Dr.web Firewall Beta2

It has been long ago when Beta1 was released. We've been working hard on a new version, carefully collecting your valuable feedback been working on new features we're proud to introduce and fixing defects. And right now we've got it available for you. It features the following major changes:
All-new GUI that provides verbose information about applications, their digital signatures, parent processes. Reduced amount of mouse clicks and user actions to complete certain sequences.
Increased security: entire parents chain is maintained when application tries to reach the network.
Increased security: tracking of modification of the file that has a rule created for.
Trusted parents list resides on a separate page for user's convenience.
Rule creation has been simplified: now user is suggested to choose one of four mostly used predefined rules (2 blocking rules and 2 allow rules); for a custom tuning there is an option available too.
User is allowed to browse for an application on disk or choose one from running processes list for new rule creation.
Uncaught unknown connections (e.g. when there was no user logged in) are collected for future revision* (*if the computer was not rebooted)
Packet filter and application filter now interact to gain automatic settings option for packet filter. This is useful for P2P clients, torrent clients, etc.
Default rules are much more friendly and cover most of system services demands. This simplifies working within Active Directory, Home Workgroup. Also such cases as VPN and ADSL connections are handled.
Firewall interacts with SpiderMail and SpiderGate components in order to get proper information about the application trying to reach the network.
Many defects were fixed, including those that led to system crashes.

How to use:
! After installation over previous version it is required to reset all the settings to default ones. This is done via Settings Application.
Interface contains some known cosmetic defects. These should not be immediately reported.

What is desired to be tested:
Everything.
See above.
Working with different network-enabled application.
Working with different hardware.
User experience.

To report a but or a feature request it is required to use a bug tracker. The following should be attached to report:
Application Event log copy
Full kernel dump in case of blue screen of death (**)
Full application memory dump in case of GUI application crash (***)
Exported registry keys: HKLM\SYSTEM\CurrentControlSet\Services\DrWEBAF & HKLM\SYSTEM\CurrentControlSet\Services\DrWEBPF
Screenshots (****)

(**) Set up here: My Computer -> Properties -> (Advanced System Settings ->) Advanced -> Startup and Recovery Settings -> Write Debugging Information: Kernel Memory Dump
(***) Use procdump.exe tool (can be downloaded from microsoft.com) with "–ma" option.
(****) Blue screen photographs are not required, instead full kernel dump should be provided

Distribution packages can be found here:

64-bit | key
32-bit | key

Good luck!

http://forum.drweb.com/index.php?showtopic=289113

 

Does the packet filter and application filter still "conflict" similarly to look 'n stop?

For example: will some packet filter rules block inbound packets for an application even if I've trusted it?

I would need something similar to a windows firewall.. application control + inbound filtering but the trusted option should truely mean it's then trusted and nothing is blocked from it.

I hate it when some firewalls still block connections when you've trusted an application. Look 'n stop does this, when you click "authorize" but still some packet filtering rule is limiting the application.

I could consider updating to security space pro if the firewall works like this, the last time I tried it didn't.

 

All questions about beta versions Firewall at a forum in correct section.
http://forum.drweb.com/index.php?showforum=54

 

firewall component seems as light as dr.web av, 30-40 MB maximum RAM usage

 

1. Why is this in the Antivirus section?

2. Will this be free once released?

 

1-) Because it is designed to be a component of dr.web security space also newly named security space pro.
2-) Due to it is not a stand alone application there would be a price imo, but you can test it for now beta is free as you know and it is really stable at the moment.

 

Current implementation features interaction of packet filter and application filter in the matter of allowed connections. However, if you explicitly block something at packet level, it has more weight than trusting specific application on application level.

 

Yes, I tried it and it worked well.

However, today when I started my computer in the morning everything was locked. I couldn't use explorer at all, some dr.web process was multiplying itself (had 67 processes instead of normal 25-30). Can't remember the process name but it wasn't spideragent, dwengine, spidergate, or firewall notifier.

I had to reboot to safe mode, and then use dr.web remover and after this the dr.web uninstaller

 

@ risl you should also post this in the bug tracker.