simplewall

simplewall copied to clipboard

On the example of program ESET Online Scanner (antivirus scanner) - traffic is blocked, despite the settings, the program does not notify about what is happening. There are no entries in the simplewall_debug.log about this, absolutely zero. I turn off simplewall and the problem disappears. My last topic was closed, but the problem remained after the change of two recent versions.

Any entries in packets log?

For some reason, I never have entries in the package log.

Please provide more information about your system, i.e. what exact Windows version and build you are running so we can, if required, debug / reverse engineer this issue using the kernel and usermode libraries (and their respective symbols provided by Microsoft) that your system is using.

You can provide this information by opening winver.exe from the Start menu and taking a screenshot of it by using the Snipping Tool (use the mode Window Snip).

The screenshot is automatically copied into your clipboard, from where you can then upload it on here by simultaneously pressing CTRL + V.

Thank you.

Windows 10 Pro x64 / 10.0.19044.1889 (Win10 21H2 November 2021 Update)

I'm having the exact same issue on Windows 10 21H2 (OS Build 19044.1889). New apps do not show the notification window to allow them through simplewall and the packet log is empty.

It was working just fine before. Downgrading versions does not help.

The log file has errors and warnings around FwpmNetEventSubscribe or FWPM_ENGINE_COLLECT_NET_EVENTS.

I found an older comment indicating one should reinstall Windows but that seems like a nuclear option. Is there no way to reset permissions or libraries to their default state and fix this? Discussion from 3 years ago: https://github.com/henrypp/simplewall/issues/580#issuecomment-565971495

Hi @paradoxministry and everyone else asking themselves this question, all that simplewall does is change WFP (Windows Filtering Engine) rules, by pressing "Disable filters" on the main window, confirming your choice and then uninstalling it you have already made undone all changes by simplewall.

This seems like an issue with the WFP API itself on Windows 10 21H2 November 2021 Update (10.0.19044.1889), which you both are using.

My suspicion here is that some of the internal structures, classes and functions used by Windows were changed, and that Henry has to update simplewall to match those - a good analogy would be a key and a lock, to successfully open a lock (interact with WFP) you need to make your program use the correct data structures, classes and functions (key).

I am currently very busy at my job and can't install that specific version of Windows in a container / VM unfortunately.

Please wait for the developer to look into it.

@henrypp

I am aware that all simplewall is doing is using the WFP API which is why I brought up the fact that it was working fine before Windows updates and security patches.

I'm happy to report that I managed to fix the issue on my own machine by re-installing Windows on top of my existing installation, keeping my files and apps intact. I tried a few different approaches but nothing worked except for a re-install.

It's strange but it is what it is, something in Windows in either the registry or system config must have been corrupted or changed such that WFP notifications were no longer being displayed.

@debobrov I recommend you try a Windows re-install as well, I doubt any version of Simplewall is the problem for this issue.

Weird, but I'm glad you got it fixed, even if I wanted to find the reason for that, reinstalling just to get their firewall working is not an option for many users, considering all the customization's and changes I had to do after installing my OS before I was satisfied with it.

Your full Windows version string did not change by any chance?

No, I can confirm the exact same build version is present after the reinstall. Initially I had done an upgrade from 1809 and hadn't noticed the notifications stopped appearing for quite some time, just noticed some apps started misbehaving, especially new apps.

I guess we can rule out changes to the usermode WFP API then, but thinking about it now , Microsoft has always been somewhat conscious of not breaking essential programming interfaces.

Guess it was just one of those Windows things, then, which either go away if you:

1.) Turn it off and on again. 2.) Re-install the OS.

Generally, I can't reproduce most bugs reported here, but that might be because I don't use a consumer version of Windows anymore, after Windows 7 support expired, I switched to Server 2019, which doesn't get the ludicrous amount of updates consumer Windows 10 gets, even while at it's core, still being based on the Windows 10.0.17763 / 1809 kernel.

Other nice features are complete control over your OS, no annoying apps, and a user interface that is somewhat usable for production usage.

@debobrov Are you using something like ExplorerPatcher or anything similar that changes the taskbar/start menu? I noticed while using ExplorerPatcher I wouldn't get any of the pop-ups, after uninstalling ExplorerPatcher the pop-ups appear again.

Not sure if this is the same for Start11 or Startallback but it did happen with ExplorerPatcher installed on Windows 11 at least, but perhaps similar issues arise if you use similar programs in W10.

I'm not sure that the events are somehow connected, but once I tried to change the explorer context menu (which appears when you right-click) using WinaeroTweaker - removing some items.

The program is not portable and has no effect on pop-up notifications, only on the contents of the menu.

I'm not sure that the events are somehow connected, but once I tried to change the explorer context menu (which appears when you right-click) using WinaeroTweaker - removing some items.

The program is not portable and has no effect on pop-up notifications, only on the contents of the menu.

ExplorerPatcher hooks into a .dll-file (or replaces it), not sure how WinAeroTweaker works, but perhaps you could see if reverting these changes and disabling/removing it has any effect? As far as I'm aware WinAeroTweaker only changes things in Settings/Registry but I could be wrong.

The only changes I made with ExplorerPatcher was reverting the taskbar to W10 one to allow ungrouped open applications and it stopped showing me notifications from SimpleWall. As soon as I uninstalled it, the pop-ups started showing again. I was contemplating creating a ticket @ Simplewall for it but it's somewhat out-of-scope as it's something that modifies UI-elements in Windows I feel somewhat reluctant. On the other hand there could be more people experiencing the same issue with several different applications. I'll let the devs decide on that.

The only other possibilities I can think of are things that have desktop overlays, change the themes/wallpapers etc. but obviously this is all farfetched, you could try to shutdown every application besides Simplewall and Eset virus scanner to see if it changes anything.

I don't have apps that change the theme or wallpaper, I have windows defender installed, and I haven't made changes to notifications from Windows or other apps. I do not exclude that the problem may be related to that program, as it may not be related.