Discussion in 'other firewalls' started by ultim, Oct 12, 2011.
That's why it's grey out.
Different versions of a program might have different digital signatures, if Google changed its certificate. Please send me your chrome's executable in e-mail, and I'll put its recognition into the next TinyWall release.
Does it not work with the Outbound profile instead of Blind trust? Also, you can do the following experiment: Disable the firewall, start using chrome and look at the connections window to see which ports is chrome using. If you see anything else than 80 or 443, report it back to me.
In addition to Windows Update, try whitelisting the BITS (Background Intelligent Transfer Service) service. Does Windows Update work with BITS enabled?
I'll look at AIMP player myself. Will check shortly.
Those are three separate issues:
1) Your problem is probably that the installer is running with Admin privileges, but the TinyWall tray is not. A non-admin app cannot capture clicks from admin apps, this is a reasonable security feature of Windows. Try elevating the TinyWall tray app and try again. But...
2) ... TinyWall still shouldn't crash though. I'll try reproducing and correcting that.
3) If the installer creates temp executable files that need internet access during installation, then whitelisting the installer itself won't bring you success (since it is a different executable running). In this case the only solution is to switch the firewall mode of TinyWall into "Allow outgoing" for the duration of the install, then switch it back to Normal.
Thank you for resolving Burnaware issue.I switched to "Allow all..."
Is there another Skype process i should add to whitelist,because when i try to add a contact,this is what i get,despite the fact Skype is already connected.
And still nothing with AIMP...
You are right. Edit the exception for skype and (in addition to Symmetric TCP) add the Web browser profile too, then it works. Will be included automatically in the next version.
I've just tried AIMP2 (v2.61), added the Outbound profile and it plays back Shoutcast streams perfectly. It seems shoutcast also uses ports in the 8000+ range in addition to 80, so the web browser profile is not enough, but it works perfectly with "Outbound" profile.
With Skype I'm cool,thank you.And AIMP- it seems that the problem is only with a Romanian radio station,as the shoutcast works ok,you are right.But i don't understand why that station doesn't work with TinyWall installed.Well...i will listen something else.Thank you for your time.Have a wonderful weekend.
can you send me a link/url to that station?
Here http://www.magicfm.ro/ Click on Asculta Live.It's up on the middle.
It will download a pls file.
That station uses port 9000, which is blocked as a common malware port by TinyWall. Multiple worms/viruses use this port. If you have a virus scanner installed and are confident that you won't accidentially unblock a worm/infected file, you can disable the malware port blocking in the General tab. Then you should be able to listen to this station.
A BIG THANK YOU!
Could you add a profile for a download manager?
VPN works fine with this newest version! Thanks.
Ok after some testing it appears that non of my applications can connect to the internet even when they are allowed in tinywall. these programs incluse ie, skype, ect. so I think this is something that is caused by my system....
the only changes that i have made are:
1. using seconfig xp from here http://seconfig.sytes.net/?cat=4 and disabling everything but RPC because that stops task scheduler....
2. I also went into inbound and outbound rules and disabled everything but the core networking rules for windows.
I'm using windows 7 sp1 64bit under limited user account.
Have you disabled this services?
no, i have base filtering engine, cng key isolation, windows firewall, ect all enabled. Right now im using windows firewall and its running fine on my system....
Hi everybody, I've just got back from the weekend's conference.
I will do some experiments with seconfig xp to see if any of its settings may affect the operation of TinyWall. I will get back to you with results later.
Note that on the current version TinyWall does not fully check or mark the service dependencies it needs. In the next version it is doing a much better job at that, it should be out in a few days.
Also, in turned out that the in general TinyWall is having a problem with Vista systems (sry, I do not possess Vista myself). However, it is still a supported OS and the next release will make TinyWall usable on Vista too.
Sure, but I don't use download managers, so I don't know which ones are preferred by people. Tell me which are the most popular download managers and I'll include them, if they are digitally signed.
The most popular that I know of are Orbit, Free Download Manager, and Internet Download Manager
"Internet Download Manager" for me.
These are popular with the wilders crowd https://www.wilderssecurity.com/poll.php?do=showresults&pollid=145
it's possible to change the way TinyWall named your rules on Seven FW?
I explain my problem:
I have set some rules for my programs on Microsoft FW outgoing rules and Tiny delete all of them but not a great matter I remade all (but it must be good if tiny don't delete rules on Microsoft Fw) but I have to change a rule for my browsers in fact tcp out on port 80 and 443 is not enought if you make streaming or some flash content on web page, in this case the correct set of port is this:
80, 443, 554, 1755, 1935
so i try to change but with tiny is not possible edit rules, so I try on 7 FW rules but in this case all your rules are identify by a set of letters that I think are ASH md5 of the file, well I have to click every web browser rules since I find Chrome to add other ports on it
As you can see on the screenshot i made is not so easy check the program you want edit, must be good if is identify as on tiny gui is
Thank for your effort, is a good program well done
humm even if I change on windows Fw my personal rule, it seems tiny only use is default rule (port 80 & 443) and don't see first Windows fw edited rule, so I can't do wat I want
I've been thinking about separating the Web browser profile from the HTTP(s) profile, and you have just reassured me that this would really be a good idea, so I'm gonna do that. The point is, this way I can allow more browser functionality for common plugins without making non-browser apps less secure. After making sure what 554, 1755, 1935 are for, I'll separate Web browser from the HTTP profile and add these ports to Web browsers.
Also, as you have seen you cannot edit your firewall rules outside of TinyWall. If you try to edit them from Win7's default GUI, even though you do not get an error, those changes will be useless. This is not some error, in fact, TinyWall contains extra code to deliberately be this way. This way TinyWall prevents other non-firewall programs from modifying the rules.
As a technical note, but this is probably not usefull to know for anybody except me, the [*] character string you see in front of the rule names is not a md5 file hash or similar. It is a purely random string to make all rules have unique names. Also please don't rely on them because the naming might change without notice in a future version.
To see the program to which a rule applies for in the Win7 GUI, you do not need to open all rules 1-by-1. Simply scroll to the right in the window and extend the columns if necessary, the executable's path is one of the columns.
ok understood, but if you can't modify a rule except using Tiny, so a user must have possibility of create custom rules
for example you have web browser rule tcp out 80&443 but if I use various programs as FileHippo Update checker, SUMo Update, Webroot secureanywhere, HitmanPro ... they only use atcp out to port 80 so get a browser rule is more than enough because port 443 us not used in this case, better have an "80 only port" rule, and even better have a button for Custome Rules create by the user with Tiny IMHO
I am not able to send out email with Thebat! I need port 26 opened to send.
For Fastmail (www.fastmail.fm/). Thanks.
You probably meant port 25, not 26. However, port 25 is not meant to be used by end-user email programs, so technically speaking it is not TinyWall's fault but your provider's. Still, I am adding it to the next version because I guess there are still outdated providers that use it... However, try if you can use 587 instead, which is the industry-recommended/default for email-clients since a few years now. If not, TinyWall should correct it in at most 2 days.
No, it's 26 for Fastmail, 25 for GMX and most others. Don't know why they use this odd-ball port.
Just tried out 587 it works.
Separate names with a comma.