WFN
WFN copied to clipboard
wokhan
Rules for windows apps not working again
A while ago I've had some issues with the skype app in windows 10 while using the latest alpha WFN version. After adding proper support for windows apps the issue was fixed in beta1 but now it's back doing exactly the same thing: I get notifications from skypehost.exe at every boot, whenever I launch the app and sometimes even without any interaction. The generated rules just get duplicated and are not actually applied... I also got notifications when I launched the xbox app again, which means the whole fix done in beta1 is no longer working. Now running beta2 but I also tested with beta1 with the same results. This is not related to the latest W10 cumulative update, beta version or any new app I installed, I believe it's likely a quite recent background update related to windows apps...
Can you try making the rule with the App-checkbox enabled in the Notifier? I see that it's not checked in your screenshot (which probably is a bug).
Looking at rules in windows firewall interface I noticed these new rules for skype (created by WFN beta) now select not only the program but also the package (if I remember correctly this was not true for alfa). So I let the first rule you can see in the screenshot above as it was (created by WFN), removed the package on the second one, the program on the third and made a 4-th one as you requested with the App checkbox enabled (although I was not able to see any difference between the 4-th and the 1st based on the rule parameters). No luck though, none of these 4 rules managed to allow skypehost.exe so I still got the notification.
Thing is since beta1 there was simply no rule needed for skypehost.exe. I believe the filtering events (as observed in event viewer) were still there but WFN was filtering them out and just not displaying notifications. In which case the problem is actually not with the rule as it should simply not be required.
What I can confirm is xbox is in the same situation: was not triggering notifications before and it does now (except it's only when launching the app and not on reboot). And another note that might help is I have a OS partition clone from July 7, I booted from that and the problem was simply NOT present, not for skype not for xbox no notifications whatsoever on reboot or when starting the apps. After working on that clone for about half an our I noticed a short but high bandwidth download in the background after which I promptly got a notification. And since then the clone has exactly the same issue as the main OS and that was the moment when it was activated.
So based on that I would assume there was an update which broke the WFN filtering, in which case it would probably need a fix. Because I certainly did not have any rule for any windows app before this and it was all working just fine...
Thank you for your deep analysis! I will do some testing on my end, just to make sure it indeed isn't a bug in WFN when dealing with App-rules, but if the rules exist (especially if they allow the traffic), WFN shouldn't be popping up for those apps. If what you're saying is right, then there's little we can do but wait until Microsoft gets its act together and fixes this problem.
OK, thanks for the fast response! I believe I have noticed things correctly, although this indeed seems quite a bit strange. That's because this wasn't caused by any WFN or windows update (that's set to manual on my system, it doesn't even download updates automatically) but by some background automatic update. The only thing I can imagine could do this would be some multiple app update including both skype and xbox...
Regarding your note "but if the rules exist (especially if they allow the traffic), WFN shouldn't be popping up for those apps" I would only comment that on my system these blocking events could never be prevented (and having win apps allowed) by using rules. My understanding was there was some higher level in the firewall overriding any rules and force-blocking this particular non-essential traffic (because the apps actually work fine even without this traffic). So it was then WFN's task to just ignore the filtering events associated with this, and both beta versions have demonstrated to do this just fine until now when none of them is working any longer...
Anyways if this will get fixed somehow I'll let you know. Thanks again for your support!
OK so this issue is quite similar to the one I've had with the latest alpha with one major difference: notifications can be prevented by using block rules (instead of allow). For some reason this didn't work with alpha so I haven't even tried it now although I should have because it's kind of obvious why this works...
So problem is fixed for now but it seems there's still need for more work here since this particular win-app traffic is forced-blocked and should be recognized and handled accordingly by WFN. Because it's mainly generated when launching win apps so most people will likely have the same issue with it, will try to allow it first only to notice it doesn't work.
In fact, as you can see from my previous comments I have initially assumed beta1 was already handling it, and still not exactly sure about that. That's because until a few days ago I most certainly did not have any rule matching this traffic, so WFN was not matching any block rule to prevent notifications for it. And it's true that I haven't lately confirmed this blocked traffic was still there (and I'm now actually assuming it wasn't and only re-appeared after the recent Skype update) but I've clearly confirmed this when I updated to beta1. The update has fixed my issue with alpha and I know for sure the blocking events were still there at that time. So not exactly sure how it was possible for beta1 to prevent notifications without any block rule if it doesn't handle this traffic, or perhaps it is trying to handle it but has issues, maybe you can clarify this aspect as well...