simplewall icon indicating copy to clipboard operation
simplewall copied to clipboard

Published 20 hours ago verified publisher icon henrypp

Something went wrong. Open debug log file...

Open ilikesushi1212 opened this issue 3 years ago • 1 comments

Hi there, I am getting the error "Something went wrong. Open debug log file..." all the time.

When I look at the log file, I see many lines like this:

"Error","‎8/‎13/‎2022 ‏‎12:20:29 AM","FwpmFilterSetSecurityInfoByKey","0x00000005","#704","3.6.6","10.0 build 22000"

I also see many lines like this:

"Error","‎8/‎13/‎2022 ‏‎12:20:29 AM","FwpmFilterDeleteByKey","0x00000005","{E1D1C813-6EEB-4DED-83D9-0A2764255459}","3.6.6","10.0 build 22000"

Where the Deescription is different but same Level, Date, Function, Code, etc.

I have tried to uninstall and reinstall simplewall, but nothing seems to fix the problem.

Since I have been getting this error, simplewall does not appear to be blocking anything. When I disable a program that is on my "Apps with internet access", it moves to the "Apps without internet access" section, but is not blocked (is still able to access the internet).

Any help or suggestion as to the nature of the problem would be greatly appreciated as the program seemed to be working fine until recently!

ilikesushi1212 avatar Aug 13 '22 04:08 ilikesushi1212

After more investigation, there was a problem with the Windows Defender Firewall. I was getting Error code 0x8007045b. I tried several things to fix it, with no success. In the end, I did an in-place re-install of Windows 11 and that seems to have fixed the problem.

ilikesushi1212 avatar Aug 13 '22 20:08 ilikesushi1212

I encountered the same issue and fixed it by adding write permissions to the registry key HKLM\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\Filter. To help future victims, I'll document the issue here.

For some background, this isn't actually a simplewall issue, because the logs indicate the error occurs during calls to the WFP APIs like FwpmTransactionCommit, FwpmFilterDeleteByKey, FwpmFilterSetSecurityInfoByKey. This is an issue with WFP itself, which simplewall uses to perform all of its filtering. 0x00000005 means access denied. Well access denied to what? I found this detailed article reverse engineering WFP, which pointed me to the registry key HKLM\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\Filter where WFP stores its filters. Procmon showed that when the error occurs, the BFE windows service tries to read from that registry key but fails. The permissions on that key look liked this:

wfp-wrong-perm

If you compare the permissions on that key to Windows Sandbox or a fresh install they should be this:

wfp-correct-perm

wfp-perm-details

I don't know how it happened, but it seems like the BFE service got it's permissions removed from the key. To fix, you add those permissions back. When it prompts you to type a user, you need to enter NT SERVICE\BFE since it won't find BFE

select-user

mesvam avatar Nov 10 '22 06:11 mesvam