PrivateFirewall V7.0.28.1 Released Today

Discussion in 'other firewalls' started by kdcdq, Jun 1, 2012.

Thread Status:
Not open for further replies.
  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,394
    Location:
    U.S.A.
    You have everything set up properly in the Network Security section? Like all your LAN IP addresses defined as trusted?

    Also check your firewall log plus Advanced Reports, All traffic blocked section, for all blocked activity. This info will helo you diagnose where problems may exist.
     
    Last edited: Jun 12, 2012
  2. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps

    Why on earth don't you raise a support ticket and get a definitive answer? You risk looking like a paranoid bull in a china shop!

    PFW support are very informative and quite quick, especially for a free product. Far better than Comodo. I have uninstalled CIS several times because it just creates unnecessary alerts which can really only be correctly answered by highly experienced people.

    Wmpnetwk.exe is a trusted process by a trusted vendor, hence it might not show for that reason, but best to ask the developer!
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,394
    Location:
    U.S.A.
    I have an issue with this latest release and wonder if anyone else has noticed this.

    When I boot into WIN 7 x64 SP1, it appears the PF is starting up right away. However if I mouse over the traffic cop icon on the bottom desktop toobar, I see a display the PF is "loading." This can last up to a minute or so.

    During the "loading" phase if I go into WIN 7 Action Center and click on security, no firewall is shown. Worse neither is Norton AV 2012 although it does show as active on my bottom desktop toolbar. I also see occasional WIN 7 event log entries showing blocked events from the WIN 7 firewall during the PF loading phase that indicates to me that the WIN 7 firewall is active during this time.

    Finally, during this "PF" loading phase, my PC is pretty much locked up.

    Once this PF "loading phase" completes, everything is normal. WIN 7 Action Center shows PF is on and WIN 7 firewall is off.

    I have also tried all the usual software conflict resolutions such as turning off Norton AV boot scanner and adding PF folder as an exclusion to Sonar scanning, etc. to no avail.

    I did not notice this "loading" behavior on the early version of PF 7 I used six or so month ago. Is this normal behavior for these latter versions?
     
  4. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    comodo is one of the lightest suites out there.when ive used it ,it has never been heavy.after the initial install it is fairly heavy but then this goes down and stays down.:argh:
     
  5. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps
    I have exactly the same experience as itman, CIS slows down significantly over a few weeks / months. Exactly the same issue with KIS. Uninstalled both and am currently trying PFW again.

    PFW works very well, but I can't yet figure out how long the training period is for indivual processes when they pop up and I select train on them. Some are still showing green and allowing 30 processes after more than a week, despite the overall training period being long over.

    Apart from that, and a potential issue with OpenDNScrypt on Skype calls, it is excellent.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,394
    Location:
    U.S.A.
    If you run PF in Standard mode, your should get few to no popups after the initial installation. This is because PF will auto generate all necessary application and process rules for any application that has a Trusted Publisher certificate.

    Plus if you leave the Process Detection setting in it's default which is "off", you won't get any Process Detection alerts for signed applications either since PF won't be adding any new processes to monitor other than those already create during the initial installation training period.

    BTW - the key to getting a trouble free PF install is immediately after it is installed, open and close all your applications on your PC. That way PF will auto create all the rules for them during the initial installation training period.
     
  7. Vilmalith

    Vilmalith Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    68

    PFW is auto adding my network when I check sites I see it there. There is nothing showing up in the firewall logs. I have no idea what's going on, comodo fw and online armor don't have any issues. PFW on one machine will cause the machine to lock up if you launch any game. On another machine that doesn't happen, but the machine will lock up if you download anything. Nothing is showing up in the firewall logs on any machines. None of the machines are running any kind of AV right now, just PFW. And they are all having various problems, but none are having the same problem anymore.
     
  8. Vilmalith

    Vilmalith Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    68
    Process detection in the settings menu is off by default. Process Monitor in the main menu is medium by default. Not sure what the difference is.
     
  9. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps
    That's helpful, thanks.

    Can process detection be set to high in the left hand slider panel whilst leaving the default process detection within the settings menus as "off"?

    If so, what is the effect, because this sounds to be potentially contradictory??

    I guess I am not understanding the difference between HIPS as per the standard install of PFW versus more advanced settings, and whether something like stux or flame would be detected in PFW on standard settings or not?

    If you can especially answer my first question that would be appreciated, thanks.
     
  10. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    Ive actually tried privatefirewall myself but as most people seem to use the shields up site and have faith in it i tested PFW there and it failed to stealth the ports.
    This is why i uninstalled it.:isay:
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,394
    Location:
    U.S.A.
    PF will auto add as trusted your network IP address that was assigned as a result of DHCP activity between your router and your PC. On a normal wired ethernet router, it will allocate(usually) the first IP address in the range allowed for your router.

    On my router, my assigned IP range is 192.168.1.1 - 192.168.1.253. My gateway adddress is 192.168.1.254 and 192.168.1.255 is reserved for broadcasting on your LAN. My router using DHCP IPv4 ports 67-68 will always assign my PC an address of 192.168.1.1 - the first available address in the allowable address range for my router.

    If this is what your are seeing, it is normal LAN address assignment.

    From a command prompt window, type ipconfig /all. The IPv4 address shown is the address that was assigned to your PC by your router. PF has nothing to do with to your IP address assignment - that is being done by your router. All PF is doing is showing you what was assigned.
     
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,394
    Location:
    U.S.A.
    Think of process monitor as a traffic cop, hence the PF icon:D. When set to medium, it will monitor all your Internet facing applications. For most people that is sufficient since what you really need is protection from web based threats. When set to high, it is monitoring all defined processes that have been detected to date running on your PC by PF.

    Process detection is simply a switch that causes PF to start monitoring all processes currently running on your PC when it is set on. Some people prefer to keep it set on all the time. It just keeps adding to process monitor any process that starts executing. Turning this on occasionally is a good way to add Internet application processes that may have not been detected during the initial PF training period i.e Adobe Reader, etc. Note that this feature is independant of the training feature. If you are running in PF standard mode, all signed processes will be added without alert without turning on the training feature.

    Training is primarily used to install new safe trusted software or any sofware for that matter without any alerts. Training behavior depends on the mode selected; Standard or Manual control. Read the user manual for further details. Training mode should never be left permanently on.

    If you think though the above comments, you can deduct that PF will be monitoring a lot of activity that may not be directly related to Internet activity. That will have an impact on performance. How much depends on your hardware configuration. User choice here.
     
  13. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    A very nice, concise description there, itman. :thumb:

    Just to add from the User Interface:

    "Select the "Medium" setting to monitor processes related to any application currently listed within PrivateFirewall.

    Select the "High" setting to monitor all processes within your system."
     
  14. Vilmalith

    Vilmalith Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    68

    Thanks, I know how DHCP works. I was answering your question as to if I added my network as trusted. And I was saying I did not since it is auto added under sites.
     
  15. paniccom

    paniccom Registered Member

    Joined:
    Jul 23, 2006
    Posts:
    100
    Has anyone else had this 'grinding away' problem? I've had software do this in the past, although I don't recall what it was, but the thrashing was very noticeable and annoying and probably not good for the HDD. I'd like to check out PF this weekend. Thanks all.
     
  16. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    Not at all...on either of two machines that have PF installed.

    Maybe worth a clean install to see if it crops up again.
     
  17. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps
    Great help, thanks. I guess it's down to the level of paranoia, knowledge, and system resources of each user to determine their settings.

    I wonder if the default settings would have avoided stux / flame? I guess not since they used a Microsoft certificate? That's probably the weakness of all such security tools using certificates as a guarantee of validity?

    In addition I use MSE and Malwarebytes Pro with realtime on and Trusteer Rapport switched on for banking sessions. I think overall the security is high. I did some tests with just PFW and MWB Pro in Vbox running XP in a Linux Mint environment a few months ago. Tested on live malwaredomainlist links. Between them they stopped everything on default settings!!!

    I guess that's good enough for me, but a combination of my paranoia and awareness that I know quite a bit of IT but am not expert / professional keeps me concerned that I could be missing something.
     
  18. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps
    I was not quite clear the difference between "any application currently listed within PrivateFirewall" and "any application currently listed within PrivateFirewall".

    My thinking was that why would PFW not list all applications, and why should there be a difference, and how can I decide if some or all needs to be detected. ITman's answer give me more insight now, especially as it is only internet facing / requesting apps that will appear initially, on standard and medium settings, i think?
     
  19. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    In the past when I had PF set to "default" there were a number of apps (internet facing as well as others) that the program picked up and listed in Process Monitor.

    Once I changed the setting of Process Monitor to "high" it began to add and monitor "system" apps and activity beyond those processes which were already included by default.

    I've always had "enable process detection" set to "on" so PF picks up and monitors new apps and processes in real-time. It's never been too busy for me as I've been maintaining my settings via export/import for a long time so that I get very few pop-ups during the course of any given period of time.

    BTW, cavehomme, you changed my quote which was copied directly from the GUI on PF. Perhaps it would be better not to change someone's quote but rather discuss any points you are trying to make in your posted reply. Had it said: Select the "High" setting to monitor C, that is what I would have copied and quoted. I would like to avoid any confusion on the issue.
     
    Last edited: Jun 20, 2012
  20. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps

    I used to do that and found that when I set an alert to train it would stay green and allow all 30 process interactions past the 7 day period. I thought that it would just train alerts for 10 minutes. Neither happened, so now I am paring back to default settings to understand how PFW really works, and if there are errors, or my misunderstanding. The manual is very good, but this thread has taught me more about how it all hangs together. Thanks for your suggestions.
     
  21. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    I've never used any training or learning mode. (And I know Greg Salvato himself is not a fan, but it's all personal preference.)

    I set several programs that I personally know, trust and use regularly (including security software) to "trust/allow" and leave others in "condition yellow" which is to be filtered/monitored (especially internet facing apps).

    For me that balance works well. Others may be more or less strict.

    (Since I don't use "trusted publisher" and I "alert to all new outbound connections", I am comfortable with what's going on for the most part within my system. It's primarily new threats I am concerned about...aside from any of my personal/financial information being sent out without permission (which is a good reason to review the "parents" list in advanced settings, imho).
     
  22. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps
    This is helpful, thanks.
     
  23. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    You're welcome...the following list is a synopsis of how I have PrivateFirewall set. The only settings it doesn't include are the few rare instances where I have customized an entry within "Process Monitor" or "Applications" but these are very much the exception rather than the rule, and the reason for the other thread I started about more granular settings...


    Internet and Network Security sliders set to "High".

    Local Network Site set to "Untrusted"

    Process Monitor: High

    Manual Control (auto-response disabled).

    Alert to all new outbound connections.

    Disable "Trusted Publisher" feature.

    All "Advanced Settings" enabled.

    All internet facing apps have been set to "Limited" in advanced application settings.

    I have reviewed the "Parents" list in advanced application settings and denied access to various programs that I didn't want to connect out to the net via other trusted apps.


    These settings have worked very well for me in concert with the other security apps listed in my signature.

    I hope to learn to fine tune (if and where necessary) the firewall and process monitor settings for individual apps and processes as time goes on.
     
  24. paniccom

    paniccom Registered Member

    Joined:
    Jul 23, 2006
    Posts:
    100
    Thanks Blues7. And it wasn't my PC that was 'grinding away', it was 'TheMozart's' machine. Maybe he'll be kind enough to do a clean install and reevaluate PF. Hopefully he has a clean image pre-PF and can quickly double-check his findings. Personally, I find it hard to beleive that a company with professional programmers and access to all versions of Windows and other OSS's would release a build that would cause this. It may be a conflict with some other software causing TheMozarts' grinding problem.
     
  25. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    Sorry for the misunderstanding...I had his posts on "ignore" so I only saw yours at the time I replied. :oops:

    (Though I can't say I'm surprised...he seems to have had problems with every single piece of software he's installed regardless of type or purpose...and when the inevitable problems arose (real or imagined) it was always the fault of the developer or software. :rolleyes: )
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.