Private Winten - Open Source Windows 10 privacy tool with built in Firewall

Discussion in 'other firewalls' started by DavidXanatos, Dec 23, 2018.

  1. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
  2. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    475
    Location:
    Germany
    Already much better.
    32/ Disable autoresize for GROUP
    33/ Disable autoresize for PROGRAM
    34/ Bug: Double click anywhere on the scroll bar to open the Firewall rule window.
    4.png
     
  3. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
    hmpf... I'll just disable all autosize for all columns
     
  4. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    475
    Location:
    Germany
    Yes, it will be right.
    And the old problem remained unsolved - taskbar overloap when the PWT window opens for the first time
    111.gif
    35/ How about add sound alerts? Use alert.wav, which the user can change at his discretion with the same name.
     
    Last edited: Jan 7, 2019
  5. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
    I see the 10/ issue but i'm not sure why it happens, the program saves and restores an the position/size as prvided by the window object, i dont know if measuring the error and adding a fixed offset woudl work for everyone may depand on DPI, scaling, etc... so for now it will stay as it is.

    35/ sound alerts optionally sounds good :D
     
  6. markthesnake

    markthesnake Registered Member

    Joined:
    Jan 15, 2019
    Posts:
    1
    Location:
    Italy
    Hello everyone, sorry for my bad english, I was trying this interesting program but I have two problems:
    1) When I want to delete a rule, with the Remove button, the program crashes and closes.
    If I try to restart it from command promp, report this:

    D:\PrivateWin10_v0.1g>privatewin10

    D:\PrivateWin10_v0.1g>Starting...
    Trying to connect to Engine...
    Preparing GUI...
    Your copy of this application is not activated

    Eccezione non gestita: System.InvalidOperationException: La sequenza non contiene elementi
    in System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
    in PrivateWin10.Program.GetIcon()
    in PrivateWin10.Controls.ProgramControl.DoUpdate()
    in PrivateWin10.Controls.ProgramControl..ctor(Program prog, CategoryModel Categories)
    in PrivateWin10.Pages.FirewallPage.AddProgramItem(Program prog)
    in PrivateWin10.Pages.FirewallPage.UpdateProgramList()
    in PrivateWin10.MainWindow.SwitchPage(String name)
    in PrivateWin10.MainWindow..ctor()
    in PrivateWin10.App.Main(String[] args)

    Only after restarting the computer resume operation regularly.
    2) The screen on the right remains blank. In your photos I see that something should be written.
    https://i.postimg.cc/hzrWg6C1/1.jpg
    https://i.postimg.cc/hzrWg6C1/1.jpg
    Computer with Windows 10 Home in Italian language
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,420
    Location:
    U.S.A. (South)
    Guess this can't work efficiently on an 8.1 Windows system. Looks pretty spiffy. Or is it compatible after all?

    Sorry got in late on this thread but the curiosity was attractive.
     
  8. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
    I have only tested it on win 7 and 10 but i see no reason why it should not work on win 8.1
     
  9. Claire Louise Reed

    Claire Louise Reed Registered Member

    Joined:
    Apr 26, 2016
    Posts:
    4
    Lots of English spelling mistakes also, and freezes on the firewall portion Windows 10 1809
     
  10. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
    Small bug fix release: https://github.com/DavidXanatos/priv10/releases/tag/0.1h


    ## [0.1h] - 2019-05-01

    ### Added
    - Compatybility with windows 8.1 and server 2012
    - first seen date for programs

    ### Fixed
    - diagtrackrunner.exe and AeLookupSvc tweak are not longer offered to win10 users as on win 10 thay are not present
    - crash when adding new category



    And here my todo for the 0.2
    ### ToDo's
    - add tweak restore mechanism
    - make overview page usefull
    - show a list of newly added programs to firewall
    - show recently blocked
    - show firewall status on/off/block
    - list of undone tweaks
    - add prozess sniper feature (auto terminate selected prozesses)
    - when cleaning up also remove obsolete rules
     
  11. boldrake

    boldrake Registered Member

    Joined:
    Apr 18, 2016
    Posts:
    12
    congratulations for good work, I await developments. :thumb:
     
  12. Astor0912

    Astor0912 Registered Member

    Joined:
    Jul 26, 2019
    Posts:
    2
    Location:
    Taiwan
    On my laptop it won't allow to re-enable searchui.exe and the other search functions on. It messed up my machine a bit.
     
  13. Astor0912

    Astor0912 Registered Member

    Joined:
    Jul 26, 2019
    Posts:
    2
    Location:
    Taiwan
    Also other functions can be enabled but not disabled. "Disable application experience" is another case where i can't undo the settings.
     
  14. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
    It seams that the restoring of file permissions does not work properly, I will take a look into that when i have some time.

    Currently I'm very busy with an other project:
    https://www.wilderssecurity.com/threads/task-explorer-a-new-powerfull-task-manager.417763/

    So I don't have much time for privatewin10 right now, but don't worry TaskExplorer is close to a 1.0 release with all panned features completed. So in a month or so I will have again time for improving privacy on windows 10.

    While working on TaskExplorer I have also collected a few great improvement ideas for the firewall side of things.

    Cheers
    David X.
     
  15. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    110
    Hello, how do you completely uninstall from the system? Thank you very much. Best regards.


    I wanted to remove it with FRST (attached log) but it was not removed.

    Code:
    priv10 => service removed successfully
    [380] C:\Users\1001001\Downloads\PrivateWin10.exe => process closed successfully.
    
     
    Last edited: Aug 31, 2019
  16. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
    you start the app ad admin, go to the settings unselect the service option, set firewall auditing to none and firewal mode to blacklist mode.
     
  17. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
  18. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
    I know its a log time since the last update but I had to finish TaskExplorer first plus I decided to rework PrivateWin10's engine completely so that also takes some time, but work is progressing good so don't wory.
     
  19. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
    Why PrivateWin10 development stalled for so long and what’s coming. I know lots of people are waiting on a new Priv10 release, and don’t worry one is in the workings. But since so many months have passed since the last release I feel like some explanation is in order.


    First the obvious one TaskExplorer (https://github.com/DavidXanatos/TaskExplorer) this project took a lot of my spare time away from other projects, but for me it had priority.


    Now to the more Priv10 related reasons for the long delay; windows firewall is a huge pain to deal with as it’s not intended to be used the way Windows Firewall Control applications are trying to use it. Hence the logging of failed connection attempts is very poorly implemented, in practice it is done through enabling an auditing policy and then capturing event log entries as they are being created. There is an API to do this more strait forward, but it provides even less information’s and no ProcessID. So, to do this as close to properly as possible I had to reimplement the mechanism Priv10 was using and implement a few mechanisms to deal with the lack of information in the log entries. For example, Windows is providing only the path and the PID of the process that caused an event to be logged. But does not log the service name or Container SID of the Modern App if the process runs as such.

    Resolving the service name can be done by querying the Service Manager which gives the PID of every service running however as multiple services can share one and the same instance of svchost.exe its not possible to tell at this point which of the hand full of services caused the event.

    For more recent windows 10 versions this is not as problematic as here Microsoft chose to mostly use one svchost.exe instance per service hence in many cases the service name can be resolved reliably. Older Windows 10 builds as well as 7 and 8 here are not as nice and there you can have more than dozen services sharing one process. Hence workarounds were in order.

    One is a great new feature, the build to come of priv10, in addition to show logged connection attempts will also show a full list of all open sockets per process, including data rates per socket.

    This data source can be queried to give information to which service an open socket belongs to, i.e. for allowed sockets we will be able to associate logged events with the service even on older versions of windows. Now this method fails for blocked connections as they are not seen in the list of open sockets and it fails for sockets closed very quickly, that is before they can be enumerated. To solve this issue priv10 will try to match the log entry with existing rules for the list of services that is hosted by the offending svchost.exe instance. This can result in a unique match or not. So, when there is no way to deduce which service it was the event is attributed to an entry svchost.exe without a service tag set. And when showing a notification window, the user will be presented with a drop-down list of services and will have to pick one manually. One can of cause manually make a blanked rule granting svchost.exe full access to the network though.

    The other issue are App containers, there is it seems no strait forward documented way to retrieve the Container SID given a ProcessID, there are calls to kernel32.dll that will give you the AppPackage Name by PID but this will only relay to if the executable was installed as a ModernApp it will not tell you if the running process is contained in a AppContainer or is running as a normal win32 application. If the latter is the case Windows Firewall rules set to apply to a specific ModernApp will be ineffective as they strictly speaking apply only to app containers. The proper solution for this issue is to query the processes Access Token and from it one can query the Container SID as which the process is running. I discovered this method only while working on TaskExplorer.

    As of today, to my knowledge there is no other Windows Firewall Control tools out there that would properly handle AppContainer’s.


    So, as you see it was all a big mess and a more advanced tool for Controlling Windows Firewall must properly resolve this mess such that things displayed in the UI are consistent, the user does not have to handle redundant entries, etc….


    Another new feature that I always wanted but before having advanced far enough with TaskExplorer did not know how to do without very invasive approaches like DLL-injection and API-call Hooking, is the proper resolution of remote domain names. What I mean with “proper” is that we want to see the domain name requested by the process for which it than opened a socket, and NOT just a reverse DNS lookup result for the remote IP. As in the age of CDN’s (like CloudFlare, BlazingFast and others) these reverse DNS entries have become mostly useless. By monitoring the windows DNS Cache entries, we can quite reliably detect which remote domain a socket really wanted to connect to and display this information to the user. Resulting in yet another cool feature a per application log of all domain names the application tried to access.


    So that’s roughly what is coming in the soon to be released version of PrivateWin10, plus a lot of bugfixes.
     
  20. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
    A preview of the next build with socket list and new ribbon tool bar

    Unbenannt.png
     
  21. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    284
    Windows 7? :(
     
  22. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    319
    Location:
    Viena
    Whats with windows 7?

    if you are trying to ask if PrivateWin10 will still support windows 7, than the answer is yes it will.
     
  23. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    284
    Yes, thank you.
     
  24. boldrake

    boldrake Registered Member

    Joined:
    Apr 18, 2016
    Posts:
    12
    :thumb:
     
  25. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    48
    Location:
    Tashkent, Uzbekistan
    "Fitler Connections" on right-bottom.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.