TinyWall Firewall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. mroek

    mroek Registered Member

    Joined:
    Mar 11, 2020
    Posts:
    11
    Location:
    Norway
    I've used TinyWall for many years, and I just discovered that a completely new version is close. Really great, and happy to see that! I've browsed some pages back, but I'm still not sure what the correct procedure for updating to 2.99.x from 2.1.x is.

    Should 2.1 be uninstalled before installing 2.99? If yes, I guess the settings from 2.1 should be exported first, and then manually re-imported to 2.99? And also, I saw that keeping WF enabled was recommended (with it's default settings), is that still the case?

    @ultim: Might be a good idea to include the recommended update procedure as a note to the changelog for the new version?
     
  2. BobHD

    BobHD Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    8
    Location:
    France
    No more problems with 2.99.15 so far, and I can confirm that Opera changes location when you reboot and there is an update, which explains the need to unblock it constantly.

    I disabled the auto update feature, Opera programmers are idiots. They destroyed all the good features of the old version with the new one, I use it only when a specific site does not work with my favorite browser, Waterfox. Firefox did the same stupid thing that Opera did by removing support for thousands of legacy add-ons, stupidity must be contagious.

    Completely OT, but it feels good to vent sometimes. :)
     
  3. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    You are right, this is worth explaining. The good news is that there are no special upgrade considerations. If you are running version 2.1.x, you can just run the installer of 2.99.x (or 3.0 when it is released) and be done with it. Your firewall settings will be automatically migrated, so you do not need to export and then import them. Your GUI settings will be reset to default values. There is also no reboot necessary (and if the the installer tells you otherwise, it is a sign that something is wrong).

    WF can be left enabled (in its default state) or disabled as the user prefers. I generally recommend leaving it enabled for two reasons. First, it is easier and less work to leave it alone than to disable it explicitly. Second, if you disable WF, and then later decide for whatever reason to uninstall TinyWall, there is a chance that you'll forget re-enabling WF thus leaving you completely unprotected. EDIT: It is important to note though that WF is the only firewall that TinyWall supports running with in parallel. It is best and strongly recommended to disable any other firewalls (including other WF-controllers).
     
    Last edited: Mar 11, 2020
  4. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Thanks for the update.
     
  5. mroek

    mroek Registered Member

    Joined:
    Mar 11, 2020
    Posts:
    11
    Location:
    Norway
    Thanks, I'm going to try the new version shortly!
    Would it be a good idea to have the installer offer to make the recommended changes to the WF automatically? Maybe not useful for those upgrading from a previous TW version, but if other firewalls have been used, then making sure WF is enabled and in the default state might be a good idea? Could be a checkbox in the installer or something, so the user can choose if the installer should do that or not.
     
  6. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Yes, that might make sense, but I have to make a small clarification/amendment to what I've said before. The actual requirement is not for WF to be in the default state, that is just the most easy way to reach it. The actual requirement is the absence of any explicit blocking rules. Since TinyWall can operate with WF turned either on or off, and almost everybody is just adding allow-rules, it is usually not a problem whatever state WF is in. And even if the user does have a blocking rule in WF, the only effect it is going to have is that you won't be able to whitelist (in TinyWall) that single app the blocking rule refers to. So it is not like TinyWall's functionality will be inhibited in any broad or general way. Furthermore, in that case that blocking rule is probably there for a reason, so it is unlikely the user will to want to whitelist it in TinyWall anyway.
    All these things considered, yes, an automatic way to bring WF in a recommended state is probably a good idea, especially when coupled with the detection of other firewall software. But I have to think about how urgent its implementation is. Probably post-3.0.
     
  7. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Seems there is not much I can do. Though there is a way to list all packages on the system, it only works with admin privileges, but in my tests as soon as the GUI runs as admin, even the previous version can see the package of the other user.
    Can you please verify that if you choose Elevate in TinyWall, and then open the Settings window, the UWP package of the other user no longer shows up as missing?
     
  8. tcarrbrion

    tcarrbrion Registered Member

    Joined:
    Dec 15, 2007
    Posts:
    105
    It still shows up as missing when I elevate TinyWall.
     
  9. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    What? That wasn't my result. I'm gonna have to redo my experiment to double-check.
     
  10. tcarrbrion

    tcarrbrion Registered Member

    Joined:
    Dec 15, 2007
    Posts:
    105
    Double checked and still show up as missing. The list of UWP apps in the "Application Exceptions" screen is the same when elevated.

    I also had a problem with the Microsoft media creation tool. it creates and runs C:\$Windows.~WS\Sources\SetupHost.exe which is deleted as soon as it fails to run. I allowed this is TinyWall but it still did not run and I could see nothing else blocked. I had to set the mode to "Allow outgoing" to get it to work.
     
  11. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    That looks like a perfect candidate for the "Apply same rules to child processes" feature. Add a rule for the setup GUI window, open the detailed exception settings for that rule, and enable said option.
     
  12. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Hello Everybody!
    As a token of thanks for everybody here helping me out, I would like to offer you a small utility I've written. You'll love it if you ever wished you could easily download music and video from various websites. See my signature (log in for that) for details. I'll keep it available for a week here, after that only donators will have access to it. I hope you'll enjoy it.
     
  13. Deathmaw

    Deathmaw Registered Member

    Joined:
    Feb 4, 2020
    Posts:
    6
    Location:
    United States
    Nice, seems to be working for the most part, most titles do show up for me in the Pick a UWP App, I am however having a problem with Ori and The Will of the Wisps which released a few days ago, it doesn't appear to show in the list.

    Even bringing up the show connections when I've booted up the game it'll see the exe but not detect its UWP.
     
    Last edited: Mar 15, 2020
  14. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Then it probably isn't a UWP app. Or are you absolutely 100% sure it is?
     
  15. Deathmaw

    Deathmaw Registered Member

    Joined:
    Feb 4, 2020
    Posts:
    6
    Location:
    United States
    Using the Game Pass version so would be surprised if it isn't and if it isn't its got the exe in different locations again, I've had it allowed through at "\device\harddiskvolume7\oriandthewillofthewisps-pc.exe" and at "\\?\Volume{4d6a1d92-efac-c09a-3702-d177b6da6b88}\oriandthewillofthewisps-pc.exe" both now being crossed out.
     
  16. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    The first path is a file path in "NT kernel format". Though TinyWall doesn't know what to do with it yet, I at least know how to handle them and how to add support for it in theory. Much more interesting is the second format, that I haven't seen yet (aside from your earlier post), and also what the hell causes the same program to switch from one to the other (or more exactly, which APIs can return the 2nd one and when?).
    Anyway, handling these is quite an invasive change, so it'll have to wait post 3.0, sorry. This goes way beyond just bug-fixing and can easily introduce new bugs too.
     
    Last edited: Mar 16, 2020
  17. Deathmaw

    Deathmaw Registered Member

    Joined:
    Feb 4, 2020
    Posts:
    6
    Location:
    United States
    No Worries, already nice to see UWP apps and some games from the windows store do seem to work with it while some don't.
     
  18. mroek

    mroek Registered Member

    Joined:
    Mar 11, 2020
    Posts:
    11
    Location:
    Norway
    Just a quick note to say that I've now been using TW version 2.99.15 for some days, and I haven't had any real issues. I once had a popup from WF about a program (Logitech Options) that wanted to allow incoming traffic, but that only happened that one time.

    One marked improvement is that with the new version, I haven't had the popup that the changes failed to apply when I right click a blocked program (in the connections windows) to allow it. With the old version, this happened quite a lot, and while it wasn't really a big issue, it was a nuisance that now seems to be gone. Probably since it no longer directly has to modify WF, if I were to guess.

    Edit: And BTW, I'm so happy to see that you're back working on this, so I donated a little money to show my appreciation. I should have done that before, but butter late than never.
     
    Last edited: Mar 17, 2020
  19. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    I couldn't agree more. It's good to support developers like @ultim !:thumb:
     
  20. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
  21. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    By the way, because TinyWall's development is a continuous effort, I'm just about to transition to Patreon. Most of the stuff there is already prepared, I was just too much distracted by other things in the past couple of days.
     
  22. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    I like butter too.
    :thumbd:
     
  23. mroek

    mroek Registered Member

    Joined:
    Mar 11, 2020
    Posts:
    11
    Location:
    Norway
    Haha. I noticed the typo too late, and it felt wrong to correct my post after it had been quoted. I just hoped nobody else would notice, but you smashed that hope... :mad:
     
  24. mroek

    mroek Registered Member

    Joined:
    Mar 11, 2020
    Posts:
    11
    Location:
    Norway
    @ultim: I have a small feature request/wish:
    I have at least one application (Fusion 360) that moves around in a new subfolder for every update, so what I do then is to open the connections window and then unblock it along with a couple additional executables. I just recently discovered that these additional executables are spawned by the main application, so using the checkbox "Apply same rules to child processes" is great, because then I only have one application to unblock. However, since I do my unblocking by right clicking on it in the connections window (because I know it will be blocked after an update), it would save time if that right-click menu had one additional entry, "Unblock with child processes". That saves the step of opening the settings menu afterwards and manually ticking that box.
     
  25. BobHD

    BobHD Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    8
    Location:
    France
    Hi,

    2.99.15 works at 99% for me, with the sole exception that sometimes, in a random way I cannot reproduce, the tray can no longer communicate with the service.

    I have to reboot (maybe log off and in would be enough, I did not try), which is an annoyance because of the number of things I have to do: stop several virtual machines, reboot, enter passwords for 3 programs that require them, and restart the virtual machines. Verify that network shares are connected, and start a tabbed explorer (xplorer 2, a great not free program, no affiliation with me) that has about 20 tabs opened to usual folders that would revert to Desktop if the shares are not connected.

    The service manager does not allow to stop/start the service, which is of course a security feature.

    Is there a way to completely restart Tinywall without rebooting? That would save me a good chunk of time.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.