Private Winten - Open Source Windows 10 privacy tool with built in Firewall

Discussion in 'other firewalls' started by DavidXanatos, Dec 23, 2018.

  1. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    402
    Location:
    Viena
    hmm... good point I will add an option to reset this.
     
  2. Serphis

    Serphis Registered Member

    Joined:
    Nov 24, 2018
    Posts:
    24
    Location:
    Italy
    Hi DavidXanatos,

    I just installed 0.75 portable version of Private Winten and I think it's a very good program to manage Windows 10 Firewall. I'm using it together with Windows 10 Firewall Control by Sphinx Software and I haven't noticed incompatibilty issues between the two programs.
    I have installed Private Winten service and I have noticed that there are two instances of PrivateWin10.exe currently running in my system, maybe this is related to the installation of PrivateWin10.exe -svc but I don't know for sure.
    Btw when I start some programs (i.e Brave browser but also some others) one instance of Private Winten.exe crashes and the icon on the taskbar disappears; only one instance of PrivateWin10.exe remains running on my system but I have to restart Private Winten to access its GUI again.
    I have Windows 10 Home version 1909 Build 18363.719

    Thank you for your help
     
  3. Serphis

    Serphis Registered Member

    Joined:
    Nov 24, 2018
    Posts:
    24
    Location:
    Italy
    Hello again,
    I can say that Private Winten doesn't always crash when I start the above programs but it seems to occur randomly. Private Winten is also a very good program to monitor the various software connections and it provides a lot of information about them.

    Greetings
     
  4. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    402
    Location:
    Viena
    When installed as service you have two processes one GUI and the other is the service.
    the GUI obviously should not crash :/
    if you open a cmd.exe window as admin and start PrivateWin10.exe from it will log debut output to that window,
    while you keep the window open please try to reproduce the crash and post the output you got in the console.
     
  5. FibonacciMozart

    FibonacciMozart Registered Member

    Joined:
    Mar 13, 2020
    Posts:
    5
    Location:
    Norway
    DavidXanatos,
    Great software I've been using it everyday for many months and it's been very stable, however, lately it's been crashing for me as well on the new version running on a Windows 10 Pro 64bit -- but only once-or-twice a day.

    Event viewer errors:
    Exception in RemoteExec: Connection Failed

    Exception in RemoteExec: Pipe Broke!

    System.Exception: Pipe Broke! at PipeIPC.PipeClient.PipeConnector.RemoteExec(String fx, Object args) in F:\Projects\PrivateWin10\PrivateWin10\PrivateWin10\Common\PipeIPC\PipeClient.cs:line 92 at PipeIPC.PipeClient.RemoteExec[T](String fx, Object args, T defRet) in F:\Projects\PrivateWin10\PrivateWin10\PrivateWin10\Common\PipeIPC\PipeClient.cs:line 15

    It can happen at any time so it's hard to pinpoint exactly what breaks.
     
  6. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    141
    I can't find the option to minimize the application to only have the icon in the taskbar. When I minimize it does not close to the system icon and when I close the application the program closes.

    Edit: I rushed to type, restarted the pc and there is indeed only the icon in the taskbar. Thanks and sorry for the unnecessary post.
     
    Last edited: Mar 14, 2020
  7. polly77

    polly77 Registered Member

    Joined:
    Jan 13, 2014
    Posts:
    52
    Hi how do we uninstall this properly? Thks
     
  8. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    402
    Location:
    Viena
    the setup has an uninstall option and if you run it as a portable application you can use the winw's context menu to uninstall
     
  9. polly77

    polly77 Registered Member

    Joined:
    Jan 13, 2014
    Posts:
    52
  10. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    402
    Location:
    Viena
  11. FibonacciMozart

    FibonacciMozart Registered Member

    Joined:
    Mar 13, 2020
    Posts:
    5
    Location:
    Norway
    Private Win10 v0.75b on Windows 64 Bit Pro

    If it's minimized to the taskbar it does not crash it runs just fine.

    If you close the GUI using the close (x) button it minimizes to the System Tray.

    How to make it crash:

    1. Single-click on Private Win 10 icon in System Tray and this window appears:

    https://i.ibb.co/cgRM035/window1.png

    Empty notification with PID:1234. It does not appear if the icon is double-clicked (GUI opens).

    2. Click 'Ignore' and it crashes. If close (x) is pressed it does not crash.

    cmd.exe PrivateWin10.exe-output after clicking ignore:

    Code:
    Unhandled Exception: System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
    Parameter name: index
       at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)
       at System.Collections.Generic.List`1.get_Item(Int32 index)
       at PrivateWin10.Controls.ConnectionNotify.PopEntry()
       at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
       at System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args)
       at System.Windows.Controls.Primitives.ButtonBase.OnClick()
       at System.Windows.Controls.Button.OnClick()
       at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(MouseButtonEventArgs e)
       at System.Windows.RoutedEventArgs.InvokeHandler(Delegate handler, Object target)
       at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs)
       at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
       at System.Windows.UIElement.ReRaiseEventAs(DependencyObject sender, RoutedEventArgs args, RoutedEvent newEvent)
       at System.Windows.UIElement.OnMouseUpThunk(Object sender, MouseButtonEventArgs e)
       at System.Windows.RoutedEventArgs.InvokeHandler(Delegate handler, Object target)
       at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs)
       at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
       at System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args)
       at System.Windows.UIElement.RaiseTrustedEvent(RoutedEventArgs args)
       at System.Windows.Input.InputManager.ProcessStagingArea()
       at System.Windows.Input.InputManager.ProcessInput(InputEventArgs input)
       at System.Windows.Input.InputProviderSite.ReportInput(InputReport inputReport)
       at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr hwnd, InputMode mode, Int32 timestamp, RawMouseActions actions, Int32 x, Int32 y, Int32 wheel)
       at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr hwnd, WindowMessage msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
       at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
       at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
       at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
       at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
       at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Int32 numArgs, Delegate catchHandler)
       at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(DispatcherPriority priority, TimeSpan timeout, Delegate method, Object args, Int32 numArgs)
       at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam)
       at MS.Win32.UnsafeNativeMethods.DispatchMessage(MSG& msg)
       at System.Windows.Threading.Dispatcher.PushFrameImpl(DispatcherFrame frame)
       at System.Windows.Application.RunDispatcher(Object ignore)
       at System.Windows.Application.RunInternal(Window window)
       at PrivateWin10.App.Main(String[] args)
    
    I've tried it 10 times in a row and it will happen 10 out of 10 times.

    Workaround: just don't press close (x) in the GUI and let it run on the task bar (and not minimize to System Tray).

    Thanks.
     
  12. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    402
    Location:
    Viena
    thanks will be fixed in the next build :)
     
  13. Zonal

    Zonal Registered Member

    Joined:
    Apr 21, 2020
    Posts:
    1
    Location:
    the Netherlands
    Hello,

    I just installed Private Win10 and was tinkering around with the firewall settings. But the program keeps crashing, I keep getting the error:
    "Exception in RemoteExec: Connection Failed" like 20 times or even more. I googled on that error and that led me here to this topic. So I hope it's ok that I post this here.

    Any clue what is going wrong here?

    Thanks in advance :)
     
  14. FibonacciMozart

    FibonacciMozart Registered Member

    Joined:
    Mar 13, 2020
    Posts:
    5
    Location:
    Norway
    I'm not a developer on this project but I had a similar issue with similar exception. If you've configured PWin10 to disable the windows firewall and then another application re-enables the firewall it will cause an exception. PWin10 works great until that setting change and it will not know automatically that the firewall has been re-enabled. Also it might block outbound connections and you have to allow outbound connections manually (per profile).

    Try this:
    1. WIN+R -> WF.msc
    check Domain, Private & Public if Windows Defender Firewall is on. If PWin10 is set to disable the firewall but one of the profiles WF is set to on it will cause the error your describing.
    If connection is blocked: WF.msc -> Windows Defender Firewall Properties -> Domain Profile -> outbound connections: Allow (if it's set to block). Do the same for Private Profile and public profile.
    Then you can try starting Private Win10 again. The app will revert settings back to blacklisting mode. It worked for me but you may have other issue I don't know.

    AND/OR

    2. Keep install priv10 service un-checked
    Unfortunately this service instantly crashes for me but I'm sure the developers know about this.

    Xanatos: Found a rare bug which is not PWin10's fault but causes it to instantly crash with NullReferenceException:

    Path:
    Code:
    C:\Windows\System32\LogFiles\WMI\RtBackup
    Files affected:
    Code:
    EtwRTpriv10_NameResLogger.etl
    EtwRTpriv10_ProcLogger.etl
    EtwRTpriv10_TcpipLogger.etl
    Kernel-EventTracing:
    Code:
    Session "priv10_NameResLogger" failed to start with the following error: 0xC0000035
    
    Session "priv10_TcpipLogger" failed to start with the following error: 0xC0000035
    
    Session "priv10_ProcLogger" failed to start with the following error: 0xC0000035
    These are 0 kb files.

    ok IF the .etl-files are opened in another process/service but are not released then it will deny access to the file.

    IF denied access:
    Code:
    Application: PrivateWin10.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.NullReferenceException
       at ServiceHelper.GetServiceImagePath(System.String)
       at ServiceHelper+ServiceInfo..ctor(System.ServiceProcess.ServiceController)
       at ServiceHelper.RefreshServices()
       at ServiceHelper.GetServicesByPID(Int32)
       at PrivateWin10.Priv10Engine.OnFirewallEvent(PrivateWin10.FirewallEvent, AdapterInfo)
       at PrivateWin10.Priv10Engine+<>c__DisplayClass19_0.<Run>b__5()
       at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
       at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
       at System.Windows.Threading.DispatcherOperation.InvokeImpl()
       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
       at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
       at System.Windows.Threading.DispatcherOperation.Invoke()
       at System.Windows.Threading.Dispatcher.ProcessQueue()
       at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
       at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
       at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
       at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
       at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
       at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
       at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
       at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
       at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
       at PrivateWin10.Priv10Engine.Run()
       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
       at System.Threading.ThreadHelper.ThreadStart()
    my 2 cents - How I discovered it: Was doing a rootkit-scan which opened the files but the application crashed doing the scan - mid-scan and did not release all handles etc in mem which temporarily corrupts the files that PWin10 tried to access (delete-on-startup)?

    Fix: Simple reboot solved the issue.

    Maybe check the access to those files before proceeding?
    This is just my understanding of how it crashes I haven't looked at the source code only Event Viewer, dumps and file logs. Like I said this is a rare bug and is unlikely to happen often.

    Btw for Private Win10 users who hates telemetry and have a NVIDIA GPU;
    Open PWin10 -> NvBackend.exe -> Dns Inspector -> Try not to puke :)
     
  15. SeanBird

    SeanBird Registered Member

    Joined:
    May 19, 2020
    Posts:
    2
    Location:
    France
    Hi DavidXanatos,

    Looking for an opensource tools to protect my privacy on windows 10, I found your software very useful and efficient . Thank you very much for this wonderful application.

    I've installed lastest version (0.75b) and tested it on virtual machine (fresh install of windows 10). All is working fine, except that the default blocklists with https url cannot be downloaded (download error msg with entry counter at Note the default two blocklist with http url are working fine (entry counter not null).
    When I try other http url (lists.blocklist.de/lists/all.txt), it's updating fine, but if I used https url (WindowsSpyBlocker github raw source), it cannot update.

    I'm searching on internet about this issue without success, so I decided to post my questions here:
    - Is there something to do to allow https url on blocklist ? (note the firewall rules for process PrivateWin10.exe is full open for in & out)
    - Which kind of content can be imported (domain list, ip list, ip range, with asterisk, ...) ?
    - Which format is supported (txt, zip, gz, ...)
    - Can we also import local file instead of url ?

    Thanks in advance for your (David and the Commuity) help.

    Kinds Regards
     
  16. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    402
    Location:
    Viena
    @Zonal
    it seams to have issues communicating with the service component, not sure why this happens to some people, but working on that.

    @FibonacciMozart
    thanks

    @SeanBird
    https should work i wil test it and if it doe snot fix it.

    The format supports domain lists with *

    raw ip list/range is not supported I could add that if there is enough demand, I don't believe it to be very useful though as nowadays a lot of stuff goes through aws, azure and or clowd flare and alike so the used ip's can change easily and the proper attack point is the DNS system.

    Currently only unpacked downloads are supported.

    I'll add an option to load local files to the next build.



    I'm sorry that in the recent weeks priv10 did not get much attention from me, to much work with other projects but I'm working on it though slowly.

    The next bid thing to come up in the next build will be access groups, that is instead of setting a item to be allowed/blocked/etc... you will be able to set the item's network access to mirror the one of a access group.
    So you can define a "Misc Updaters" group and than by toggling the groupes access allow/deny it for many apps at once.
    Or a group for all the office tools, or for visual studio have it blocked normally unless you need to install some nuget package.
    etc...
     
  17. FibonacciMozart

    FibonacciMozart Registered Member

    Joined:
    Mar 13, 2020
    Posts:
    5
    Location:
    Norway
    I agree. I caught my DNS leaking to ISP via DNS Client (dnscache) using Mullvad VPN. It was impossible to detect via online DNS leak "checks".
    Later I found out the leak was because of "smart multi-homed name resolution":

    Source

    Once disabled it stopped leaking. Just a heads-up to VPN users out there - check your ISP's routers DNS configuration.

    PWin10 is a great tool to detect and completely block any unwanted connections. It's hard to configure but once you get it going it's the best firewall out there. It's running very stable now with every tweak enabled & a bunch of custom rules. Low CPU usage but most importantly: stable over time. Suitable for blocking M$ telemetry, blocking NVIDIA telemetry, block windows update connections, anti-malware/forensics, checking for leaks, can be used in virtual machines, a place to store and view your network logs, viewing mozilla/chrome connections etc. I'm a former comodo user so I'm happy the hours spent configurating this firewall paid off in the end :) Highly recommend it.

    Patiently waiting for new updates :thumb:
     
  18. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    181
    There's a lot going on in this application and it looks very interesting. However, one thing that breaks it for me is the Notifications window staying on top and being unmovable when an item is selected to create a rule. Can this be fixed?

    To reproduce:

    1. When a notification is received select one of the items in the list.
    2. The rule window opens behind the notifications window and cannot be accessed, the notifications window also cannot be moved or closed.

    Another question. Is there a simple way to disable all allow rules and have anything that wants to connect prompt?
     
  19. SeanBird

    SeanBird Registered Member

    Joined:
    May 19, 2020
    Posts:
    2
    Location:
    France
    Hi,

    a) BLOCKLIST...
    HTTPS url is working fine on W10 2004. Note that blocklist site hosts-file.net no more exist since april 2020 => you can remove/replace it in your next release

    b) BLACKLIST / WHITELIST...
    Using "regexp" button is not working. When I enter item "*.google.com", i can view it in the list but if I change to other view and go back to the list, the item is no more present. It seems not to be display issue as I can retype item without your info msg "the entered domain is already listed"
    In addition, it seems full regexp is not supported (for example "[a-z,0-9]*.google.com" is not accepted) ?

    c) RULES...
    Do you think it is possible to improve the application to accept single line comma separed IPs (with cidr support) into rules, like some other firewall products accept. The application takes the comma separated list of IPs and split it to entries in the rule's source/remote address list. This will help users to add in onetime list of Microsoft public ip space into the svchost rules for example

    d) SVCHOST.EXE rules...
    As you probably know, since W8.1, it is no more possible to set rules on services based on svchost.exe. MS has probably decided that telemetry is more important than security. To allow windows update working, you need to leave outbound opened (default Microsoft firewall config) or if you want to block outbound, open svchost.exe process for all app/services, as the firewall is no more able to set rules on kernel services (by design - not a bug). As spyware/malware can use svchost.exe, it is not a secure solution.
    A workaround consists on setting microsoft public ip list into the rules (windows update servers ip list).

    Do you think it is possible (in the current/next release of Private W10) to create a whitelist (for example containing microsoft update domain name) and associate it to the svchost.exe process rules ? This will be a better solution as it will not depend of ip which could change.

    Please, continue your good work ;-)
     
  20. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    402
    Location:
    Viena
    @SeanBird

    a) ok

    b) I will check out the reg exp issue.

    ad c) that should only be a mater of parsing the ip entry text field automatically into multple entries so yea taht should be possible to add with a reasonable afford.

    d) well yes and no, managing services by service tag as far as I can tell is working when the socket is properly tagged with the service ID, unfortunately some services use a pooled request mechanism that doesn't tag the outbound socket, so yea that might have been intentional and it breaks the point of tagging sockets with service id's in the first place.

    I will think about how to better handle the svchost problematic but you may also want to download apps so more servers needed and maintaining those white lists is also work.

    My sledgehammer idea is to copy scvhost many many times for each service have one copy containing its name in the file name and change the registry to use the individualized svchost.exe's but that's super hacky and dirty.
    I think though may be doing that only for selected services would be a good compromise, i.e. everythign that has to access the internet gets an own copy of svcWUAUhost.exe and alike...
    and all the services that don't stay in a locked down svchost.exe

    Cheers
    David X.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.