Free Firewall (EVORIM)

Discussion in 'other firewalls' started by ichito, Apr 26, 2016.

  1. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    611
    Location:
    Wallachia
    I have installed it on a secondary W10 x64 machine, some older Windows build.Version 2.5.7 of the firewall was installed.

    First of all, if you install it, you have to keep in mind it s a FREE firewall.

    By default the firewall will not register itself atutomatically, to run at start-up, during installation or after.
    To enable that you need to enter the interface and check the little box "Start with windows", in the settings, for this to happen.
    Older builds ,if i remember correctly, were the same.A pop-up dialog for this choice would have been usefull i think.

    There is a default firewall policy preset for NEWLY installed programs.Default is "Ask for permission".You can also choose "Block All" or "Allow All".Nice feature.
    Keep in mind that by default windows system exe-s have the "Allow All" policy enabled though.Explorer, Search, Cortana and such are enabled by default to pass thru.

    The firewall configuration can be protected with a password.Another nice feature, a plus.

    When you start a program, you will be asked for internet connections, if Ask is your policy of choice.There are 2 types of interaction pop-ups: generic or granular.You either choose to "Allow" or "Prohibit" for each port or ip pop-up-ed, either you can choose the general " Allow All" or " Block All" choices for the App (the smarter way).The granularity in the pop-ups will not translate into granular rules, in the per App settings though.In the per App settings the only things you can define are port numbers and IP-s.This would be usefull to ban/allow,specify exceptions for some IP-s/ports per App.In the menues there is no Direction(inbound,outbound) or protocol to be set (even though the pop-up dialogs will spam you with direction and protocol information).

    The log is nice and detailed.

    There is a Block All rule called " Blockade" and a "Gaming Mode".I ve cheked the "Blockade".While in the desktop the feature works, it blocks.At computer restart though, the llmnr traffic, if enabled in Windows, passes thru :)

    It"s a basic, free firewall.It has no real granularity in rules editing.I see no way to specify direction of the connections or protocols, even though the pop-ups are quite detailed in information.You can specify IP-s and port number though, if of any use to block/allow some specific IP-s, for an app.

    It has some usability.

    If it was designed with simplicity in mind, the granular pop-ups should of been removed.I see no reason for that pop-up spam, if they do not transalte into rules in the per App settings (like you could see in Jetico or Outpost for example).

    The design aproach is Allow/Block the App, with IP exceptions.There are 2 Block Telemetry options in the menues.I do not know if they work though.

    Feel free to install it.
     
  2. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    344
    Location:
    Finland
    I'm using Symantec Endpoint Protection Firewall and IDS components only. I think it uses its own firewall driver, rather than windows own firewall.
    What i've heard, some malwares can disable/abuse/modify windows own firewall rules (because malware assumes, that the victim uses a windows firewall), during early boot stage or within a windows, for example using wmic command.
    Symantec Endpoint Protection Firewall, as a unmanaged client, does not care if "legit" windows component wants to connect to internet. Every connection made will be asked. For sure, that causes so called "clickfest".
    Tho, you need to enable this "ask" mode in the settings. After clickfest, go to application rules and restrict, for example, svchost, or chrome to connect probin your lan.
    Sure, it need some work, but when it's "tamed", then you're master of your PC :D
    It does also have great IDS(network and browser intrusion protection).
    Here is my firewall settings:
    https://imgur.com/a/W5LlMJi
     
  3. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Evorim is a powerful FW for those who are both: (a) high-risk web surfers, AND (b) skilled enough to make effective use of its configurable settings.

    I presently use Sphinx FW Pro because it has a LOT of well-structured, pre-configured zones. That makes it quite effective for those who (like me) are too lazy to develop their own zones.
     
    Last edited: Feb 20, 2021
  4. noel1947

    noel1947 Registered Member

    Joined:
    May 13, 2003
    Posts:
    57
    Location:
    Australia
    I am testing Free Firewall and have a few problems using it.
    I use Microsoft Edge, Chrome and Vivaldi browsers.
    1. Problem is that if I use search function (Google is default search engine ) on all browsers
    I get the following : This site can’t be reached

    Would appreciate some advice/assistance to rectify the problem.

    noel1947
     
  5. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    1,271
    Location:
    sweden
    I had used it for some months without that problem, but since a couple of weeks ago it appeared. Then i unticked the box for "Block Web-Tracking services" in Tools and it dissapered.

    So, since then i am waiting for an update for the program to solve it.
     
  6. noel1947

    noel1947 Registered Member

    Joined:
    May 13, 2003
    Posts:
    57
    Location:
    Australia
    Thanks pb1 for your assistance. Appreciated.

    noel1947
     
  7. bORN2BWILD

    bORN2BWILD Registered Member

    Joined:
    Oct 3, 2016
    Posts:
    26
    Location:
    Greece
    I had some time today to re-test (after 2 years) this firewall, with Windows 10/64 pro.

    My findings:

    1. Some text during installation is (still) in German !!

    2. The firewall didn't start after Installation !!!!!!!!

    3. The firewall didn't auto-start with Windows after reboot, with the auto-start option checked !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    4. I had to uncheck and re-check the auto-start and now it starts.

    5. Seems ΝΟΤ to block what it should block for outgoing traffic


    6. Seems faster than older versions

    7. Informative

    8. Needs some knowledge to understand what to block and what not, concerning the Windows services. Programs are easy to understand.

    all in all, not good !

    I'm very worried about the auto-start issues. I think it is very important to be 1000% sure it starts no matter what. Maybe some other way to do it? Some auto-start service. Maybe totally remove the auto-start option and make auto-start enabled at all times. Also what happens BEFORE the firewall starts during boot? Programs that start BEFORE the firewall can access the internet?

    Also the blocking doesn't work right. See the capture.
     

    Attached Files:

    Last edited: May 20, 2021
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Why even bother with this tool? From what I have read it has always been buggy as hell.
     
  9. guest

    guest Guest

    Evorim Free Firewall 2.5.8 (June 22, 2021)
    Website
    Download
     
  10. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    I wouldn't use it if had HIPS. Bad idea to have to run two HIPS firewalls side by side. They'll fight each other to stop malware. I'd have uninstall my current one.
     
  11. guest

    guest Guest

    Evorim Free Firewall 2.6.0 (November 20, 2021)
    Website
    Download
     
  12. guest

    guest Guest

    Evorim Free Firewall 2.6.1 (March 7, 2022)
    Website
    Download
     
  13. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I have been using Evorim Free FW for about 2 months now. VERY stable. 1-click blocking of Microsoft telemetry. Very informative alerts. Extremely user-friendly.
     
  14. warrior99

    warrior99 Registered Member

    Joined:
    Nov 21, 2014
    Posts:
    101
    Evorim Free FW works well, been using it for quite some time it simply just works and it's free so what's not to like .
     
  15. Alexhousek

    Alexhousek Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    662
    Location:
    USA--Oregon
    Forgive my ignorance, but what is the benefit in using Evorim Free FW over windows built-in firewall?
     
  16. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Evorim does NOT disable the Windows firewall. Instead, it offers very granular controls over connect outs, as well as connect ins.

    It's the connect outs that are my primary concern. I image my Drive C 3-4 times per week. Thus -- if I get infected on, say, Tuesday, all I need to do is restore, say, Monday's image & POOF! -- no more infection. However, there is one thing that restoring an image cannot fix. Namely, if a malware got into my computer's knickers & connected out with private/sensitive info, then I've been had. OUCH!

    I have plenty of protection to (hopefully) prevent a malware from getting in & doing any of those nasty things, but NO security is perfect, right?

    So Evorim firewall enables me to have granular control over connect outs. Moreover, the moment it was installed, Evorim automatically developed a list of all the apps on my computer, and automatically assigned controls over their connecting out. So the first thing I did was to review Evorim's list of my apps, and check whether I wanted to change Evorim's assessment of the level of control for each specific app.

    Another good thing is that Evorim not only lists app executables -- it also lists services. Plus, there is a check box to disable Microsoft telemetry, if so desired. Evorim is VERY light on system resources. My computer has now been running a bit over 2 hours. In that time, Evorim has used a cumulative ~19 seconds of cpu time. As to memory, it uses an average 98MB working set on my computer (which has 8GB RAM -- very uncrowded, so apps can have whatever optimum space they desire).

    Bottom Line: Evorim & the Windows built-in firewall do not conflict. Rather, they complement each other in a manner suitable to MY particular needs. Higher-risk users might want an upper-tier modem with a beefier hardware firewall, plus an even more granular software firewall such as Sphinx or Simplewall. (Or... they might consider giving Linux a trial.)
     
  17. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi @ Wilders

    I would like to try the latest version of Evorim Firewall. I remain nervous because there are a plethora of system apps and services that may need internet access. How would I deal with these without intimate Windows knowledge? Its OK when you are giving access to browsers and other known applications but system apps and services are another dimension.

    Is there a learning mode?

    Any advice gratefully received.

    Thanks

    Terry
     
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    I like Evorim's firewall feature that protects its own service. Kill it and it respawns a few seconds afterwards.
     
  19. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
  20. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    1,271
    Location:
    sweden
    For every service and app there is an item named "What does it do?" that you can click, which leads to a Google result. So using the firewall in Windows is inevitable a learning endevour. There is no way around that! So for every pop up you are unsure about you can Deny for the moment, and afterwards do a Google search. Evorim also has a "Ask for permission" feature, so one can set everything to ask and make decisions based on requests.

    What more is, if you deny something for the moment, it will not break anything. When installed it sets items in a certain mode, that you have to trust, in the beginning and, trust that the use of it, is better then not. The rest is, as mentioned, learning.

    Besides, if you have an Av on the Pc, you have to trust that it would stop any exploit attempts. Staying cool and just accept the risks is something everybody, even experts, has to do. Even them where Noobs in the beginning.
     
  21. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi pb1

    Thanks for that. Most helpful.

    Terry
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    That's why I prefer TinyWall, it let's me decide which app can connect out and will only allow Windows Update and Windows Defender, while blocking ALL other apps and services. You can even leave the Windows Firewall enabled. I'm surprised you didn't like it, because it doesn't get any more simple than TinyWall, Evorim's GUI seems very cluttered to me.
     
  23. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    So what? Essentially ALL app-based, default-deny Firewalls (FW) do that. Other FWs let the user decide about when & how much default-deny to implement. On the other hand, immediately after TW is installed, with NO adequate warning, TW cuts-off all the user's apps from making internet connections. Bam! Lights out!

    Implementing default-deny in that abrupt manner borders on a developer's assumption that users are too inept to use a firewall intelligently, so he shoves default-deny down their throats -- again without adequate warning.

    Other app-based firewalls use default-deny. It's nothing new. It was not invented by TW's developer. However, other firewalls respect users' intelligence enough to give them clear & easy tools to implement default-deny without shoving it down their throats. For example, SimpleWall gives the user a simple on/off check-block for default-deny. As for Evorim, It took me maybe 3 minutes to set it to default-deny.

    As for TW, Ultim's recent post portends both good news & bad news. TW is a 1 man show. I'm afraid that the bad news will be that TW's latest update is pretty much its last. Please don't get me wrong -- TW is a very powerful firewall. I just don't care for its user-unfriendly method of instant, forced default-deny.
     
  24. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    What other default-deny firewall are there?
     
  25. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    344
    Location:
    Finland
    Many malwares writes their own rules to windows firewall. During boot stage or even better, some sophisticated malwares writes outbound rules during shutdown. Because these tehniques are targeted for windows firewall, it will fail miserable when using, for example zonealarm free which uses its own firewall driver or comodo.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.