Privatefirewall updated

Discussion in 'other firewalls' started by QBgreen, Aug 18, 2010.

Thread Status:
Not open for further replies.
  1. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Bellgamin, why wouldn't you use the default setting?
    Don't you find it usefull to make rules for programs and then have programs respond to these self-made rules.
    Doesn't one have to authorize every single program again and again if you choose the setting as in the pic?
     
  2. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    According to Privacyware Support in July 2010 . . .
    As promised in the above quoted statement from PFW support, in August 2010 PFW issued version 7.0.21.1 whereby -- among other things -- they fixed *some* (not fully defined) aspects of the default rules. Here is that item from their "What's New?" list. . .
    IMO a careful user will get somewhat stronger rules by replying to pop-ups in manual mode. For those who detest pop-ups, however, automatic mode has reportedly been "tightened" in version 7.0.21.1 and should do a pretty good job of keeping life simple while, at the same time, setting fairly good rules.

    No, not at all. If you respond to a pop-up and put an "X" in the "remember my decision" box, PFW will remember your rule thereafter.
     
  3. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    ^Thanks Bellgamin.

    I didn't read the available info from PFW\support, my bad.
    Selecting "Disable Autorespond" resulted in rules that weren't remembered.
    Guess I made an error somewhere so I'm gonna search what went wrong where&when.

    Nice FW+HIPS though, seems like a keeper.
     
  4. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    If you have any future problems with PFW not "remembering", please keep details and report them, via a ticket HERE, so PFW's support can look into it.

    Also, be sure to put an X in the "remember this setting" box whenever you want PFW to remember your choice.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    By the way. . .
    At times you will get a pop-up that does NOT have a "remember" option. Examples are below. . .

    ScrHunt01 09-Oct-10.gif

    If you want PFW to remember your decision. click "Details/Options" and you will get a pop-up that DOES offer a "remember" option. Examples are below. . .

    ScrHunt02 09-Oct-10.gif
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    At times, however, PFW will seem to be remembering an action that you do NOT want it to remember. For example, it might be blocking an application/action that you do NOT want blocked. In such cases...

    Try to execute/run the application that PFW seems to be blocking. If PFW actually IS the culprit, you will see a pop-up like the one below. . .

    ScrHunt03 09-Oct-10.gif

    To fix it. . .
    1- IF you want PFW to remember your choice then check-mark "Do not ask again".

    2- Click on "Allow" or "Block", as desired.
     
  5. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Hi Bellgamin, thanks for the extensive explanation.
    While I'm familiar with the possible popups (either tray alerts or the larger popups), I have not been able to use the 'Remember this setting' rules as I would like.

    I've been trying to use the PFW HIPS without their reliance on 'Software Publisher Certificates' (whitelist).

    While I'm comfortable accepting the specific certificate that comes with certain software, I'm hesitant to use their 'trusting one certificate auto-allows all certificates from a particular vendor-approach.

    While malware that's making use of valid certificates is rare, I'm not sure if this will remain rare.

    As is written in the 'User Guide PDF';
    'Once a software publisher (vendor) has been added to the list, PrivateFirewall will allow (not alert or block) any program associated with the software publisher's certificate.'

    So, I've tried to make rules stick without putting any checkmark for certificates from 'trusted publishers'.

    However, as the user guide explains in 'Manual Control mode';
    'Processes that fail signature validation will generate an alert and be blocked by default.'
    Which suggests (at least to me) that if I don't use their 'Trusted Publishers'-whitelist, I'm forced to allow programs every single time.

    I'm still trying to figure out if it's possible to make rules 'stick' (regardless of any certificate settings) with 'Manual control+Disable Auto-response'.

    For (open source) software I use that does not have certificates (f.i. MPlayer and the front-end for it, SMPlayer), the PFW approach is bit more cumbersome.
    I've contacted PFW by now to ask some questions so hopefully I'll be a bit more knowledgeable soon.
    cheers.
     
  6. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    There is no option in Private FW's GUI to automatically save the configuration settings. I have saved two copies of the files pfnames.ini and dpf.ini located in Private FW folder for future use. Is this OK? Perhaps bellgamin could clarify.
     
  7. bamaman66

    bamaman66 Registered Member

    Joined:
    Aug 11, 2006
    Posts:
    366
    Under PF, in the firewall log how can you tell what incoming signals were blocked and what signals were allowed?
     
  8. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    anyone tested Privatefirewall against *loggers? how good it is? :doubt:
     
  9. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,340
    Location:
    Québec, Canada
    I *think* only blocked events are listed in the log.
    (but I may be wrong, of course)
     
  10. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    PFW is only "fair" against keyloggers. In fact, there is no pure firewall or HIPS that does a fully effective job against all types of keyloggers, once they get installed. Online Armor & Defense Wall are about the best, but even they are NOT perfect against all the various keylogger POCs.

    The BEST defenses against keyloggers (IMO) are:

    1- Don't let a keylogger get installed on your computer in the first place. (Keyloggers are the payload of trojans. If you have a good antivirus, it should prevent trojans from getting in. Therefore, your antivirus *should* prevent keyloggers from happening in the first place. In other words, the best keylogger protection is PREVENTION.)

    2- Set your firewall so that NO outbound traffic is permitted except with your explicit permission. (Thus, even if a keylogger sneaks in, it will be unable to call out. Thus, you have GELDED the keylogger.)

    3- Use a DEDICATED anti-keylogger program at just exactly those times when you are transacting sensitive business. Excellent anti-keylogger programs are Prevx SafeOnline (SOL), Spyshelter, and Zemana.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    PFW keeps its config settings in the registry. Bummers!

    I have asked PFW Tech Support to add the ability to save config settings. They replied that doing so is on the "to-do list" but NOT at the top of that list. An update to PFW is due in the next several days. *Maybe* this item got done (but I doubt it.)

    Please put a ticket in to PFW requesting this added feature. The ticket place is HERE. The more folks who request this feature, the better possibility that PFW folks might get around to it sooner.
     
    Last edited: Nov 7, 2010
  11. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    You can save the registry keys and merge/overwrite them later if you want to uninstall it for a while. You can also disable the services, driver and appinit registry entry to effectively stop it from running completely.
     
  12. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)

    :thumb: :thumb: That is excellent advice concerning protection against keyloggers. Anybody that adopts all three principles should be well protected.
     
  13. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    You are 100% correct. Spot on! The firewall log lists all blocked events and ONLY blocked events.
     
  14. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,340
    Location:
    Québec, Canada
    For those interested, there's a new version available:

    RELEASE NOTES - 7.0.22.5, posted 11/24/2010
    INSTALLATION NOTE: Installation of this update on Windows XP first requires un-installation of previous build and system reboot. It is generally advisable to follow the same procedure regardless of Windows OS, but is mandatory for XP to upgrade to Privatefirewall 7.0.22.5.

    - Updated default rule-set
    - Implemented additional modifications to improve leak, general bypass, spying and termination defense performance.
    - Enhanced packet inspection capabilities
    - Fixed logic for Block button for firewall in Standard Control mode
    - Port tracking no longer displays loopback connections
    - Column re-sizing adjustments preserved (Application, Process Monitor, Firewall Log, Port Tracking)
    - Column sorting added
    - logo updates
    - "Restore default settings" grayed out for apps/processes where no default rules exist
    - Updated driver certification in accordance with Microsoft Winqual Review.
     
  15. lws

    lws Registered Member

    Joined:
    Aug 28, 2009
    Posts:
    196

    Thanks for the update information. Am downloading the update now. And thank you bellgamin for all the extra pertinent information regarding Private Firewall. Much appreciated
     
  16. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    hi

    is there any way to make/adjust PF alert in any outbound concretion ?
     
  17. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Do you mean, is there a way to configure PF so that it generates an alert whenever any application tries to access the internet, regardless of whether the application is signed by a Trusted Publisher? If so, I don't think there is. If the application is trusted then it can make an outbound connection without alerting. ....unless somebody else can say otherwise?

    Seems a bit strange for a FW not to have this basic capability
     
  18. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    correct . :)

    but if application is not "signed by a Trusted Publisher" will PF generate any alert?
     
  19. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    I've not quite figured that one out yet. I've tried PF in my VM and it appears to let anything connect out without alerting. Perhaps this is a VM issue.
     
  20. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I'm on holiday so I shall be brief. I am *fairly certain* you can attain your goal by setting PFW as shown below:

    ScrHunt02 25-Nov-10.gif
     
  21. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    That's how I have it configured but it's still the same.
     
  22. Tunerz

    Tunerz Registered Member

    Joined:
    Jun 12, 2007
    Posts:
    110
    Location:
    Philippines
    Does it still hang applications that use fullscreen (inability to respond to PF's alerts), like games for example?
     
  23. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Configured as I showed, PFW will alert to all NEW outbound connections. If a given app was previously allowed to connect out, there will be no alert when it again connects out.

    Check PFW's GUI, & click "Applications." If a given app is on that list, and you want to control its outbound, either delete it from that list or else right-click it & set Custom Rules.

    By the way, right click Casey the Cop in your system tray & make sure he is NOT in Training mode.

    If you still have problems, consult the REAL expert by creating a support ticket at...
    http://www.privacyware.com/support_ticket.html
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    The turkey is almost ready. Our grinds right now are nigiri sushi & poke & other kine pupus. Life is goooood! :D
     
  24. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    All done, but it still fails to alert. As a test, I used Chrome:
    - removed Chrome from the Applications list
    - removed Chrome from the Detected Applications list
    - Ensured Training mode was off

    This still fails to alert on outbound connections. Repeat the above three steps, but this time remove both Google Inc entries from the Trusted Publishers list and this time the outbound connection is alerted to. Conclusion - PFW does not alert outbound connections for apps signed by trusted publishers, even with Manual Control and Disable Auto Response selected.

    edit: p.s. I have submitted a ticket to PFW on this subject
     
    Last edited: Nov 25, 2010
  25. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    good work Scoobs72 , hope this will be fix
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.