| - Frequently Asked Questions
- How to Un-install
- Start/Programs/Windows7FirewallControl/Uninstall.
- How to register (Plus version only)
- open the Registration form (W7FCTrayIcon/RightClick/Register)
- put the VFC..... License code into the field at item 2
- press "online" (*) at item 3
- check registration code (**) and press "register" at item 4 to store the code within the program.
(*) registration code or error message is displayed within a couple of seconds. "By e-mail" option will require manual up to 48+ hours processing at our side. So, the online method is more preferable.
(**) descriptive error message may be shown instead of registration code. Most probably because of (a) syntax/case errors in the License code, (b) incorrect usage of a License code from another version/product.
Re-registration is required after upgrade or re-installation onto a different media (backup restoration causes the media virtually changed sometimes). The registration code change confirms the re-registration was required for the reasons above. - Windows7FirewallControl and the Built-in Firewall
- Windows7FirewallControl is based on Windows Filtering Platform (WFP), the security core of Windows8/7/Vista/2008, completely and does not install any third party kernel drivers. The Built-in Firewall is based on the same WFP as well. The both products work independently entirely. You can switch the Built-in Firewall ON or OFF at your option due to complete product independence.
- My Application is Blocked...
- Windows7FirewallControl is based on Windows Filtering Platform (WFP) completely, as the result, some WFP specifics should be taken into consideration. _Any_ initial access attempt of _any_ unlisted application is rejected initially. The rejection is the only way to detect new application access by catching the blocking notification unfortunately. The blocking approach is useful as the firewall blocks any malware trying to send a personal data out on the start.
- After the rejection is made, the default zone (DisableAll for the free version only) is applied to the application immediately and the "Edit Program" dialog is prompted to choose a security zone for the application. Pressing Apply (or ApplyOnce) the chosen zone is applied.
- Applications make several attempts to reestablish the connection usually and the connection (if enabled finally) is established eventually. Some applications make only single connection attempt unfortunately, so you have to force "reconnection" attempt manually. The initial block occurs only once anyway, till the application is not listed only.
- Mutable (Web) Installer Helpers
- Setting "EnableAll" to an application and forcing the "reconnect" may be not enough to enable the application. The reason is simple typically. The application (web installer mostly) uses a dedicated separate downloading component/helper for every single download attempt. The helper is generated under a new name (or in a new directory) every time. So, the actual component appears new (unlisted, always rejected initially) to Windows7FirewallControl and the scenario of initial rejection repeats endlessly as the result. The helper has to be listed and enabled in advance, manually (before the application detection) to avoid that. AllApplications zone can be used to enable (temporarily) the destination address/port to all the applications as well.
- Web browser set with LanOnly can connect worldwide.
- The antivirus (AV) online network monitoring produces the unexpected behavior. Modern AVs are very nifty and trap web browsers and e-mail clients "inside" PC before the applications reach real network address on-the-fly. The applications (browsers/e-mail clients) interact with an AV related services locally and real network interaction goes through (in the name of) AVs as the result. Local traffic is important vitally mostly, expected safe and permitted by many predefined firewall rules. Disabling AV online monitoring disables the traffic trapping. The applications will issue the traffic directly and can be controlled/disabled normally after that. DisableAll set to the applications disables the local traffic only otherwise.
- Multiple app(1), app(2) etc entries in Programs list.
- The firewall distinguishes the applications by full path name, so C:\FolderA\ABC.EXE and C:\FolderB\ABC.EXE will be listed by the firewall separately. That is correct as the applications (executables) are different formally. However, if there are two (or more) instances of absolutely the same executable, the firewall adds (2),(3) etc suffixes listing instances of the executable separately. You can rename the applications in the list if it is required. There are some specific applications (usually installers or update checkers) those generate network active helpers for every single network access attempt. The helpers (executables) are generated randomly and named unpredictably usually, however the helpers are binary equal. As the initial access attempt is blocked by the firewall the helper is blocked accordingly (but listed), the parent application generates new helper under a different name then, the helper is blocked again and the process loops endlessly. If the activity is expected safe, the solution is creating a (temporary) applicationless rule to enable the destination for the updating/installation of any application via Blocked Events pane (check the manual for the details). The next helper generated will be permitted to reach the desired destination before the initial detection block as the result. TrayIcon/RightClick/Mode:EnableAll setting switches the firewall off finally. The update/installation can be made manually as well.
- Permanent Disk activity
- Unexpected disk activity is encountered while running Windows7FirewallControl. The activity is related to wfpdiag.etl file mostly and detected by some "monitoring" programs, antiviruses etc. The activity is not caused by Windows7FirewallControl directly.
- W7FC performs some polling actions to underlying network core - Windows Filtering Platform (WFP) actually, but never originates a direct access to the file. The polling is used for real-time application access detection and for blocked event notifications gathering. There is no official WFP related information available.
- Leak found
- There are some on-line leak tests saying "failed" to Windows7FirewallControl (W7FC). W7FC is based on Windows Filtering Platform (WFP), security core of Windows8/7/Vista/2008 completely. (Note: The built-in Windows8/7/Vista/2008 firewall is based on the same security core). So any leaks detected in Windows7FirewallControl should be addresses to Microsoft directly probably. Windows7FirewallControl is not able to affect quality of the underlying core neither positively nor negatively anyway, Windows7FirewallControl is a user friendly front-end to WFP.
- On the other hand, there is no a big problem to write a program, which communicates with a site and displays "failed". No detailed information on the performed test is provided usually. The same tests claim that the world market leaders can not pass the test sometimes. The only program passed the test can be just a program advertised at the same page. Please make your own conclusion regarding the "purpose" of the tests.
- The Firewall slows down the Internet/Computer.
- The slowing down is hardly possible technically directly. Windows7FirewallControl does not process the traffic itself (excepting XP Edition); the firewall control just manages the filtering rules of WindowsFilteringPlatform (WFP) - the security core of Windows8/7/Vista/2008. WFP processes the network traffic solely. An implicit impact could be possible though. Some applications being blocked (regardless partially or entirely, correctly or mistakenly) try to recover, change the behavior and start occupying more CPU/disk/network resources aggressively. TaskManager could help to clarify the problem and find a slowing down suspect. The application reconfiguration or update could help. Reasonable network permission adjustments to the application can be used as well.
- Application is enabled, but notifications are coming
- The notification balloon displays the entire blocked events regardless of the origin. So the blocking events shown may be originated by another program (WindowsFirewall) or even by the network "peer". Setting "TrayIcon/RightClick/Mode:EnableAll" helps to verify the blocking origin. The option switches the firewall off entirely.
- "System" applications default zone
- The Free version can not protect "system" applications, formally located in C:\windows\*. So, the Free version blocks any initial network access attempts of the "system" applications (as explained above), forcibly/implicitly sets "EnableAll" zone to the applications implicitly always and prompts you with "Now Enabled:" in the notification balloon. The behavior provides system/network related services with unlimited network access.
- Multiple (prev) marked zones
- If the upgrade includes a modified zone with the same name, the previous (customized optionally) zone is not overwritten unconditionally but saved and marked with (prev). The (prev) marked zones may be deleted easily if the zones are not customized or will not be required later. The overwriting can be prevented by naming the customized zone accordingly to the modifications made. The zones with equal names are updated only.
- "The Service is not reachable...." message
- The message (shown rarely) is not sign of a problem. The message is intended to inform that current Windows7FirewallControl operation can not be performed instantly and is scheduled for the next period (within next 20-30 seconds mostly). The message is displayed if CPU or disk is under heavy load (peak values are important, not average ones) by other applications leaving no enough resources behind to perform security related operations. The message does not indicate a protection lack. The message just informs temporary "deprivation" of the ability to alter the security settings for a short period.
- The portable version autostart
- The portable version requires (real) administrative permissions for running in order to operate with the underlying network security core in full. So, the firewall must be elevated (via the UserAccessControl dialog) to be granted with the real administrative permissions. Windows8/7 and Vista limit autostarted program from the full permissions because of the evident security risk, so putting the program in AutoStart folder will not work. The solution is launching the program via the scheduler granting the real administrative permissions to the firewall explicitly. The scheduled task has to be set as "Begin the Task" to "At Log on" (in the Trigger tab) and "run with highest privileges" (in the General tab) checked. All the other steps are as for any other scheduled application.
- TrueCrypt automounted devices
- Any Windows allows connecting external device to the system and assigns a drive letter to the device automatically. Windows tries to identify the device properly and assigns the same drive letter to the same device accordingly. However, the product operates with so called physical, internal device paths, instead of the habitual drive letters (e.g. C:\,D:\ etc). The internal paths allow identifying the devices (and so the full applications paths) more precisely. The problem arises if an external device is connected; the internal device path is different (new) always in spite of the assigned drive letter is the same. So the firewall must recheck and reapply permissions of applications located on the external device to reflect the new applications paths on the device arrival. The re-applying is done for every portable (non-fixed, explicitly or implicitly) device connected to the system automatically. Any USB connected device is identified as portable and the product uses the "portability" mark of the device for the permissions reapplying. TrueCrypt automounted devices are not marked as portable by default unfortunately. The firewall blocks any attempt to connect to the internet of TrueCrypt device based applications as the result. TrueCrypt devices are non-fixed actually and so portable by nature though. The solution is setting "mount as portable" in the TrueCrypt settings explicitly. The firewall will be able to identify the portability correctly and to reapply the permissions of the device based applications automatically.
- The Firewall does not detect programs and blocks internet
- There is a specific problem on selected Windows 7 OEM installations. The problem is confirmed on HP laptops with preinstalled Windows 7. The problem is not related to Windows7FirewallControl and is caused by inconsistent installation specifics directly.
- If Windows7FirewallControl does not detect/list network active applications, doesn't display any blocked events and blocks the entire network connectivity optionally, please verify:
- Explanation: The problem is in lack of permissions for c:\windows\system32\wfp\wfpdiag.etl. As the result the underlying system core (not Windows7FriewallControl) can not access the required component and fails with "Access denied"
- Solution: Run cmd.exe as Administartor and invoke
icacls c:\windows\system32\wfp\wfpdiag.etl /grant "NT SERVICE\BFE":(R,W) netsh wfp set options netevents = off netsh wfp set options netevents = on If the last command is successful, the problem is solved. Windows7FirewallControl will start detecting/listing the applications, setting the applications with reasonable/default permissions and the network connectivity will be restored.
|
