Outbound connections

Discussion in 'other firewalls' started by moredhelfinland, Sep 14, 2017.

  1. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,096
    The settings you're talking about will appear to let you create service specific rules but they won't actually do anything unless the service has an SID set to restricted or unrestricted. Many have their SID set to none.
    Read the discussion I had about this with the developer of Windows Firewall Control here.
    Then scroll down the same page to the post by syrinx.
    Those posts contain very important info for anyone using Windows Firewall.
     
    Last edited: Nov 11, 2017
  2. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    764

    OK thanks, this clarify s things. Regards
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,094
    Location:
    Canada
    Thank you for the clarification and link to the information. I checked several of the services SIDs that I have fw rules for and they are all set to unrestricted or restricted. Only gpsvc and gupdate were None. Certainly there are probably others, but of the ones that matter to me most they were Restricted or Unrestricted. I have no rule for gpsvc, nor have I restricted it with any 3rd party fw I've used in the past. As for Google Chrome's update service, I control it by restricting the Googleupdate.exe file, and it works fine. I'll spend some more time checking but so far this seems to be a mostly trivial problem for my purposes at least.

    EDIT

    actually after looking at all the command line outputs none were Restricted; they're all Unrestricted except for the two I mention above. I checked a bunch of others minutes ago and they're Unrestricted too.
     
    Last edited: Nov 11, 2017
  4. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,096
    @watt0114 do you know what the difference is between the restricted setting and the unrestricted setting? I never did find the answer to that.
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,094
    Location:
    Canada
    Well I only searched briefly and found this Microsoft blog and it mentions that the difference between the two is that a Restricted SID service will have an additional "write restricted" token in addition to the "per-service SID" that both Unrestricted and Restricted type of SID services have. There is a part 4 "write-restricted token" article that explains things further. I confess this is all a bit too technically overwhelming for me to properly grasp.
     
  6. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,096
    That's not surprising. MS love to fill an article with tech jargon that most people dont understand.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,890
    Location:
    The Netherlands
    But who cares if it's a third party tool? Fact of the matter is that M$ made it very user-unfriendly to manage the Win Firewall. Keep in mind, tools like WFC and TinyWall don't do any blocking themselves. Via SpyShelter's network monitor I can check if the Win Firewall is blocking things correctly, and it just works. I haven't actually upgraded to newer versions of WFC, because the old version works just fine.
     
Loading...