simplewall
simplewall copied to clipboard
henrypp
Maybe a solution for non working popups under windows 10?
Hey@folks, i´m loving simplewall and i got the network-prompting issue (no notification shown on firewall blocking any request).
After resetting all Windows defender firewall to Standard all third party software notifications are working fine now. Hope i could help.
King regards C
I do not have this issue - I guess this must be a problem not with the computer or software running on it, but the person sitting in front of it.
For folks with experience in using the Internet and avoiding it's dangers, it is strongly advised to use the Group Policy editor (Start Menu, Type gpedit.msc, right click on it, then click "Run as Administrator") to completely disable Windows Firewall, Windows Defender and Windows Smart Screen, this will also boost IO performance a bit as not every file is scanned by an essentially useless Anti-Virus.
Hey@folks, i´m loving simplewall and i got the network-prompting issue (no notification shown on firewall blocking any request).
After resetting all Windows defender firewall to Standard all third party software notifications are working fine now. Hope i could help.
King regards C
Can you please tell me the exact steps you followed? I have this same issue and no matter what I try, even resetting Windows Firewall through netsh, or disabling via GPO, it still doesn't work. I mentioned it in #1153 and the issue is still not resolved for me.
Can you please tell me the exact steps you followed?
@ElectricityMachine: You need Windows Pro, Enterprise, etc.; not Home so you'll have the Group Policy Editor.
Start > Run: gpedit.msc
Navigate to: Computer Configuration > Administrative Templates > Network > Network Connections > Windows Defender Firewall > Standard Profile
Configure "Windows Defender Firewall: Protect all network connections" to "Disabled". Should look like the image below. You might need to restart your PC after that.
@gettysburg Easy with the PEBKAC there; my Windows firewall is disabled via the above, and I've just run into this issue / #1153 myself. I haven't (to my knowledge) changed anything relevant, and blocked app notifications have stopped showing up, and the packet log is empty. I've tried changing the location of the packet log, and tried enabling the packet logging interface for the session, but it's still empty.
My current plan is to export my settings, reset simplewall, and import them, but there's definitely something weird afoot. I'm going to try to come back and update, but if you don't hear back from me, that worked.
@mpql Henry is already working on it, and I reply how I want, so easy with the social-justice there (if you didn't figure it out already, this post is half serious, half joke, just like yours, so don't get too offended).
This is a long known issue and it should get fixed soon, I'm glad you used GPO's to disable Windows Firewall though, we had a user who used some hacky method to accomplish the same thing, and that resulted in a 3-5 second system halt every time simplewall called INetFwPolicy2::put_FirewallEnabled, read ticket #1209 for more information.
Keep us updated.
@gettysburg That is the first you're mentioning that in this thread; it sounded as though based on this and previous issues that it wasn't being acknowledged as a bug. I'm glad it's being worked on, and will be subscribing here. :)
Yeah, I actually came across that thread just tonight, so I'd already read it.
@mpql
I have to admit that I misread OP's post - now after reading it again, I realize that this is indeed a different issue - I was just going to point to #1009.
However, I can assure you that Henry is also aware of this very issue and probably working hard to isolate the cause whenever he has time.
Sorry, but I have to say it again: It might be a user or manufacturer specific issue after all - who knows, I have been unable to reproduce 5 out of the last 6 tickets.
The reason I say that is because many people just buy a computer, with all the shiny and pretty pre-installed anti-virus and other junk software, and I can't assess how this will affect simplewall. For me, this falls under a user related issue - especially if you went looking for a third-party firewall, which is not something a complete beginner user would even think of doing. That makes you an advanced user in my eyes, who should long have gotten rid of the rubbish and borderline spyware that PC / Notebook manufacturers just love to pre-install, if not re-installed Windows entirely.
I remember two tickets where the pre-installed crap was actually the cause for bugs, a rather intrusive Anti-Virus solution that I am not going to name (with user-mode and kernel-mode components).
I don't know if signing the executable, simplewall.exe, with a code-signing certificate would help here, right now it is unsigned and thus prone to more thorough checks and AV hooks possibly preventing it from working properly.
As an example, here's my list of installed programs:
And yes, I know I have to update CLion and IDA, I just haven't felt the need yet. Everything else is virtualized, so I can keep my main installation as clean as possible.
Sorry for the partially off-topic rant.
Hi @gettysburg; I'm going to do my best to address everything you've brought up.
This is not an issue of the notifications appearing blank; that appears to be an unrelated issue dealing with draw coordinates.
Rather, firewall notifications are outright not appearing, with newly-run applications being silently blocked. My simeplwall logs have not updated since April 24th. Trying a reset last night did not seem to help, unfortunately. I'm not sure what is causing this issue, but I'm willing to try test builds where I have time, should that be applicable. I can add an executable into simplewall directly, check its box, and that application's networking will begin working.
I have not disabled Microsoft Defender, though I don't intend to. My own tech-savvy cannot prevent malware intrusion in all scenarios, such as 0-day exploits in the OS itself, exploits in a program I use, from similar or from misbehavior of other users on my network, or in files clients may send me. And despite the utmost caution on my side, Defender has saved me before. It's also worth mentioning, there are modern viruses that steal all of your cookies from your browser and upload them silently, so you could go on not knowing you've been compromised. I do not think this is relevant to this issue, however, as installing a program meant to work with Windows should not require disabling specific Windows components to function unless that process is outlined in installation instructions.
AV Comparatives shows Microsoft Defender's Online Protection rate (enable cloud protection in GP, disable enrollment in MAPS in GP to disable sample submission) to be 99.96% with 5 false alarms, and to be reasonably performant compared to most other antimalware solutions. Additionally, regularly checking this chart shows its quality to be stable, with many others spiking and dipping. Trend-Micro was at one point the singular best one to get, and now it's the singular worst, earning a 4th tier of quality where it sits alone.
All said, I think antimalware choice is out of scope for this issue, however, and will be assuming so unless I should hear from a code contributor otherwise.
I certainly have a longer list of installed programs than you've shown above, but having built my computer, there was little bloatware to remove. That said, number of installed programs isn't really a relevant figure by itself.
As an aside, regarding virtualization, I might suggest you look into using Docker via the Hyper-V platform as through WSL2. You can virtualize whatever you like with specific environmental requirements and little overhead, and with the configuration being down to .Dockerfiles, you can change parameters or update parts with little overhead, and while keeping the system fresh. I used to use VirtualBox several years back, but its relative dip in quality and performance, and it still not fully supporting Hyper-V as a first-class citizen however many years later have caused it to be left behind.
Having said all that, I think it best to create a new issue at this point so as not to get lost in the weeds here, so I'll go do that.
@mpql:
This is not an issue of the notifications appearing blank; that appears to be an unrelated issue dealing with draw coordinates.
Tell me something I don't already know.
I have not disabled Microsoft Defender, though I don't intend to.
Okay.. this is related to this issue in what way exactly? Who asked?
AV Comparatives shows Microsoft Defender's Online Protection rate (enable cloud protection in GP, disable enrollment in MAPS in GP to disable sample submission) to be 99.96% with 5 false alarms.
They tested the AV databases against already known malware, so of course the detection rate was very high.
Even worse, most (I'd guess and say 80-90% of current Anti-Virus solutions on the market) are reactive, not proactive, so they won't help you at all if someone decides to drop a payload that has never been seen / analyzed before.
A firewall like simplewall is proactive, if you assigned strict user rules for the programs that shall have internet access, everything else gets blocked, and thus, can't connect back to a Command & Control server, commonly used by malware, viruses and trojans - unless we are dealing with smart malware that injects itself into other processes, in which case setting strict rules through Windows Defender Exploit Protection will also help:
That said, number of installed programs isn't really a relevant figure by itself.
Duh, but the type of the installed programs matter.
As an aside, regarding virtualization, I might suggest you look into using Docker via the Hyper-V platform as through WSL2.
I expect my virtualization solution to be open source and have reproducible builds, just like VirtualBox, I don't know what "dip in performance" you mean but with full VT-x support I get almost native performance inside the VM, if you enable the hosts disk cache I also have near-native read/write speed inside appliances. Thanks for the suggestion anyway.
Having said all that, I think it best to create a new issue at this point so as not to get lost in the weeds here, so I'll go do that.
There are two, if not three open tickets regarding this issue at this point.. and you want to fragment this whole shitshow even further by creating a fourth one? If you do, please at least link the 3. already existing tickets.
Oh well, go ahead - this is the nicest answer I could put together, literally.
I hope you don't thumb it down again because otherwise..?
You are nothing to me but just another target. I will wipe you the fuck out with precision the likes of which has never been seen before on this Earth, mark my fucking words. You think you can get away with saying that shit to me over the Internet? Think again, fucker. As we speak I am contacting my secret network of spies across the USA and your IP is being traced right now so you better prepare for the storm, maggot. The storm that wipes out the pathetic little thing you call your life. You're fucking dead, kid. I can be anywhere, anytime, and I can kill you in over seven hundred ways, and that's just with my bare hands. Not only am I extensively trained in unarmed combat, but I have access to the entire arsenal of the United States Marine Corps and I will use it to its full extent to wipe your miserable ass off the face of the continent, you little shit. If only you could have known what unholy retribution your little "clever" comment was about to bring down upon you, maybe you would have held your fucking tongue. But you couldn't, you didn't, and now you're paying the price, you goddamn idiot. I will shit fury all over you and you will drown in it. You're fucking dead, kiddo.
Okay.. this is related to this issue in what way exactly?
@gettysburg You mentioned it in reply to the issue-opening post; I was being thorough in explaining the variables in my case.
The rest was my response to your "rant" above; I am unsure why you're flagging my reply to you as unrelated to the issue, but my goal in creating another issue was to try to avoid the unnecessary comments in this one. So let's keep this thread about the issue at hand instead of opinions about antiviruses or copy pasta.
I await @henrypp's further input. 🙂
Whatever my man, I make 6 digits and smoke a lot of marijuana, so that (the latter, legal medical patient) might have something to do with the erratic replies.
It's all good my brother 🤏 🚬 🌿
I'll now lie down for a while and relax.
Same issue. If I want to use cmd, I have to disable simplewall, otherwise cmd just shows "General failure". And I can't find which process should be allowed for cmd network tools to work. Adding TRACERT.EXE is not enough.
@mpql : Navigate to: Computer Configuration > Administrative Templates > Network > Network Connections > Windows Defender Firewall > Standard Profile
Configure "Windows Defender Firewall: Protect all network connections" to "Disabled". Should look like the image below. You might need to restart your PC after that.
Tried this, didn't work.
@rudolphos I don't know what causes this issue or what fixes it per se, but I know that after the next update after these posts, I made sure Fast Startup as disabled (see below), backed up my settings, and completely uninstalled / wiped everything simplewall related (I used VoidTools' Everything to find files), purged anything I could find. Rebooted, installed, rebooted, and it was working again. Make sure you disable Fast Startup; import this registry entry: w11_disable-fast-startup.reg before doing the above.
Alternatively, save the below to a .reg file and import it. Make sure it's encoded as UTF-16 LE, CRLF line breaks, and Byte-Order Marking (BOM) is enabled. Good luck.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"HiberbootEnabled"=dword:00000000
@mpql Things I did:
- disabled fast startup
- used revo uninstaller to uninstall all files and registry entries related; there weren't many leftover files and only 1 registry key
- additionally used regscanner to look for 'simplewall' (there were 63 regkeys containing the word), deleted all
- removed previously edited exploit protection
- used glary utilities and ccleaner registry cleaners
- rebooted
- installed simplewall again
- rebooted
Didn't work ...
@rudolphos You know what, I just checked my logs; I also did an in-place upgrade to reinstall Windows over top of itself. It preserves almost all of your settings, but I think I determined something happened to the ~~WPF~~ WFP.