Windows 7 Firewall Control Plus

Discussion in 'other firewalls' started by Fuzzfas, Oct 8, 2009.

Thread Status:
Not open for further replies.
  1. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I was wondering if someone has bought Windows 7 (or Vista) Firewall Control Plus.

    The free version is good, but doesn't seem to cover the system area. So basically if something ends up into the Windows folder and manages to execute, it will also phone out without the free version knowing about it.

    Do you think the Plus version is worth the money?

    With UAC shouting at every step, i think the time i could use firewall with HIPS is over. Besides things run very smoothly with Win7 built in firewall, every internet activity feels so light.
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Fuzsfas,

    I really have not tried it, may be another tip.

    Use Windows own

    I only use W7FWCtrl free to write down all programs/services and exact paths. Then I use Stem's post to make the Vista FW (or Windows FW) two way.

    Then I uninstall the W7FWCtrl free again.

    Advantages
    - fast
    - UAC monitored
    - no pop-ups for outbound

    Disadvantage
    - no pop-ups for outbound

    Windows own FW setup 2-way, UAC (W7 has sliders, UAC needs Norton UAC tool to remember choices) and SRP through sully's PGS really raise the bar for malware on an x64 machine.

    Download Trial version
    It seems that after trial period, you keep some more control features left (compared to W7FWCtrl free)). Have not tested this myself. Since you consider buying, this might be something to try out for yourself.

    Regards Kees
     
    Last edited: Oct 9, 2009
  3. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753

    Thank you Kees. As a matter of fact i have installed the Plus (trial) version and i must say i am very happy with it, with only one small bug.

    I have already modified the Win7 built in Firewall rules, disabling anything unneeded ,but the "non pop ups for outgoing" is only a disadvantage for me, which is what pushed me to find this program. I WANT outbound. I have a router for inbound.


    Ok, i will answer my own question. Yes, the Plus version is good and probably worth the money. You can edit all zones rules and create also your own zone with rules and then use it , a bit like Comodo does with the "treat as" option.

    It's also very easy for novices, because it proposes you on its own the most appropriate zone.

    I would call this firewall a hybrid between Kerio 2 and Comodo (without D+).

    Here some screenshots:

    This as example of editing existing zone and disabling one rule:

    http://img164.imageshack.us/img164/949/75891322.png

    Here some of the pre-configured zones (there are many more):

    http://img12.imageshack.us/img12/1928/37088212.png


    Here's an example of custom made zone (which contains my custom rules) for EMule. There is a preconfigured "peer to peer" zone, but it's too relaxed (allow all outbound and inbound):

    http://img8.imageshack.us/img8/4024/64286392.png

    Here's a pop up, from where you can select the zone (even though it usually proposes you a good one, which is cosy for beginners).

    http://img32.imageshack.us/img32/656/95109584.png


    The only and most annoying bug, is that there seems no way to "close to tray". The control panel, even if you close it, it's like pinned to the taskbar.

    The other good thing, is that if you have setup the firewall rules in Win7 manually (which i have) and you use a zone rule from the program, if something is blockes in the Win7 advanced rules, will remain blocked even if you have set in the program an allow rule. This is something i read in the Sphinx forum. Basically, for something to be allowed, it must be allowed at all levels.


    Another interesting feature, is that if the executable of the program is killed (ex via the task manager), all outbound connections of applications for which rules aren't set yet, are denied automatically. This is good, in case of crash or kill of the application from a malware.

    Also, you do get a pop up notification in case something is blocked by your default rules, so you can eventually correct your rules.

    I think i ll buy it. It's 30 euros, which i think is a bit much for an "add on", but considering that i won't have to worry about system compatibilities and that it runs light, i think it's worth it.

    Bye bye 3rd party firewalls. Besides, with UAC on, i don't feel the need for some firewall with HIPS...

    I don't know if you get any "extras" once the trial is over, one thing is sure, that you get a nag screen to register.
     
  4. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Another good thing, it keeps a simple text file log, in its program directory, with all blocked events and new rules created.

    And with p2p, the combined CPU usage of the firewall control and Win7's firewall is ridiculously low...
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I reccon it is a life time lisence :p

    Thx, now you only have to change your security progs in your signature :D
     
  6. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I believe the license is valid for program updates within the same version. For example now it's in 3.0, you can upgrade all 3.x versions. In v.4 you must pay for upgrade. This, because of this page (bottom):

    http://www.sphinx-soft.com/Vista/order.html

    Which should be OK, since the current version, apart the inability of "close to tray", should work fine for the life of Win 7.

    Lifetime would be better, but as long as it works on Win7, it's ok for me. The only thing that isn't OK with this firewall is... its price. :D I mean, come on, they charge it more than OA Premium for God's sake and it's just an add-on to an existing firewall.

    Yes, i have said farewell to my dear Twister (no x64 version yet and from what "Fairbanks" says, it won't be ready when v.8 is launched either).

    I also need an AV that works on 64bit Win7. I am torn between Avast and MSE. Probably it will be Avast... Then i will throw in Threatfire and WinPatrol plus and with UAC it will be enough i think.

    Unfortunately, First Defense PC Rescue doesn't work on Win7 x64 and i am hesitant to install Rollback Rx, because it doesn't support officially Win 7 yet and i am also a bit bothered by the limitations (about defragmentation and running Windows inside its own OS, which i don't like as idea. Wi n 7 runs so light right now that i don't want to put anything that might slow it down even a little bit.). First Def PC Rescue was much more transparent and reliable... I miss it already.
     
  7. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Found the major bug. You can't ping with this firewall control installed.

    http://vistafirewallcontrol.freeforums.org/ping-to-internet-servers-is-blocked-plus-version-t21.html

    Which would be of little interest to me. But unfortunately, Avast, tries to ping home every 50 seconds or so, which resulted in neverending alerts about blocked ICMP 8. One can disable the blocked notifications, but i think they are useful. So instead, i uninstalled Avast. I will try Avira.

    EDIT: I found out a small ini file hack for Avast that prevents it from pinging to test internet connectivity. So Avast it is!

    Anyway, i bought the program and i am glad to see my interned speed finally free of 3rd party kernel drivers.
     
    Last edited: Oct 9, 2009
  8. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    No need for an INI file hack. Just go to settings -> Update (Connections) page and check the "My computer is permanently connected to the Internet" box.
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well you could even make it lighter: my son uses at the moment (Vista x64)

    - Vista FW (2-way) + your add on W7FWCtrl
    - UAC + Norton's UAC (which you do not need since UC has a sensitivity slider in Win7, so you would run leaner)
    - Sully's PGS (deny execute user space)
    - MSE with (since UAC prohibits writing to windows and program files) windows and program files excluded from on access check
    - ThreatFire for x64 (always shutdown, except when he installs programs)

    Regards
     
  10. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Thanks, good to know for future installations!


    My only objection to that is about MSE. I did try it and i liked it. With 2 small objections:

    1) That the EULA practically says that you install a big brother antivirus, which will phone home and report anything sees fit. (which isn't so big problem if you think that similar EULA exists for Win itself, so...)
    2) That i can't opt out from the "Spy Net", which is big brother's bigger brother... :D (nice name they chose BTW! Why not Spyware Net!)


    Avast is light enough, once the neverending VDRB building is over. I only install the "standard shield".

    P.S: Irrelevant to security, but i miss FD PC Rescue and FFDShow decoding everything, like in XP... Sigh. I wish someone makes an heir to First Defense for Win7. And i don't mean Rollback Rx. I prefer the "full copy" approach.
     
  11. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Why do you use Win7FWCtrl and the built in Windows Firewall?? o_O

    That is a bit stupid i think cause the built in Windows Firewall has a higher priority than the Win7FWCtrl.

    If you use Win7FWCtrl. simply deactivate the built in Windows Firewall and stop->deactivate the Windows Firewall service.

    Otherwise you will run two firewalls on one system. I won't recommend that.


    The Programm Win7FWCtrl is not a control of the built in Windows Firewall!

    It is a stand alone firewall with a missleading name! It uses the Windows Firewall Adapter but has nothing to do with the built in Windows Software Firewall service!
     
  12. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753

    1) The Win7 Firewall Control has incomplete-obscure settings (see ICMP, IGMP). It can only handle rules for TCP and UDP. Rules for other protocols, are "handled" by leaving blank protocol rule, which enables that rule for any protocol (basically, you don't control anything). There might be some hardcoded rules in there too, but nowhere to be seen.

    2) Win7 Firewall control and Windows Firewall are perfectly compatible. They are NOT 2 different firewalls. They both use the same Windows Filtering Platform. Basically, they both use the same filtering engine, each of which is capable of applying its rules on that engine. 1 engine, 2 possible control levels and rulesets. So it is NOT like running 2 firewalls. It's like running 1 firewall engine with 2 rulesets. Which is why the rules of the 1 can influence the other. Because they are NOT different firewall cores. They are one.

    3)Win7 Firewall control's ruleset takes priority, but NOT in case that the rules of the built in Win7 firewall have deny rules. In that case, the "deny" of the win7 firewall prevails over the "allow" of Win Firewall Control.

    4) If either of the 2 services crashes or gets killed, the firewall keeps filtering using the rules of the other "ruleset". It can also function as a safeguard for mistaken reply to pop up. For example, if you launch Torrent, for the incoming connections, you must allow in Win7 Firewall Control but ALSO in Win's built In firewall. In fact you get a popup to allow or not. Otherwise, giving only permission from Win7 Firewall Control, will block inbound connections. I think it's great.


    So i wouldn't worry about incompatibility, as a matter of fact for me, one complements the other perfectly. The built in Win7 firewall has far more clear system rules than Win7 Firewall Control. Which on its part, makes outbound control much easier.


    Of course, it is obvious, that if someone messes up the built in Firewall rules, to be in contraddiction with the Win7 Firewall Control's rules, he will have many problems, because the "deny" will prevail.


    I can assure you that my PC has never felt lighter in every internet activity with both services running.

    For more info from the dev:

    http://vistafirewallcontrol.freefor...control-vs-windows-built-in-firewall-t16.html

    Or: Windows7FirewallControl is completely based on Windows Filtering Platform (WFP), the security core introduced in Windows Vista and does not install any third party kernel drivers. The Built-in Firewall is based on the same WFP as well. The both products work entirely independently. Windows7FirewallControl uses the Built-in Firewall only once, at the first start to grab the initial settings. Due to complete product independence you can switch the Built-in Firewall ON or OFF at your option.

    http://www.sphinx-soft.com/Vista/faq.html

    They can work one without the other, but the engine is the same and for that, switching one off is purely optional, because the filtering driver is one. The rulesets maybe two, but that doesn't make it 2 firewall engines.


    So, the name isn't misleading. It's a controlling application over the windows core firewall engine. Simply Windows has it's own control too, over the same engine. But the engine is 1 and the 2 controls are complemetary in my view.
     
    Last edited: Oct 10, 2009
  13. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    I can see your point Fuzzy.

    For me the built in Firewall with advanced settings works good.
     
  14. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    The built in firewall, is IMHO better, with much more clear rules for all protocols (even some obscure ones), but what i miss, is the ability to have a pop up to alert for outbound. This is my main reason which made me buy the Firewall Control.

    From the moment that i bought Firewall Control, keeping also the built in ruleset, for me is a safety valve.

    The Windows 7 firewall engine works VERY well.
     
  15. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    I am very interested in this. I've just started migrating to Windows 7 64-bit. There are some applications that I cannot use; namely Sandboxie, Defensewall, and Looknstop. LnS just behaves a little quirky for me. I have to admit I am very impressed with the built-in firewall in 7. I am very interested to know the opinions of this "addon" application. I understand that it is intended to mainly function as an outbound filtering application, but their website also mentioned the ability to filter inbound connections as well, and I wasn't able to find that much data on just what they meant. I do know, from trialing the pro version, that it does pass a GRC port scan. Any information here would be helpful.
     
  16. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    It can filter inbound too, because it uses the Win7 native firewall engine. Practically, you can make rules for inbound and outbound or use the presets, which also have rules for inbound and outbound. The difference with the Win7 firewall rules, is that in this Firewall Control you can only set rules for TCP and UDP and that you get pop ups for all connections for which a rule doesn't already exist.


    I was also wrong about the presumed "bug" of not being able to close to tray. There was a setting that i didn't think it was relevant , "Win 7 taskbar integration" , which by default is checked , while if you want it to close to tray you must uncheck it.


    Personally i am very satisfied with this. The price is IMHO a bit steep, but considering that you virtually won't have to worry for software conflicts because it uses the native windows engine and that this engine is REALLY very light and efficient (i 've never had my PC browse, download, do p2p so lightly), it's worth it.


    BTW i verified with the vendor that the license is perpetual but qualifies for free updates within the 3.x version. When version 4.x comes out you 'll have a discounted upgrade option. But honestly, unless MS messes up the firewall engine with some Service Pack (which i doubt), i don't see the need for someone to pay again for a v.4.
     
  17. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I have a question about 7 firewall control. What zone should the "Host Process for Windows Services" be set to? I'm getting statistics report of something being blocked with this service and I'm thinking it may have something to do with MSE never auto updating for me.
     
  18. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753

    Local + DNS + DHCP + Update (svchost).

    The only time i get blocked messages about this, is when i use Utorrent, but it doesn't affect functionality.

    AFAIK, MSE uses Windows Update to do its updates and the above zone works fine for Windows Updates.
     
  19. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    OK, that's what I have as well. Now I'm curious about what is being blocked.
     
  20. wat0114

    wat0114 Guest

    Hi Greg,

    you might need to set the corresponding Windows update service, wuauserv.exe. Use TCP, remote ports 80 & 443 under the Protocols and Ports tab.
     

    Attached Files:

  21. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    To be more specific, here is the blocked log
    Code:
    1/2/2010 8:41:35 PM IPv4 TCP 192.168.1.100:49585(80) Host Process for Windows Services Blocks all inbound traffic for services who have been network hardened Incoming
    1/2/2010 8:41:38 PM IPv4 UDP 192.168.1.100:49458(53) Host Process for Windows Services Blocks all inbound traffic for services who have been network hardened Incoming
    1/2/2010 8:41:39 PM IPv4 UDP 192.168.1.100:49458(53) Host Process for Windows Services Blocks all inbound traffic for services who have been network hardened Incoming
    
    Is this something that should be allowed by Win 7 Firewall Control? If yes, how exactly?
     
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    53 is DNS request (resolving), the IP is your router - but not specific enough to block.

    are dealing with win7?

    so i can tell you that wuauserv.exe ist NOT in the list for apps which requested
    outbound traffic (looknstop firewall)
    on win7 its svchost on these ip's erm ip-ranges

    65.55.184.0-65.55.185.255;
    65.55.200.0-65.55.200.255;
    87.248.217.0-87.248.219.255;
    213.199.149.0-213.199.149.255;
    65.55.27.220;
    224.0.0.252

    range may a bit wider as needed but LnS has not that much space for each ip.

    HTH
     
    Last edited: Jan 3, 2010
  23. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    yes it's on Win 7? My first reply here about the blocks, I was assuming it had something to do with MSE not auto updating properly but from what you are saying, I guess I'm wrong, correct??
     
  24. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    "Host Process for Windows Services" = svchost.exe

    i dont know MSE, dont use it - but microsoft concentrated all windows program updates
    in windows update so i guess all requests for updates including MSE may
    processed with svchost.

    so
    >> TCP 192.168.1.100:49585(80)
    is the request to the router for outbound traffic - but there is the target ip missing.
    so you cant really know if that is false (malicious) or positiv (updates).

    bit off i had that problem with jectico so i dropped it.

    closer look here - win7 DONT have any wuauserv.exe any longer.
    only: wuauclt.exe
    The service itself is called "wuauserv" - nothing else.
    If you have "wuauserv.exe" on your win7 system it may infected.

    looking on Winxp: wuauclt.exe wuauclt1.exe wupdmgr.exe
     
  25. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    OK, sounds like this one will continue to be blocked then. Thanks
     
Loading...
Thread Status:
Not open for further replies.