestion.
Complete disable windows firewall and using this Simplewall. Couldnt ask for me. Everything working as it should. Hope to see this piece of software go on. Please a dark theme if and when its posibble.
simplewall v2.3.9 (20 November 2018) https://www.henrypp.org/product/simplewall Download Changelog sha256 checksum
simplewall v2.3.10 (28 November 2018) https://www.henrypp.org/product/simplewall Download Changelog sha256 checksum
Referring to the pop-up issue: It's not yet totally flawless. Then I wondered about something: I never get notifications about INCOMING traffic. I have unchecked "Allow incoming traffic for all". So what rule determines that? I guess it's included in the rule that allows traffic, but what if I have a special rule with a IP? Is only incoming traffic from that IP allowed or all?
I'm pretty sure general rules work for both incoming and outgoing traffic, so chances are, you saw the outgoing prompt (since outgoing is first, must send some info to receive some info back), you allowed it, and then the incoming traffic was also allowed for that process because of the general rule, so you didn't see any prompt. I think in order to see prompt for incoming traffic, it has to be from a process not allowed, and also if the process has no outgoing traffic at the same time, if I'm not wrong. I think you also have to uncheck "Allow inbound connections for all". I have also disabled all system rules, not sure what they do actually, but you should disable them just in case that you're missing prompts from them Also, what pop-up issue?
Ah, dude. Your reading or context comprehension is bad today It's two posts above that one. Also I said I unchecked "Allow inbound connections for all". Thank you for your answer I disabled system rules due to your recommendation. Makes sense
Don't you set that from Settings > Dropped packets log > Timeout between same notifications? Or you mean something else?
This is because of stateful TCP inspection provided by the WFP. The firewall is 'aware' of the state of connections so inbound would be allowed based on what has been requested by the outbound. That's the reason you only need outbound application rules. The exceptions are server apps (like P2P clients i.e.). You won't see prompts for uninitiated inbound connections, they will be silently dropped (and logged). And then rules can be made based on logs. For 'stateless' protocols (UDP) there is a need to include inbound rule as well, for example DHCP or File Sharing. It is unchecked by default (as it should be) as it basically disables inbound filtering (equivalent to disabling Windows Firewall). It is there to disable when you're using alternative solution to filter inbound traffic (a router i.e.) and want just an outbound blocker.
