Windows 10 Firewall Control (Sphinx-Soft) Discussion Thread

Discussion in 'other firewalls' started by Brummelchen, Feb 14, 2015.

  1. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,547
    By now I gather that Sphinx and Windows Firewall are NOT independent as was pointed to me above, and as I've found out when I put the WinFW in a block outbound mode. Indeed, Sphinx was reporting, in its fast disappearing popup, that WinFW was what stopped something. Too bad their event log doesn't make it clear.
    So, does this mean that to use Sphinx firewall we should consistently maintain two firewalls, or disable WinFW, or delete all WinFW rules and build everything in Sphinx? How does one work all of it?
     
  2. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    136

    Start your brain and read.

    https://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx
     
  3. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,705
    simple solution: uninstall!
     
  4. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,547
    Boblvf and Brummelchen, I guess you don't know the answers.
    Let me try another question that you might be able to answer: What is the difference between "Disable Allowed Events" checkmark on the left and Disable All under Zone for a Program? Is it because in the zone rules some maybe enabled and some disabled so the checkmark would just control what was enabled in the ports-protocols list for a zone?
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,705
    events are the popups bottom right and the items in the events tab

    zone result is the first behavior parallel to the popup question
    block/allow/block+ask/allow+ask

    block/allow are silent
    +ask means you get each time a question what to do wether the action in the zone defined or not-> the result depends on your click
    either you refine/modify the zone (add/delete rules) or you change the zone for that program - or you change to silent.

    zone result is by default "block"

    all is explained in the help file, you should read it!
    and you should gamble around with zones, rules etc to understand how it works.

    thats what i meant with "uninstall" - nothing is more frustrating or pointless if you dont know your software. in special security software.

    "Disable all" handles as is it written

    to allow means bottom left in the zone editor -> rule result: allow
    to block means bottom left in the zone editor -> rule result: block
    a zone contains rules that can allow or block.
     
    Last edited: Mar 21, 2016
  6. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,547
    Thank you, Brummelchen.
    I do read Help.
    I understand Enable/Disable of the rules inside a zone. It's the one on the program using that zone that confused me but I think you clarified/confirmed what I was thinking.
    I still don't quite get the sometimes puzzling interaction with the Windows Firewall rules under some circumstances, especially when it doesn't get logged by Sphinx and I miss the quickly disappearing popup detail that the block was by WindowsFW. And if the log is incomplete, it's rough to learn.

    I don't want to uninstall and revert to Outpost yet. Sphinx seems like a nice firewall, worth learning, just like it's worth learning a second or third language.
     
  7. Dirk41

    Dirk41 Registered Member

    Joined:
    Mar 22, 2016
    Posts:
    13
    hi guys, windows 10 (like w8 ) have apps (to clarify those you download from the windows store and those preinstalled).
    how can i allor them? i am able to allow programs because i browse through the foulders, but i can't alloe apps in this way

    thank you in advance
     
  8. max2

    max2 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    361
  9. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    For me Windows 10 Firewall is easier to manage then WFC (I try only free versions).
     
  10. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,547
    According to post#10 on page 1 of this thread it should be possible. But browsing store apps appears to be difficult/not allowed.
    I don't use any store apps, so this is a guess of a procedure that should work:
    When Sphinx firewall blocks it (or perhaps allows automatically), it'll be listed in events.
    You can then double click or right click > Edit that event and the rule appears. Change the zone to whatever you want, click Apply.
    Is this more or less what you were looking for?
     
  11. 71Darrin

    71Darrin Registered Member

    Joined:
    Dec 4, 2008
    Posts:
    21
    Does anybody know if Windows 10 Firewall Control supports Link-layer (Layer 2) inspection? Example, coverage over non-IP based protocols like ARP?
     
  12. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    742
    Location:
    Land o fruits and nuts, and more crime.
    Be nice to have a dedicated informing discussion on this firewall.

    Well this is a start.
    Working well, it does have a moderate learning curve, this is why I ask.
    Maybe some long-time users while give advise for settings, and other things. :)
     
  13. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    645
    Location:
    USA
    It helps you manage the built-in Windows firewall. All firewalls since Vista use the Windows API for WFP (Windows Filtering Platform), so for 3rd party choice it's really just a matter of front-end UI workflow and personal preference.
    https://en.wikipedia.org/wiki/Windows_Filtering_Platform
     
  14. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    645
    Location:
    USA
    Since Windows 8 and Windows Server 2012, WFP allows filtering at the second layer of TCP/IP.
     
  15. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,570
    Location:
    Location Unknown
    I'm having a little trouble with a 'zone' in Sphinx's firewall. I must have incorrectly assumed that hierarchy played a role here, and that allow rules need to come before deny rules like they do in nearly every other firewall. But when I try it this way the deny rule is activated before the allow rule. I'm trying to create a zone that allows Vivaldi to access a socks5 proxy and nothing else; creating a rule for IP 10.8.0.1 and denying all other connections. What would be the correct way of creating the zone?
     
  16. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    742
    Location:
    Land o fruits and nuts, and more crime.
    One question, why four different buttons (zones)?
    Must be over-thinking it.
     

    Attached Files:

  17. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,547
    In Application rules they're bottom-up, unlike Kerio, Outpost, Private... When you look at the individual rules within the zone you're making there are little allows for increasing/decreasing priority with microhelp to help you.
    I assume you're making a new zone you'll then apply to Vivaldi. That's OK.
    There's another way - start with the built in Web zone for Vivaldi. Edit those rules to your liking. There's a globe in the header of program files. Name the applied zone with Vivaldi and save just for that application.
     
  18. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,570
    Location:
    Location Unknown

    So, you're saying the allow rule needs to go on the bottom? Weird. That'll take some getting used to.

    Is there a way to create global rules with this?
     
    Last edited: Aug 4, 2018
  19. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,547
    Think of those 4 buttons as your favorites for possible settings which you can quickly apply on alert. You can change the content of those buttons - note the dropdowns.
     
  20. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,547
    Not 100% sure but maybe Domains Below Apps.
    They have a forum, I'd ask there if I were you. The moderator offers good replies.
    https://www.tapatalk.com/groups/vistafirewallcontrol/index.php
    Edit: On the Settings tab is an initial setting for all applications where you can set your or Sphinx's zone. I never used it.

    Edit: If you want to do what we normally did in other firewalls (bunch of allows followed by Block), here you can set the zone result to deny (or deny and alert). That way if a packet doesn't match your allowed rules, anything else is automatically blocked. And if you don't want to have enormous logs or a flood of visible alerts, add [NoLog] to the rule name. Ditto for baloon alerts [NoBln].
     
    Last edited: Aug 4, 2018
  21. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    742
    Location:
    Land o fruits and nuts, and more crime.
    I see. So "apply permissions over-rules the four?

    Thanks, did not think the four buttons as favorites. :eek:
     
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,705
    they are "favorite" - a quick apply for the 4 most needed zones - and zones contain rules. you can create own zones with own rules (like i did).

    btw you are running vista or XP - both can not be secured no longer, with no software because EOL and out of support, the list with vulnerabilities grow fast. for XP it has exceeded 1500 items. no firewall can cover the leaks in xp/vista.
     
  23. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    742
    Location:
    Land o fruits and nuts, and more crime.
    Why won't it allow this change, all others in this window allow change?
    Trying to disable (block).
     

    Attached Files:

  24. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,547
    Hey, it's not a TCP protocol but ICMP, no ports.
    Take a look at the Local System zone.
    Ping/trace is a system thing.
    Note how they code it.
    Suspect that's the reason but I may well be wrong.
    You can alway copy and paste rules out of the repository into your creation and then edit.
     
  25. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,705
    the "rule summary" is an overview to all used rules - F3 to disable/enable.

    but rules are created, deleted and inserted into zones. did you not read the help manual?

    but ping and trace only need UDP port 53 (dns only)
    i dont have icmp in my zones - were is it supposed to work?

    https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.