Yes, it is intentional. 99% percent of the the time svchost.exe is used by service. Because Autolearn is unable to differentiate between services, and we want to avoid suddenly whitelisting all Windows services just because you made a DNS request
Yeay, I just released TinyWall 2.1.6! Among other things, it finally fixes the bug that occasionally caused TinyWall to reset its settings. Therefore, this is a really-really recommended update As always, download from here. And of course, what is a TinyWall release post without the changelog: 2.1.6 - Maintenance release (06.01.2015.) - Windows 10 (TP) compatibility - Add color-coding to Application Exceptions list - Faster loading of Manage and Processes windows - Fix: GUI crashes when process list is cancelled - Fix: Printer sharing doesn't create rule for spoolsv.exe - Fix: Two rules can get incorrectly merged - Fix: TinyWall loses its settings under specific circumstances - Updated Brazilian Portuguese translation - Add Chinese translation In other news, here is something new I stumbled upon a few days ago: "Many Operating Systems (OS’s) offer a fully functional firewall but these may not be as full featured as commercially available products. There are a limited number of free firewall applications as well with varying degrees of effectiveness. These include ZoneAlarm, Comodo, and TinyWall. INB does not endorse any specific product." Source: Online Security - Best Practices, Illinois National Bank
Thank you for the update! The new version seems working fine. I installed it on top of 2.1.5. A small glitch though on the install: There came a popup: 'Did you initiate the uninstall of TinyWall?' I was not sure what to do, so I responded 'No' and the install did not go through. So I did a second installation attempt and replied 'Yes' to the prompt after which install proceeded. I like having blocked application rules shown with red background in the Application Exceptions window. To me they are mostly blocked program updaters or then some programs I don't use, but have not deleted from the app list yet. So TinyWall 2.1.6 will show what is not currently active very clearly. Karoly, are the special exceptions and other TW GUI options rules the same as in 2.1.5 version?
That is perfectly normal. The popup is part of the "uninstall protection" feature added in the last release. The upgrade is very similar to a streamlined sequence of uninstall+reinstall, which is why you get this message. This message already changed in this new 2.1.6, so on your next update, you will get the message 'Did you initiate the uninstall/update of TinyWall?' There are two colors actually. Blocking rules that have a valid executable will be red, and any kind of rule whose executable does not exist will be grey. For file and printer sharing, a new allow rule has been added for spoolsv.exe, but restricted to the LAN. There are no changes otherwise to the built-in special exceptions.
A small question, does TinyWall block apps from accepting incoming connections, also known as "listening to ports"? http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/
Yes, TinyWall does that. It only allows listening ports for applications that you have put in the "allowed" list.
Can you perhaps tell me why Download Ninja does open a listening port? To clarify, I'm not an expert, but I thought it was strange that SpyShelter alerted me about some apps wanting to "accept incoming connections", or wanting to access the network. But I guess TinyWall just silently blocks them? I think TinyWall is cool, but what bugs me is that you don't know what is being blocked. EDIT: My bad, you need to check and uncheck "show active connections", to see what is being blocked. Why no auto-refresh? And why no ability to block an IP address or IP range? Also, if some app needs outbound access, you need to make rules manually, or you will go into "auto-learn" or "allow outgoing" mode, which is a risk in theory. BTW, it would also be nice if the "connection manager" could remember column-sorting and column-size. http://www.snapfiles.com/get/downloadninja.html
Yes, you mean, you have to select "Show blocked apps". There is no auto-refresh because it annoys me when I am looking at a specific list-item (or list items), and the items that I am looking at suddenly change or get deleted, and I cannot have the information anymore. Filtering based on IP-address is primarily an issue of GUI-design, and actually I was just about to address (see the pun? ) this topic here on the forums in the upcoming days. I will soon. Noted for future version.
Well, because there is no auto-refresh, things can become confusing. And why not keep showing all blocked apps from the whole day for example? It would make it easier to unblock them. And I must say that the current approach (no outbound connection alerts) is a double-edged sword. It's kinda nice when you install software that you won't be bothered, but when they really DO need access it can be a bit annoying.
I have no problems installing software, as I can see what is blocked in the connections window, yes you might have to refresh once or twice for windows to catch up. If there is a problem I just "allow all outgoing" for a minute. If you have programs you know you don't want to connect put them in "block all" rules in the application window, that way when you "allow outgoing" those programs will be blocked. At least that was what I was told by Károly. Keep it simple and secure.
That is indeed not a bad idea, but it won't help against malware that is secretly running in memory. I must admit, I like TinyWall more than I initially expected, ultim did a nice job. But I will still check out some other tools with outbound connections alerts, to see if I like them better. Back in the days I used ZoneAlarm, it's still mind boggling to me, how they allowed some idiots to completely ruin the GUI.
Tried out TineWall and now I do not want to change to any other software FW even thou I need more functionality. I am looking for a way to restrict a program and/or the system to only communicate through a VPN connection. I used to do this by restriction to a IP range. Any plan to add this function? Really useful if VPN goes down and you do not want traffic through the normal internet connection.
Hello Herberta, yes, but the current things I am working on for TinyWall right now still have a long way to go, such that it is unsure if and when they will bear fruition in a public version. Filtering based on IP is a (small) part of it though.
Great, I´ll do without this functionality for now and hope it will be included in the future. You are doing great work! I do have a problem with my VPN tunnel even today. It will establish and say connected for about 3 s. Then it disconnects. If I set the firewall to off it works. How can I debug this? Thanks
Open the Connections window of TinyWall first, and select the option to show blocked connections. Then try to dial in to your vpn, and wait until it disconnects after 3s as in your case. Hit Refresh in the Connections window and check what was blocked.
Hi, Quick question: The rules created by TW have strange names in Windows Firewall; example : [TWc2kZLwQDXthi] TCP Outbound Ports for C:\Program Files (x86)\Internet Explorer\iexplore.exe Why is that? (what I mean is why is "TWc2kZLwQDXthi" when could have been "iexplore.exe") Thanks!
I get a lot of stuff. Nothing that is obviously connected to VPN for me. This is the list: http://i61.tinypic.com/334n7vc.jpg Thanks,
Are you using the built-in VPN capabilities of Windows? Then you need to allow that under the Special Exceptions tab in TinyWall. Otherwise, you should be able to determine which from that list corresponds to your VPN by the remote address.
Hi, yes it is the built in VPN. Simple PPTP with CHAP/MS-CHAP v2. Special Exceptions is checked. The only thing I see is a System(4) TCP 56883 Dest 1723 that goes to a IP on the VPN out range. Unblock says it might be part of Printer sharing and points to system32/spoolsv.exe I am getting a lot of hex adresses and port 0 that I am unable to understand. Also have a lot of svhost.exe blocked. Thanks
Might add that I have a feeling this has to do with the operating system. It´s win 8.1 64 bit. I might be able to test it on a win 7 32 bit and report back.
The special exception for VPN should be enough on Win7 (no need to whitelist anything else), I have tested it there personally when the feature was developed. No experience with VPNs on 8.1, but it wouldn't be the first thing that MS change in Win8.1 regarding what service access the internet and how.
I am having issues with network discovery and file sharing being disabled. If tinywall is running and I restart my machine, I lose network discovery and file sharing. If I disable the tinywall service and re-enable network discovery and file sharing and restart all is fine. Can anyone lend a hand?