Discussion in 'other firewalls' started by co22, Oct 25, 2016.
please check your pm.
I just installed SW and am trying to determine what not to block in the filters. If I go with the default rules I have no internet access at all.
Any tips on what to back off ?
The first place to check is the firewall's log file. That should reveal what's being blocked.
1- Right-click SW's icon in system tray (icon is a flame of fire) -- then click "Show/Hide" on the resultant pop-up menu. Doing that gets you SW's Graphic User Interface (GUI).
2- On the GUI, left-click the left-most tab, "Apps". Doing that gets you a list of Apps that have "come to SW's attention" thus far since you began using it.
2.a- Top section of that list is "Apps with internet access"
2.b- Middle section is "Apps with user rules" -- (that section will be missing or empty if you have set no personally-developed user rules).
2.c- Bottom section is "Apps without internet access"
3- If there is an app in the bottom section "WITHOUT internet access" that you want to ALLOW it to have internet access, then simply put a check mark in the empty block beside its name & SW will automatically move it to the top section "WITH internet access."
4- Conversely, if there is an app in the top section "WITH internet access" that you want to NOT allow it to have access, then simply remove the check mark in the block beside its name & SE will automatically move it to the bottom section "WITHOUT internet access."
@intp1 -- Welcome to Simplewalll. I am just a user like yourself so I am still a learner, just like you. Thus far I have shied away from writing my own rules until I have more experience with this firewall. If you run across a possible bug in SW, or don't get the answers you need here at Wilders, then you should visit SW's MAIN website at GitHub -- it's HERE. To post there, you need to register with GitHub -- it's free & easy. To register, go HERE.
By the way, I found it VERY useful to do this:
1- Right-click SW's icon in System Tray
2- Click "Packets log"
3- Click "Enable packets logging to a file"
4- Click "Enable packets logging interface (session only)
Having done that, anytime you want to see what's has been going on (past actions), right-click SW's system tray icon, click "Packets log" then click "Show log".
If you want to watch SW do its job (current actions) at the same time as things are actually happening, right-click SW's system tray icon, then select "Notification" then select each of the following:
"Enable packets notifications"
"Enable notifications sound"
"Show notification window on tray"
After a few days, you might want to turn Notifications OFF after SW has pretty much learned you & your computer (& vice versa).
3.2.2 is really a bad build for me.Crashes continuously even when no network is used.I have reverted to the 3.1.2 build.
I believe the piggy-backing of svchost is primarily a BITS issue anyway, so if you have it disabled that shouldn't be a problem. Just be sure to check and make sure windows is still able to automatically update without BITS enabled.
I'm running Win10 1909 build 18363.1016 here but not SW. I currently have a small whitelist of processes which can connect out, none of them are Microsoft executables. I'm not recommending it but if you do go the route of blocking svchost you'll need to allow DNS traffic to your chosen DNS servers and manually install windows updates. I'm sure other services (like time sync) may be affected too, I'll have to open up a thread to discuss it some day .
Yes, time sync and DHCP (local/remote ports 547/546 & 68/67 will both be affected. BTW, I've successfully done it before and done it recently, allowing svchost out to specific Microsoft Update server IP ranges to port 443 only, even though others have said it doesn't work. It does. It just takes some patience and strategic use of a free whois IP service to determine the IP ranges to use. I block and log all attempts to port 80 and have the firewall alert me to connection attempts to other TCP and UDP ports.
About system, as I said previously u need to allow only the browser and AV for typical home use case scenario (not everything, u can block banner / offer related AV exes or telemetry) all the rest must be shut, svchost for updates but sideloading of updates is better (svchost will try to auto connect if bitsadmin is enabled, but regardless of settings svchost is enough for the updates to run in auto, bitsadmin is dangerous, the service can update download files) and in the system apps param everything should be shut exept for DNS / DHCP, probably can be done better security wise, but with wifi DHCP is standard and comfy. In simple wall versions the system app setting would reset on update To reiterate everything else shut unless updating for a brief moment and Internet/router disabled if not actively needed (especially at restart shutdown ops) , why expose yourself to sharks if you don't need to be in the water, allow something if you are actually using it, if you are not driving your car turn off that engine(that includes everything on the host) , it's easy and fast with simplewall
I've been really impressed lately with how easy it is to update Win 10 offline via the catalog site. Example is the below Microsoft site where you can click the cumulative update you want and get a link directly to the file on the Microsoft update catalog website:
I also have a Win 10 Pro VM as a backup... I can update it the conventional way and then use the media creation tool to update the host with very little effort. Driver updates I tend to do manually.
SimpleWall v.3.2.3 (Released Aug 25 2020)
This is a maintenance release.
added ncsi system rule (issue #709)
added command line mutex checking (issue #750)
added noficitation window redraw (issue #731)
use logical sorting order (issue #735)
check for provider status before create filters
do not highlight connections in log tab
fixed support oldest win7 versions (issue #737)
removed listview empty markup
Here's the download link;
simplewall v3.2.4 Released (5 September 2020)
Spoiler: Changes v3.2.4
removed assertion from release builds (issue #764)
removed user service instance from the list (win10+)
fixed parsing not existing apps (issue #732, #739)
displays incorrect name on timer expiration
check app timer expiration on profile load
incorrect read-only rules tooltip markup
create filter does not report errors
fixed checking of file attributes
fixed parsing ip/port ranges
How stable is this firewall nowadays? It was pretty stable for me last time I used it but there were several reports of stability issues from other users.
I haven't used it for over a year since I'm using EIS.
It's totally steady on my computer. I have run it for months & always have the latest version.
Its running well on mine except it wont seem to autostart with windows... seems I saw someone post this problem once but cant find it.
settings / general configuration / load on startup
Thanks... I had that part figured out
Did your problem get fixed? If not, please take note that SimpleWall's developer closely monitors and responds to issues posted at GitHub.
Is it possible for the user to write IDS/IPS rules and then have SimpleWall notify the user and log the event when IDS rules are triggered?
A simple IDS rule would be to monitor when an IP address port scans a sequence of common service ports. If an IP address is port scanning several common vulnerable ports then they are likely up to no good.
edited 9/17/20 @ 9:07 pm
I do not know -- it's over my pay grade. But I sure wish I did know!!! PLEASE ask your question at SimpleWall's GitHub board.
By the way, do you know of any firewall that DOES enable user IDS/IPS rules? I would love to install such a FW & strive to learn its use. I have been tempted to try Evorim Free -- at first glance it has what seems to be a powerful user-set-rules capability. However, it's a bit too heavy for my aging laptop. Concerning which, SimpleWall is one of the best power-to-lightness FWs I have found to date.
You can create simple IDS rules with Eset, and Eset comes with IDS rules already configured that seem to work well. I'm just not satisfied with Eset's UI because the settings are too deeply embedded, and the layout is horrid for my taste! IMOP, it's painful to work with. Eset also appends "allow communication for", and "deny communication for" to the beginning of every FW rule. The extra string of text it appends to firewall rules clutters up the columns, and is completely unnecessary. It can be manually removed though. You have to remove each string of text, one by one, which is a little tedious. Also, now every time I create a new firewall rule by way of the firewall prompt, I have to respond to Windows UAC to elevate my privileges, so this causes me to have to respond to both the firewall prompt and UAC, when ticking the box to remember my choice. This is just more unnecessary work when dealing with the firewall.
Eset does seem to have good IDS, and Botnet rules that come configured with the firewall. Eset allows many services by default that most home users will never need, but Eset is suppose to filter that traffic. It would be safer to block traffic for services you don't use though. When using Eset I always go in and disable the default allows rules for stuff like allow remote registry service, Allow Admin shares in SMB protocol, etc..
I've wanted to check Evorim FW out myself. I like SimpleWall's layout, it's way easier to navigate and work with than Eset's. I love how you can access everything from one Window through multiple tabs. It gives quick access to everything. If your new to Eset, then it may take a while to find what your looking for. Many of the options are pretty deeply embedded in the settings. I used SimpleWall a couple years ago, and I think maybe it could be a good option once it has matured. I'm not sure how mature it is, since it's been 2 years since I used it. One thing is for sure, I really love it's UI design because it gives such quick access to everything.
wait you want to use simplewall with evorim, is it a viable/tested option?
No, I don't want to use Evorim FW with SimpleWall. Evorim FW was mentioned to me by another poster above, and I was just saying I have wanted to give Evorim a try to see what I think about it
I plan on giving SimpleWall a try soon. I think I may really like SimpleWall because of it's well designed UI. I need a good front-end to Windows Filtering Platform that will allow me to write my own IDS/IPS rules.
Away from security, I won't use neither nor of those. simplewall has a really poor documentation (github), no zone modell. evorim zone modell is present but kept simple, "apply rule" for processes is not clear. The "Tools" option is not acceptable for a firewall, at least its a black box in evorim and no one knows what it switches and how windows will behave. Both have more cons than pros from my view. And both work on their own away from Windows firewall.
They have to compete here with Windows 10 firewall control, which ofc is not free if full featured but that's a decent stand-alone firewall. (the free has too many limitations to be competitive).
Separate names with a comma.