@ultim As a user, I see the classical DNS thingy in this way, even though in Windows 10 you can not turn off the DNS Client service, as you could /can in Windows 7. I remember i could use this rule logic in Outpost Firewall and it could/can be done in Jetico as well. You could allow svchost.exe to call for udp port 53, for all apps, or you could block svchost.exe to not do the calls, and add rules for the apps to allow udp remote udp 53 on their own. You never know what uses the DNS client/ or the svchost.exe to do calls. So, thus the report on the Firefox on the Normal or Sanboxed usage. In my view : If the DNS Client is enabled, in the Recommended rules, then all App-s should call DNS thru that, and not only the Windows services, as such no UDP Out to 53 port should be needed in per app rule set.. If the DNS Client is disabled, in the Recommneded rules, then all Apps should be able to call DNS ONLY if a custom UDP for DNS rule is add-ed to each or if a svchost.exe (DNS rule/allow all) is added.. And a request :Maybe an option for a remote IP adres/range could be added in the custom rules window ? ! Using the new release as of now.Let s see how it goes.
New version seems working fine. I needed to put the TinyWall icon back from hidden ones under popup to see it. Might be just my old computer, who knows. The only thing I have never really liked too much about your TW Karoly, is just that the tray popup does not show traffic speeds in Mbits/second (Mb/s), instead it all is in megabytes and the unit kilobytes that are not really wanted maybe. To most of us anyways. Regarding internet speeds the common unit is megabits/s from operators and also from sites like speedtest or fast.com. Thank you for your good firewall and now better in 3 versions with being independent from Windows firewall. I understood it had the "Secure Rules" even before. But now the Windows updates seem not able to upset it.
General question: Is it okay to import TW settings from TW version 2.1.15 to TW version 3.x ? Or does the user have to build up settings anew from scratch?
First, thanks for the new version, got the update notice today. It seems that I have some improvements when booting, with the old version it could take some time until I had network connectivity (red cross on the ethernet icon in the tray), and that apppears to have improved (but time will tell, for now I have only rebooted once with the new version). With regards to the Wireshark rule, there is possibly an improvement that can be made. In the exceptions list, I typically remove all entries that has a red cross on them, because usually that means the referenced application/executable has been deleted or moved. However, the "System" rule that must be present for Wireshark/npcap to work, also has no explicit executable associated with it, so it is shown with a red cross. It would have been better if it actually had an icon, could be any suitable generic process icon, just not that red cross.
That's not possible unless you do deep-packet inspection. DNS packets are just like any and every other form of IP communication. There is not much I can do if a process still decides not to use the DNS client in Widows even though it is enabled. This is something I'd lile to do in the long run, but you'll probably have to wait a lot for it. Simply because it needs a complete UI overhaul. That's an interesting view. It is true that tools that specifically measure your internet speed use bits/s not bytes/s. But everything else that reports traffic rate uses bytes/s. Browsers, download managers, torrent clients etc. all use bytes not bits. Since TinyWall is not measuring internet speed but actual traffic, I always thought using byte/s is more logical since then it is easier to cross reference with the current traffic stats of other programs. What do others think? You can import settings from 2.1.x into 3.0.0 - 3.0.5. In the very near future I might remove this compatibility code so I don't guarantee this will always be the case for 3.0.x (I have actually thought about already removing it from the next release), but at least up to and including 3.0.5, yes it works. You are right, thanks for the suggestion. I should not list the System process as one that is missing its executable.
I prefer bytes. I think bits/s is for internet service providers and equipment manufacturers who want the numbers to look bigger.
BTW, isn't it true that TW only tries to add these rules to Win Firewall during install? Because this would mean that you simply need to disable Secure Rules during install, because AFAIK it only monitors newly added rules, not ones that are already made. Or is TW constantly trying to add these rules? Haven't tried it yet, because the current version works just fine on my system, but the new version does indeed sound like a big improvement, great job!
@ultim question, i'm downloading files by using qbittorrent, but in "Show Connections" it does not appear any connections for qbittorrent, except 127.0.0.1 is it bug?
TinyWall passes online scanner (port scan) tests, and reports closed port as "stealth" which is the best. One should also run leak tests though, which means testing if blocked programs get out of your computer. I do not know of any working firewall leak testers aside from GRC's LeakTest. TinyWall passes that too, but to be honest that test is a bit too basic. There used to be Comodo's tester in old times, but it doesn't work on Win10 anymore, and also, almost all of the tests it used to conduct were not firewall but malware tests. If you meant reviews, there's a compilation of those here. In any case, TinyWall's blocking is a lot better then Windows Firewall, and as long as you don't want HIPS or other kinds of antivirus protections, it is on par with any other solution, even paid ones.
With the new version 3.05 I am getting lots of blocks such as this: 192.168.1.50 is my chromecast device and chrome.exe is allowed all outbound connections (* in rule). I don't know why this is blocked.
Thanks for the test : ) it's strange, I tried torrent today, and got many active connections with ip.
Yes, you are doing something wrong then. Make sure that ... 1) TinyWall is running in its "Normal" mode (eg. not Auto-learn, Allow outgoing, or anything else) 2) LeakTest.exe is not whitelisted (if you open Manage in TinyWall, you should not see any rules added for GRC's executable) 3) No other firewall is installed, maybe except for Windows Firewall which is allowed If GRC's leak test passes, you should see the following window after you click "Test For Leaks":
Ok Thks I did the test under common ports and all service ports in normal mode ,tests failed it says.
Oh, wait, now you're doing the port scan test. Ok. So all you have to do is make sure not to whitelist the apps whose ports failed. Also, if you have a router, say, between your computer and internet connection, then you're basically just testing the router config not your computer/TinyWall. So make sure to clear that up first.
Hi, just upgraded from 3.03 to 3.05 and am getting an odd error. I did the upgrade by just running the executable, I did not delete the old version first. I'm running Win 10 Pro, version 2004, OS build 19041.329. When I click on the applications exceptions tab, this error immediately pops up. If I click continue, the program works fine, but every time I click the tab it shows up again. Anyone have this issue? I will look into the windows error reporting service first. The details drop down menu has the following info. See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************** Exception Text ************** System.InvalidOperationException: When in VirtualMode the ListView RetrieveVirtualListItem event needs a list view SubItem for each ListView column. at System.Windows.Forms.ListView.WmReflectNotify(Message& m) at System.Windows.Forms.ListView.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) ************** Loaded Assemblies ************** mscorlib Assembly Version: 4.0.0.0 Win32 Version: 4.8.4180.0 built by: NET48REL1LAST_B CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll ---------------------------------------- TinyWall Assembly Version: 3.0.5.0 Win32 Version: 3.0.5 CodeBase: file:///C:/Program%20Files%20(x86)/TinyWall/TinyWall.exe ---------------------------------------- System.ServiceProcess Assembly Version: 4.0.0.0 Win32 Version: 4.8.4084.0 built by: NET48REL1 CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.ServiceProcess/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll ---------------------------------------- System Assembly Version: 4.0.0.0 Win32 Version: 4.8.4084.0 built by: NET48REL1 CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll ---------------------------------------- TinyWall.Interface Assembly Version: 1.0.0.0 Win32 Version: 1.0.0.0 CodeBase: file:///C:/Program%20Files%20(x86)/TinyWall/TinyWall.Interface.DLL ---------------------------------------- System.Configuration Assembly Version: 4.0.0.0 Win32 Version: 4.8.4084.0 built by: NET48REL1 CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll ---------------------------------------- System.Core Assembly Version: 4.0.0.0 Win32 Version: 4.8.4180.0 built by: NET48REL1LAST_B CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll ---------------------------------------- System.Xml Assembly Version: 4.0.0.0 Win32 Version: 4.8.4084.0 built by: NET48REL1 CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll ---------------------------------------- System.Windows.Forms Assembly Version: 4.0.0.0 Win32 Version: 4.8.4084.0 built by: NET48REL1 CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll ---------------------------------------- System.Drawing Assembly Version: 4.0.0.0 Win32 Version: 4.8.4084.0 built by: NET48REL1 CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll ---------------------------------------- System.Runtime.Serialization Assembly Version: 4.0.0.0 Win32 Version: 4.8.4180.0 built by: NET48REL1LAST_B CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Serialization/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Serialization.dll ---------------------------------------- SMDiagnostics Assembly Version: 4.0.0.0 Win32 Version: 4.8.4180.0 built by: NET48REL1LAST_B CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/SMDiagnostics/v4.0_4.0.0.0__b77a5c561934e089/SMDiagnostics.dll ---------------------------------------- System.ServiceModel.Internals Assembly Version: 4.0.0.0 Win32 Version: 4.8.4180.0 built by: NET48REL1LAST_B CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.ServiceModel.Internals/v4.0_4.0.0.0__31bf3856ad364e35/System.ServiceModel.Internals.dll ---------------------------------------- ************** JIT Debugging ************** To enable just-in-time (JIT) debugging, the .config file for this application or computer (machine.config) must have the jitDebugging value set in the system.windows.forms section. The application must also be compiled with debugging enabled. For example: <configuration> <system.windows.forms jitDebugging="true" /> </configuration> When JIT debugging is enabled, any unhandled exception will be sent to the JIT debugger registered on the computer rather than be handled by this dialog box.
Here are some general pointers, but this is not a thread about configuring specific routers, so if you need more detailed advice, please ask for help in a suitable forum. Update to the latest firmware. Vendors often close leaks and security issues in newer router firmware If you don't use it, disable UPnP Disable remote management / WAN-side login access Evaluate which port forwarding rules you need and keep only that which is necessary for you, ideally zero Disable DMZ-host feature (even if needed, use the finer-grained port forwarding feature instead) ... depending on your router's features other points not mentioned here may also apply.
Thanks. I ran a system file check and a DISM job and found some corruptions that were fixed, but the same error persists. I think it may be my system and not the software, but I don't know where to look anymore. I use sandboxie, but no other AV software or firewalls. I'll check the event logs also.
I analyzed it. It's a not a problem with your computer or installation. It happens in TinyWall when you have a machine-wide rule. Fix in next release.