Giving another try---About Firewall

Hi,

If I dissable the firewall, WSA icon goes yellow.
But if I select "Allow all processes to conect...." icon stays green but yet the firewall is as inexistent.

So, why is that?

 

I assume your using another firewall? If so that's the best setting "Allow all processes to connect to the Internet unless explicitly blocked" if you don't want to use WSA's firewall at all or leave it at default to keep the Icon Green your choice and as you know WSA's firewall will not conflict with other firewalls and doesn't use any more or less resources.

TH

 

Hi TripleHelix,

I am not using "another firewall", I using a firewall

The firewall from WSA is not a FULL firewall and the advice here , on this forum, is to use it as a "firewall helper" (?)

Would be nice to have the possibility to do a custom install on WSA and to install ONLY what we need to add on our layered defense, without pretending that is not there....

Anyway, leaving the WSA firewall in "Allow all..." doesn't seem to affect my PCTools Firewall Plus but is not the right solution.

The same is valid for MBAM "Website blocking" and the same feature in WSA...

 

""but is not the right solution""

Agreed

 

If the firewall is off, it won't take action even if you explicitly block it in the settings. Also, the normal state of the firewall is also to take intelligent action against things it finds to be a threat, but in off, it won't. Thus, state is Warning.

If the firewall is on, set to "Allow all to connect to the Internet unless explicitly blocked", it is still on and will still block things that you explicitly block, which it won't if off. "Explicitly blocked" does not mean that -YOU- have to make the decision to block it. If the process is a threat, it will be explicitly blocked by the threat determination. But it also applies to things you explicitly decide to block.

 

Because of course if it doesn't negatively affect things, you need to object to it anyway.

Everybody's heard you both many times. Everybody knows "you can't please everybody all the time", so if you insist on being one of the displeased ones because you have a desire to find an unquantifiable fault based on your subjective opinions, then there is nothing that anybody is going to do to try to make you happy. Time to either figure out how to deal with it or get another security program, but remember that the loss of your business for the program having a firewall is far outweighed by the substantial gain in business caused by the same thing. If they lost more than they gained, they'd take out the firewall. Since they gain far more than they lose, they likely won't.

 

Hi Techfox1976,

Thank you for your answer!

"If the process is a threat, it will be explicitly blocked by the threat determination"

If a process is a threat should anyway blocked by the real time shield /behavior shield or heuristic! Is not a firewall's job to block threats; the firewall should only follow the rules, and you, as user should be able to determine the rules.

For somebody who is following the idea of a layered approach in PC security ,adding WSA is a pain *!
I have MBAM with a lifetime license (MBAM is recognized as being the best in malware protection) and PCTools Firewall Plus , which is a real/complete firewall.

Now ,if I use WSA, I have to deal with 2 firewalls, 2 website blockers....If I turned these off, WSA icon goes yellow.

It is working, I do not say it doesn't , but this is against of all I learned about PC security in over 10 years ...

Google the internet for "running 2 firewalls at the same time" and you will not find any single answer saying that is OK.


All I wanted was to add an antivirus, nothing more, nothing less.


Thanks,
Claudiu

 

Latest WSA has added an interface for its outbound blocking... the so called "firewall". This was there from the beginning as part of the AV. Why you want to disable it its mystery. Does it conflict? Please post the issue you are experiencing with MBAM. Otherwise just use WSA at default with MBAM. No need to play with settings or disable the "firewall" without a reason. They work well together and WSA is designed to work with other security tool.

If you do not believe WSA can work at the same time as other security tools then remove it and find a tool you can believe can work with your setup.
At the end of the story its not how strong a tool is but how far you feel security with it. "Apparently" (as you keep pestering this section) you are not.

 

Hi Fax,

"...how far you feel security with it."

The feeling with WSA is good; full suite with green interface (everything is "green" today),billionas of events analized, last scan done in 23.3 sec ,WOW!!!!

For "average Joe" WSA will provide a very good feeling but for a computer inclined guy ,who goes beyond the apparent filling, not!

Issue with MBAM: now I have to deal with 2 website blockers and to make 2 sets of rules for allow/deny. What is allowed by MBAM and blocked by WSA I have to analize, decide and rule; the opposite is also valid.

Issue with WSA "firewall": in an application is detected by the WSA real time shield as a threat but I decide that is a false positive and I include it on my "Allow" list, still that application will be blocked by the firewall ,which will take all set of rules from the cloud.(see: "Explicitly blocked" does not mean that -YOU- have to make the decision to block"")

Claudiu

 

Sorry, what is the point you are trying to make. If you run multiple tools you will need to take care of the different detections/false positives/etc. This is applicable to any software.

 

All I want is to use complementary tools not duplicate tools; unfortunately WSA Antivirus is packed in such a way that you are forced to ignore/pretend you do not see the other components which will interfere with what you originally wanted to complememnt.

We have Avast!, Avira,AVG, which will let you install only what you need, I do not understand why WSA has this aproach "take it or leave it".

 

Maybe it has something to do with WSA's size.. why would you not install the firewall? To save less than 1mb? Anyway, you can disable it

 

So you mean you can't disable components? Actually you can disable parts of WSA but then..... why you are installing it in the first place if you know you need to disable half of it?

You seems to have a ill understanding of layered security. It does not mean installing multiple tools that then you need to disable to its entirety. But to only install tools that are providing security not been covered by others. So you can run them at their full potential.

For the case of WSA and MBAM. You can run WSA in its entirety and having MBAM working on demand.

Still your arguments are rather confusing. First you want to allow everything in WSA outbound protection (firewall) then you seems to suggest you want to disable its web protection in favour of MBAM. Then you would to be able to follow all blocking in both tools (or not?).

Your crusade to find a problem in WSA has not finished yet... from full scan to dormant file and now some confusing arguments about web protection and firewall. Uuuhm.. next? LoL

 

Are you objecting on philosophical grounds or do you actually experience this as a problem? How often does the WSA firewall block an outbound connection which it deems a threat, but which you want to allow? I've been using WSA for quite a while now and I've not had a single false positive.

 

But why disabling it. You will reduce your protection. Moreover now you have far more granular control on components running on the system. You can decide if you want to allow something to run but then not allow it to connect out. This is something you could not really do easily before.

 

I was referring to "We have Avast!, Avira,AVG, which will let you install only what you need, I do not understand why WSA has this aproach "take it or leave it"."

 

Ah.. yes.. sorry... LOL

 

Hi fax,

"Actually you can disable parts of WSA but then..... why you are installing it in the first place if you know you need to disable half of it?"


Because I am forced to install them by WSA installer even though I do not need them.ALL I NEED IS AN ANTIVIRUS!!!

"You can run WSA in its entirety and having MBAM working on demand"

Well, MBAM is far superior to WSA in malware detection and I want it on real time not on demand!

About the whole firewall issue:

Guys, you have to understand once for ever that this is not a firewall!!!!

This was hiden in the initial build as an application blocker based on cloud clasification.

But because the competition (Pand Cloud,King soft) has included a firewall, somehow Webroot was forced tu surface this application blocker and name it "Firewall"

Later on , when a lot of people complained about "Is the firewall working correctly?" , this ,so called, firewall was named "firewall helper", outbond firewall, application blocker and finally the general advice was set it on "Allow all unless..." and ignore it.

Well, I do not want a firewall helper, I do not want to ignore it, I want ONLY an antivirus!!!

My last post on this firewall isue.

Thanks,
Claudiu

 

You're correct that strictly speaking it's not a firewall. Is it necessary to argue about what it's called? I understand that you don't want a "firewall helper", but you must realize that even if the vendor agreed with you it's not a simple matter to change an application. WSA is what it is at the moment and since it's really not what you want why are you using it? If you only want an antivirus why don't you use an app that's only an antivirus?

 

So, to make it short, you just came to say it's not a firewall.. Anyway, what's the point of starting a descussion if you can't accept people have different opinion?

FYI, most people, on Wilders, will agree Windows' Firewall is more than enough.

 

... what you do not need? Do you understand that WSA to protects you from malware needs those components to work? Its needs the outbound control, the protection from leaking (identity shield), etc... these are all components of the antivirus. The outbound protection (firewall help) has been always there. The difference now is that you see it in the GUI and you can configure it.

The real problem for you is that your definition of an antivirus does not comprise WSA way of working. So, for you it will never be an antivirus and no matter what you try to disable or enable, it cannot look like another AV.

This is only if you want, at any costs, to disable the firewall (for no reasons) as well as not wanting a yellow icon in task bar notifying you the firewall component is OFF. Certainly not recommended generally to all users, you seem still very confused.

Looking forward to read your next weird issue. To sum up, we had up to now: Full scan not a full scan, on-demand detection results, dormant files that will kill the machine, ex-post infection doubts and fears, not wanting a feature in WSA (outbound control/ outbound firewall), disabling features change colours of WSA icon. I hope I have not forgotten something...

 

you have your opinion I have mine
I won't lose any sleep over yours,
you don't lose any over my, OK?

Also this deal over a "firewall helper"
if the firewall needs a helper that tells me maybe
I need to get a firewall that "CAN DO THE JOB"
without a helper

I've long gone to a hip's system by now and so have
all the people that I keep up their systems for
it has been a little learning curve for them but they
all have understood that using two or more programs
to do the same job is just bloat in the system and that's
the reason they came to me in the first place, they like
their systems lean and trim

 

I think you mixing up things... I know it can be confusing for novice users. You mix up the function of a firewall with the firewall helper in WSA that is there to provide WSA the ability to control the programs on your PC and their ability to communicate with the outside world.

Its behaviour analysis is therefore not limited to what a potential malware is doing on your system but also its behaviour vis-à-vis the internet. Btw, these end points were there even before but you could not control them at all.

Yes, still many users likes to pile up security one over the other. That's an additional advantage of WSA and its design. You can run it alone or combine it with another tool as it is designed to compatible with most security tools out there without adding the bloat.

Just to avoid any possible misunderstandings. WSA is not a HIPS software.

 

"I know it can be confusing for novice users"

"Novice Users"

You apparently didn't understand me at all, by the way
I've been working with computer systems since 1987
I don't consider myself a novice anymore although i sure am
not at the same level as a lot of others on here

I understand what you are saying "but" when some of us
brought this program it was a "AV only"

I ran it like that because it worked good with the highly modified
Windows XP that I use and have set up for others, most AV programs
would give a lot of false positives due to many mods I had done, yes some
of the mods were a virus but not all virus's are bad, some virus's are wrote for a specified job, I guess WRSA worked good on it because from what I've read on here that it jump on it when it actually tried to do something it shouldn't be doing, I take it that is why I didn't get a lot of false positives

Anyhow I don't believe in using two or more programs to do part of a job or the whole job and maybe someone might want to use a difference firewall
"without using a part firewall or whatever you want to call it" from another program

I guess I just do things just a little different than most folks
cheers

 

*Boggles*

Dead horse is still dead. Beatings are hyper-redundant.

"I've been using computers since <far past date>!"

Any time I hear that when working in a tech support capacity, it tells me that the person is opinionated in such a way that facts will not sway them and they know enough to break things more than the average person. So far not disproven in this thread.

These two users seem to be techno-hypochondriacs.

Got to the core of it anyway:

The firewall (helper) has always been there in the AV. Previously, it would operate 100% silently under "default" settings of "Allow all processes to connect to the internet unless explicitly blocked". The user had no visibility into the allow/deny list so the only explicit blocks were malware*.

Now, the AV has allowed user entry into the previously black-boxed, locked-down network functionality of the AV-Only capability configuration of the agent. It does change the default to "Warn if any new, untrusted processes connect to the internet if the computer is infected", which allows more security for most users.

The code is the same as it always has been. Visibility into the code has been exposed.

Want to be back to exactly the same functionality as the old AV stuff? Just turn the firewall to "Allow all..." and completely ignore its UI presence thereafter. It worked fine that way before when you couldn't see the UI portion, so I'm certain you have the mental capacity to ignore a UI section and be happy with identical functionality