Privatefirewall updated

I agree This FW rocks!!!

 

A lot of them have no business having internet access because it's dangerous.

I just installed PF 7.0.22.6 and had disabled 99.9% (all incoming) rules to better secure myself because they are enabled by default. The alerts work as they should.

 

Yes, I agree! Give version 7.0.22.6 a try, it's working like a charm.

 

Every tech forum I go to now, this firewall is going up in peoples estimation...I think its going to become a leader in the top choices soon.

 

Yes, it works like a charm & I like export. I ditched OA for blocking Chrome. I am glad to see, that PF has become a perfect firewall in the meantime.

 

I don't get out much to other forums but that's good to hear

 

yes, I have even convinced some friends to use it, and they like it, maybe not average users but I never heard a complain about it, its very good code.

 

I haven't tried this one yet. Does the process monitor allow you actually kill a process if by chance you allowed something that you did not want to allow?

Al

 

I have been very pleased with this product since replacing Online Armor Premium with it a few weeks ago.

Beyond the product itself, the customer service is exceptional (to say the least).

 

No it doesn't.

http://i771.photobucket.com/albums/xx356/bridezilla924/PF.jpg

 

I agree. The first thing I did after installing it was email them with praise.

 

If you are talking about killing a running process -- no, PFW won't kill a running process. To do the killing, I suggest Process Hacker -- it can terminate a process when all else fails. PH is open source/free.

 

I'm testing PF and so far it's been a good experience, except for a little nuisance. How can I hide the incoming connections that show up in Firewall Log even after a torrent client is closed? I know they are being blocked by PF, but is there an option to hide them?

Thanks.

 

Afraid not. Once the application is closed they are just blocked incoming connections. You'd have to have an option not to log blocked incoming connections.

 

I apologize for this question

The Application Rules Window has 2 checkboxes on the right side
(next to Action).
What is the meaning of those two symbols?

 

You mean the H & L columns, right?



H = High. High stands for untrusted networks (The Internet and LAN networks you are connected to but don't want to share with)

L = Low. Low stands for trusted networks (That is of course your Home, work or any other LAN you are connected and want to share with).

In other words, H & L alongside a rule determine WHICH connections that particular rule will be applied to.

+ If ONLY H is checked, then the rule will only be applied to connections between your computer and UNtrusted networks. The rule will NOT be applied to trusted networks. In all likelihood, H-only rules will be rules that "Deny".

+If ONLY L is checked, then the rule will only be applied to connections between your computer and TRUSTED networks. The rule will NOT be applied to UNtrusted networks. In all likelihood, L-only rules will be rules that "Allow".


+If BOTH H & L are checked then the rule applies to ALL connections.
~~~~~~~~~~~~~~~~~~~~~~~~~

As examples - - -

+The incoming rule for my FTP client, which I use to process data between my computer and the servers for my websites, ONLY allows such input from trusted sources.



+ On the other hand, the 2 in/out rules for my email client allow anything & everything. In this case, the filtering of nasty stuff is done by email filters on my servers, and NOT by my firewall. Therefore, anything that reaches the email client is "permitted" by these rules.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I don't have an example of a rule that applies to H only. I hope someone will add such an example for my own edification. Or add examples that are better or clearer than the ones I have shown.

 

Thank you very much for that detailed explanation
Only the letter L is readable here, the H is mutilated (the second vertical bar is missing).
So I could actually not figure out what it stands for and the manual is of no help here.

I installed Privatefirewall to an older XP machine (Pentium 2800) and it runs very smooth.
As I never have used Privatefirewall before, I am still in a learning process, and your explanation is very helpful

My other machine is todays standard and uses OnlineArmor Premium, but I might well switch.

 

Considering it is a FW/HIPS it doesn't make sense not to be able to kill a process.
I like this application (I've just found it out, been reading about it and I like it) but there are some fundamental flaws.

Regards,
Jose.

 

@Bellgamin

Thanks, good info to learn from. I have one question.

The FTP rule you showed with the (L) is this linked to trusted publishers?

The ones you are filtering that has no allow or deny what do you suggest (H) or (L) or both?

I asked about the FW log and this was their response:

Upon restart, yes, Privatefirewall purges the firewall log history. However, through Privatefirewall Advanced Reports (View -> Advanced Reports), you can review the activity recorded in previous sessions. All events listed are indeed blocked with the exception of Processes Detected which will display both blocked and allowed detected processes.

Also, just a little FYI on compatible softwares with PF. I had Emsisoft Anti-Malware installed when I installed PF and they collided bad cuz of the hips. I forgot EAM had hips. You could disable the hips and it will work. I uninstalled it and put Kaspersky Antivirus 2011 on and it runs so much better and I didn't have to disble anything like I thought I would.



@Jose Lisbon

I agree. Maybe you can submit a ticket and ask for that. Their support is excellent. I have submitted two tickets in the last two days and I heard back in the matter of hours.

 

PFW will terminate a process when it first alerts you to that process.

However, if you then Allow the process to run, and later change your mind, then you need to use other means to terminate that process. As far as my memory serves, that's also the case for other FWs. However, if someone has contrary information based on actual usage of an actual FW, I stand ready to be re-educated.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you tell a firewall to allow a process, & change your mind, then you can *ordinarily* use Windows Task Manager or Process Explorer to terminate it.

HOWEVER, if that process turns out to be malware, then it will probably dig itself in very quickly, such that ordinary killer apps or task managers may not be able to kill it. Malware can be VERY resistant to termination. In such cases, you need to use Process Hacker (PH) to kill it. I keep PH installed for just that reason. Unlike any other application that I know of, PH has SEVERAL very powerful kill routines. You can use them one at a time, or ALL at once (Nuke 'em!).

 

I believe Comodo's FW/Hips has something where you can delete the process but ....... at that point it's usually too late from the malware point of view. I think using this software with a good AV will prevent most infections.

Ice

 

The only thing thats needed now is to change the ugly task bar icon

 

Hi bellgamin.
I think (I may be wrong) that if you block a malware from a Privatefirewall alert it will stay in Ram (as with Comodo and OA)
The difference is that with Comodo and OA (I know both well) you can use the program ("active process list" in Comodo and "programs" in OA) to kill the application.

If you click allow to a malware (with Comodo and OA, and I'm speaking from my own experience) even if you check "remember my answer" you still have further alerts, probably red colored because the further actions are very suspicious.
Only if you click "trust this program" it will have full privileges.

Regards,
Jose.

 

Please be nice to Casey the Cop. In person he is actually quite handsome.

 

i still have to know him in person yet