Windows 7 Firewall Control Plus

I liked it originally for its simplicity and for how light it was over other firewalls. However I had issues using my bittorrent client and authentication issues. Turns out the free version only can create rules for a specific profile. If you have a wireless network marked as any other network other than the default for Win7FWC then it wont be allowed through even if you manually add it under the network type. This lead me to PC Tools Firewall Free. Ive been using it and everythings been fine since.

 

I installed Malware Defender and here is more info on the block. Clicking the link in Malware Defender took me to the site below. If this is something legit and it looks like it is, what is the procedure in FirewallControl Plus to allow it?
http://whois.domaintools.com/cds21.lon9.msecn.net

 

Malware Defender uses same WFP engine as Windows Firewall Control,
just another interface. Currently i am on MD, i had Look n Stop till yesterday
parallel (trial ended).
nevertheless
>> TCP 192.168.1.100:
is/was your current IP that time - but the target as you pointet out with the link
ist the MS server with some updates.

MS has some pre-defined "trusted" ip's - look the rules pls.
Some of them are MS servers.

 

Firewall Control Pluse is a nice app but is not too smart at guessing what zone to allow something

Code:

2/14/2010 8:42:48 AM IPv4 TCP 199.7.54.72:80(49161) Consent UI for administrative applications LanOnly Outgoing
2/14/2010 8:42:49 AM IPv4 TCP 199.7.48.190:80(49163) Consent UI for administrative applications LanOnly Outgoing
2/14/2010 8:43:23 AM IPv4 TCP 65.55.87.27:80(49165) Host Process for Windows Services Default Outbound Outgoing
2/14/2010 8:43:23 AM IPv4 TCP 65.55.87.30:80(49166) Host Process for Windows Services Default Outbound Outgoing
2/14/2010 8:43:23 AM IPv4 TCP 65.55.87.27:80(49167) Host Process for Windows Services Default Outbound Outgoing
2/14/2010 8:43:23 AM IPv4 TCP 65.55.87.30:80(49168) Host Process for Windows Services Default Outbound Outgoing

What do I need to add for these to work properly. I know what they are and what they do. The default for svchost.exe appears to not be enough defaults for it to work properly. What needs to be added to the zone for the Consent UI to work as well as svchost.exe?

 

I think it's pretty smart for the way it's set to do the job. For the basic things the suggestion is usually the correct one, which is more than many other firewalls do. For more complex programs, it does mistakes, but it's part of the game. You need some basic understanding of ports and protocols for this firewall and once you have it, you can set up any zones-rules you like.

The problem is, if you don't understand how a firewall like this works, you may as well not use it, because it's no protection.

Just because some entries appear, doesn't mean the rules are "wrong". You may get a spyware some day and it will complain. That doesn't mean it's wrong and you must allow it.

The ConsentUI request is towards a Verisign IP. Which i don't see the need for you to allow it. Still, if you want to allow it at all costs just because you don't want to see blocked events, make a new zone, call it Consent UI and allow it outbound TCP for port 80. Then when you get the firewall prompt, set manually the zone to the "Consent UI" you have created. I got prompted about it once, i denied and then deleted the rule and never appeared again.

The svchost is probably because you chose the wrong preset zone. My "preset" zone allows TCP out port 80, so i don't have such alerts. The IP is Microsoft BTW.

Check that your preset zone has this rule. If not, add it :

http://img692.imageshack.us/img692/5876/35564804.jpg

From what i guess from the blocked logs, you have mistakenly set both zones. For svchost you have set it to "Outbound" and for ConsentUI to "LanOnly". These zones are both wrong. You need to put svchost to the zone in the picture and the ConsentUI, if you insist on allowing it, to a custom made zone. You could put it to "Outgoing only", but it's too loose, it allows all ports, from the log it needs only port 80.

Or better yet, change firewall, because it's probable that you will open holes in your own PC sooner or later.

 

Ah thanks for the chastisement on firewall etiquette. The svchost.exe is set to the zone in the pic you show, I've mentioned this before. Also, this outbound is not Windows Update. Windows update has no problem. So here's where I stand, I accepted the default zone for svchost.exe which is the same as you show in the pic. svchost.exe is trying to exchange info from an MS site but can't.

 

Well, mine can... At this point i 'd go to the Sphix Software Forum and ask the developer.

Are you sure it's svchost.exe in the pop up? Anyway, everytime i 've had something blocked, the answer was to allow the ports blocked. From far away i am unable to understand what your problem is. If you have rule for port 80 for the process that asks permission it should be allowed.

 

I don't get popups for this/these, only the tooltip that pops up saying it's blocked. Here's some screens of svchost.exe. Port 80 is allowed by default in the zone that's mentioned

 

It seems OK... You have Windows on E:, but i don't think it should cause problem with the rule...

I 'd also try to delete the current rule and let it ask me again... Or uninstall and reinstall?

Other than that, you may ask in Sphinx forum. The dev answers himself.

 

OK, thanks fuzz for the help. I have deleted the rule and re-allowed it in the past. It defaults to the one you show in your pic. I'm guessing that an uninstall/re-install may be in order here. I wish that I knew what's trying to update, help and support, smart screen filter <-- do those need any kind of updating/communication with MS secret sites?

 

What i don't understand is why Windows Update works and this doesn't... The rule is the same. That the rule is named "Windows Update" is irrelevant. You could rename it to "Mickey Mouse" and it wouldn't change anything, it's just a name. The important is that it allows outbound 80. This should work not just for Win Update for any other connection of svchost for port 80 outbound.

Unless there's some bug connected with the fact that you keep windows in E:

The Help might try to connect... Not sure, as i don't get blocked alerts.

The ConsentUI at least i am positive that you can happily block it, it's not needed. It's supposed to be UAC related and as long as the software you try to launch works, there is no reason to let it connect anywhere.

The only current bug that i am aware of is that you can't ping anyone. The dev has solved this in the betas. The next release will have this fixed. Maybe you found a new bug when Windows is in E? Improbable, but you never know.

 

Oh, one last thing. In his forum, the dev has the link to the latest beta. You may want to see if this helps you if reinstalling doesn't do the trick.

 

One more question, do you have Win 7's firewall enabled both ways in addition to Win7FirewallControl Plus?

 

Yes. If you have the Win7 firewall on too, i suppose you haven't blocked svchost port 80 outbound there... The 2 rulesets must be "compatible".

 

Yes, I had it enabled with my rules coming from Firewall Plus, they match. I've had outbound disabled though for about a day trying to troubleshoot the situation I have in Plus

 

All i know is that if there is a deny rule in Win7 firewall and an "allow" rule in Win7 control Plus, then the "deny" wins.

I 'd try to disable the windows firewall entirely too and to restore them to default rules too.

 

Correct me if I'm wrong but doesn't this correct itself by selecting "My computer is permanently connected to the internet" setting in Avast? If not, what and where is the ini setting

 

Version 3.5.1.131* released
http://www.sphinx-soft.com/Vista/order.html
http://www.sphinx-soft.com/de/Vista/order.html

sorry, i didnt found news about nor if 3.0 licenses are valid for 3.5.

*correct version

 

Seems like the built no is incorrect.

The latest built is 3.5.1.131.

 

There is only an upgrade from 1.x/2.x to 3.x available. So the 3.0 licenses should be valid for 3.5.

 

Correct, my license was for 3.0 and i updated to 3.5 without issues.

 

sorry, idd - build is 131

And i got answer from support concerning upgrade to 3.5.
User need to re-validate the key although the answer is pre-filled
its --> (3) "get ... code..." [ONLINE] or [BY EMAIL]
the code under (4) is different to the code which was valid for v3.0

 

Uninstall/Re-Install or over the top? Are there any specific reasons for the latest update?

 

I uninstalled and reinstalled clean. I don't know of a specific changelog, but i know that finally they made available rules for ICMP. With v. 3.0 i couldn't ping. Now i can.

 

Change log here:
http://vistafirewallcontrol.freeforums.org/the-latest-betas-releases-t6.html