Private Winten - Open Source Windows 10 privacy tool with built in Firewall

ups, fixed: https://github.com/DavidXanatos/priv10/releases/download/0.1g/PrivateWin10_v0.1g.zip

 

Already much better.
32/ Disable autoresize for GROUP
33/ Disable autoresize for PROGRAM
34/ Bug: Double click anywhere on the scroll bar to open the Firewall rule window.

 

hmpf... I'll just disable all autosize for all columns

 

Yes, it will be right.
And the old problem remained unsolved - taskbar overloap when the PWT window opens for the first time

35/ How about add sound alerts? Use alert.wav, which the user can change at his discretion with the same name.

 

I see the 10/ issue but i'm not sure why it happens, the program saves and restores an the position/size as prvided by the window object, i dont know if measuring the error and adding a fixed offset woudl work for everyone may depand on DPI, scaling, etc... so for now it will stay as it is.

35/ sound alerts optionally sounds good

 

Hello everyone, sorry for my bad english, I was trying this interesting program but I have two problems:
1) When I want to delete a rule, with the Remove button, the program crashes and closes.
If I try to restart it from command promp, report this:

D:\PrivateWin10_v0.1g>privatewin10

D:\PrivateWin10_v0.1g>Starting...
Trying to connect to Engine...
Preparing GUI...
Your copy of this application is not activated

Eccezione non gestita: System.InvalidOperationException: La sequenza non contiene elementi
in System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
in PrivateWin10.Program.GetIcon()
in PrivateWin10.Controls.ProgramControl.DoUpdate()
in PrivateWin10.Controls.ProgramControl..ctor(Program prog, CategoryModel Categories)
in PrivateWin10.Pages.FirewallPage.AddProgramItem(Program prog)
in PrivateWin10.Pages.FirewallPage.UpdateProgramList()
in PrivateWin10.MainWindow.SwitchPage(String name)
in PrivateWin10.MainWindow..ctor()
in PrivateWin10.App.Main(String[] args)

Only after restarting the computer resume operation regularly.
2) The screen on the right remains blank. In your photos I see that something should be written.
https://i.postimg.cc/hzrWg6C1/1.jpg
https://i.postimg.cc/hzrWg6C1/1.jpg
Computer with Windows 10 Home in Italian language

 

Guess this can't work efficiently on an 8.1 Windows system. Looks pretty spiffy. Or is it compatible after all?

Sorry got in late on this thread but the curiosity was attractive.

 

I have only tested it on win 7 and 10 but i see no reason why it should not work on win 8.1

 

Lots of English spelling mistakes also, and freezes on the firewall portion Windows 10 1809

 

Small bug fix release: https://github.com/DavidXanatos/priv10/releases/tag/0.1h


## [0.1h] - 2019-05-01

### Added
- Compatybility with windows 8.1 and server 2012
- first seen date for programs

### Fixed
- diagtrackrunner.exe and AeLookupSvc tweak are not longer offered to win10 users as on win 10 thay are not present
- crash when adding new category



And here my todo for the 0.2
### ToDo's
- add tweak restore mechanism
- make overview page usefull
- show a list of newly added programs to firewall
- show recently blocked
- show firewall status on/off/block
- list of undone tweaks
- add prozess sniper feature (auto terminate selected prozesses)
- when cleaning up also remove obsolete rules

 

congratulations for good work, I await developments.

 

On my laptop it won't allow to re-enable searchui.exe and the other search functions on. It messed up my machine a bit.

 

Also other functions can be enabled but not disabled. "Disable application experience" is another case where i can't undo the settings.

 

It seams that the restoring of file permissions does not work properly, I will take a look into that when i have some time.

Currently I'm very busy with an other project:
https://www.wilderssecurity.com/threads/task-explorer-a-new-powerfull-task-manager.417763/

So I don't have much time for privatewin10 right now, but don't worry TaskExplorer is close to a 1.0 release with all panned features completed. So in a month or so I will have again time for improving privacy on windows 10.

While working on TaskExplorer I have also collected a few great improvement ideas for the firewall side of things.

Cheers
David X.

 

Hello, how do you completely uninstall from the system? Thank you very much. Best regards.


I wanted to remove it with FRST (attached log) but it was not removed.

Code:

priv10 => service removed successfully
[380] C:\Users\1001001\Downloads\PrivateWin10.exe => process closed successfully.

 

you start the app ad admin, go to the settings unselect the service option, set firewall auditing to none and firewal mode to blacklist mode.

 

I'm currently re working the entire PrivateWin10 codebase and wanted to inquire how do you like the current UI concept?
And or what would you think about a more classical UI like in my other project task explorer: https://www.wilderssecurity.com/threads/task-explorer-a-new-powerfull-task-manager.417763/page-2
?
I would appropriate any feedback very much.

Cheers
David X.

 

I know its a log time since the last update but I had to finish TaskExplorer first plus I decided to rework PrivateWin10's engine completely so that also takes some time, but work is progressing good so don't wory.

 

Why PrivateWin10 development stalled for so long and what’s coming. I know lots of people are waiting on a new Priv10 release, and don’t worry one is in the workings. But since so many months have passed since the last release I feel like some explanation is in order.


First the obvious one TaskExplorer (https://github.com/DavidXanatos/TaskExplorer) this project took a lot of my spare time away from other projects, but for me it had priority.


Now to the more Priv10 related reasons for the long delay; windows firewall is a huge pain to deal with as it’s not intended to be used the way Windows Firewall Control applications are trying to use it. Hence the logging of failed connection attempts is very poorly implemented, in practice it is done through enabling an auditing policy and then capturing event log entries as they are being created. There is an API to do this more strait forward, but it provides even less information’s and no ProcessID. So, to do this as close to properly as possible I had to reimplement the mechanism Priv10 was using and implement a few mechanisms to deal with the lack of information in the log entries. For example, Windows is providing only the path and the PID of the process that caused an event to be logged. But does not log the service name or Container SID of the Modern App if the process runs as such.

Resolving the service name can be done by querying the Service Manager which gives the PID of every service running however as multiple services can share one and the same instance of svchost.exe its not possible to tell at this point which of the hand full of services caused the event.

For more recent windows 10 versions this is not as problematic as here Microsoft chose to mostly use one svchost.exe instance per service hence in many cases the service name can be resolved reliably. Older Windows 10 builds as well as 7 and 8 here are not as nice and there you can have more than dozen services sharing one process. Hence workarounds were in order.

One is a great new feature, the build to come of priv10, in addition to show logged connection attempts will also show a full list of all open sockets per process, including data rates per socket.

This data source can be queried to give information to which service an open socket belongs to, i.e. for allowed sockets we will be able to associate logged events with the service even on older versions of windows. Now this method fails for blocked connections as they are not seen in the list of open sockets and it fails for sockets closed very quickly, that is before they can be enumerated. To solve this issue priv10 will try to match the log entry with existing rules for the list of services that is hosted by the offending svchost.exe instance. This can result in a unique match or not. So, when there is no way to deduce which service it was the event is attributed to an entry svchost.exe without a service tag set. And when showing a notification window, the user will be presented with a drop-down list of services and will have to pick one manually. One can of cause manually make a blanked rule granting svchost.exe full access to the network though.

The other issue are App containers, there is it seems no strait forward documented way to retrieve the Container SID given a ProcessID, there are calls to kernel32.dll that will give you the AppPackage Name by PID but this will only relay to if the executable was installed as a ModernApp it will not tell you if the running process is contained in a AppContainer or is running as a normal win32 application. If the latter is the case Windows Firewall rules set to apply to a specific ModernApp will be ineffective as they strictly speaking apply only to app containers. The proper solution for this issue is to query the processes Access Token and from it one can query the Container SID as which the process is running. I discovered this method only while working on TaskExplorer.

As of today, to my knowledge there is no other Windows Firewall Control tools out there that would properly handle AppContainer’s.


So, as you see it was all a big mess and a more advanced tool for Controlling Windows Firewall must properly resolve this mess such that things displayed in the UI are consistent, the user does not have to handle redundant entries, etc….


Another new feature that I always wanted but before having advanced far enough with TaskExplorer did not know how to do without very invasive approaches like DLL-injection and API-call Hooking, is the proper resolution of remote domain names. What I mean with “proper” is that we want to see the domain name requested by the process for which it than opened a socket, and NOT just a reverse DNS lookup result for the remote IP. As in the age of CDN’s (like CloudFlare, BlazingFast and others) these reverse DNS entries have become mostly useless. By monitoring the windows DNS Cache entries, we can quite reliably detect which remote domain a socket really wanted to connect to and display this information to the user. Resulting in yet another cool feature a per application log of all domain names the application tried to access.


So that’s roughly what is coming in the soon to be released version of PrivateWin10, plus a lot of bugfixes.

 

A preview of the next build with socket list and new ribbon tool bar

 

Windows 7?

 

Whats with windows 7?

if you are trying to ask if PrivateWin10 will still support windows 7, than the answer is yes it will.

 

Yes, thank you.

 

"Fitler Connections" on right-bottom.