Welcome
Welcome to vistafirewallcontrol

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

Bug in latest stable version (x64 8.1.0.16)

Bug in latest stable version (x64 8.1.0.16)

Postby Iggiz » Thu Jun 15, 2017 10:52 pm

I just updated to the latest version and now ended up with issues. It seems like it doesn't save my settings anymore, I didn't have such issues with the previous version (I think it was 7.5.100.200).

From what it looks like all old rules I set are still working and only new ones are affected.

Tested with Process Explorer, on the first run it was showing the detection dialog, I select EnableAll and the program was added successfully to my program list.

Everything is now working fine until I restart my computer. After the restart Process Explorer can't access the internet anymore.
I checked the program list and it's still listed in there under EnableAll. However in the event log Process Explorer is now shown as Detection for unknown reasons, but there is no detection dialog this time so it ends up being blocked.
Iggiz
 
Posts: 7
Joined: Thu Jun 15, 2017 10:42 pm

Re: Bug in latest stable version (x64 8.1.0.16)

Postby VistaFirewallControl » Fri Jun 16, 2017 11:40 am

>I just updated to the latest version and now ended up with issues. It seems like it doesn't save my settings anymore, I didn't have such issues with the previous version (I think it was 7.5.100.200).

Portable or desktop version?
The portable version may not keep the settings from a previous (portable as well) version.
The settings format was changed significantly due to new by-name filtering inroduced.


>From what it looks like all old rules I set are still working and only new ones are affected.

Could you please be more descriptive.
Please realize the less strict the problem description the less strict answer expected.

Did you update 7.5 installable (desktop) to v8 portable without correct uninstalling 7.5?
Or vice versa?


>Everything is now working fine until I restart my computer. After the restart Process Explorer can't access the internet anymore.
I checked the program list and it's still listed in there under EnableAll. However in the event log Process Explorer is now shown as Detection for unknown reasons, but there is no detection dialog this time so it ends up being blocked.

The detection and events reporting are based on the native system ability to report events.
Do you see any new events wherever (balloon, log, events pane) after reboot?
Please verify. The instructions exists, but rather system, not the firewall related.

Looking forward to hear from you
VistaFirewallControl
Site Admin
 
Posts: 1479
Joined: Fri Mar 27, 2009 11:25 am

Re: Bug in latest stable version (x64 8.1.0.16)

Postby Iggiz » Fri Jun 16, 2017 12:11 pm

VistaFirewallControl wrote:>
Portable or desktop version?
The portable version may not keep the settings from a previous (portable as well) version.
The settings format was changed significantly due to new by-name filtering inroduced.

Did you update 7.5 installable (desktop) to v8 portable without correct uninstalling 7.5?
Or vice versa?


I had 7.5 Desktop and updated to 8 desktop.

I did not uninstall 7.5 manually, just downloaded the 8 installer and ran it, is that an issue?



VistaFirewallControl wrote:>
Could you please be more descriptive.
Please realize the less strict the problem description the less strict answer expected.


I meant that my old rules from 7.5 where still listed and all seem to work fine (all program that could access the internet previously still can access it on 8)



VistaFirewallControl wrote:>
The detection and events reporting are based on the native system ability to report events.
Do you see any new events wherever (balloon, log, events pane) after reboot?
Please verify. The instructions exists, but rather system, not the firewall related.

Looking forward to hear from you



For Process Explorer there is a new "detection" entry but no dialog is shown and the program is blocked. If another program that doesn't have a entry in the programs section yet a dialog is shown, so this part seems to work fine.
Iggiz
 
Posts: 7
Joined: Thu Jun 15, 2017 10:42 pm

Re: Bug in latest stable version (x64 8.1.0.16)

Postby VistaFirewallControl » Fri Jun 16, 2017 12:48 pm

>I did not uninstall 7.5 manually, just downloaded the 8 installer and ran it, is that an issue?

Hardly. Installing desktop upgrade on-the-top of another desktop installation is correct operation.

>For Process Explorer there is a new "detection" entry but no dialog is shown and the program is blocked.

The detection prompt can be switched off in Settings for all the applications.....


>If another program that doesn't have a entry in the programs section yet a dialog is shown, so this part seems to work fine.

Anyway the detection prompt should not be expected shown for already listed applications.
The detection is a kind of request to list.
Also the detection prompt may be suppressed by the system.
Actually Windows itself prevents third party programs from popuping on the top of foreground applications (especially full screen graphics and presentations)
WxFC does its best to show the popup anyway but the system has strong limitations for that.

How to verify the detection prompt operability.
Choose a for sure internet active application (Process Explorer may not issue network activity always), a web browser for instance, delete it from the list, start the application and force it to be network active (e.g. navigate web browser to not previously cached page) and check the detection prompt appearance.


>For Process Explorer there is a new "detection" entry but no dialog is shown and the program is blocked.

It may be the detection entry of the initial (previous) attempt.
The detection logic is the following.
On the detection every unlisted application is blocked first, then the prompt and event are shown.
If order to pass the application to network you need to set enabling permissions and force the application to reconnect.
Applications generally do that automatically, but exceptions exist


What is the problem left, could you please specify
VistaFirewallControl
Site Admin
 
Posts: 1479
Joined: Fri Mar 27, 2009 11:25 am

Re: Bug in latest stable version (x64 8.1.0.16)

Postby Iggiz » Fri Jun 16, 2017 2:08 pm

VistaFirewallControl wrote:The detection prompt can be switched off in Settings for all the applications.....


Not switched off...


VistaFirewallControl wrote:Anyway the detection prompt should not be expected shown for already listed applications.


That's exactly what I'm trying to tell you, it should not be shown again (it doesn't) and it should not be listed as detection in the logs once listed


VistaFirewallControl wrote:It may be the detection entry of the initial (previous) attempt.


It's not...



I use pictures now.

1) Process explorer is not listed in my programs (I didn't start it yet)

https://i.imgur.com/K0jlRvu.png



2) I start Process Explorer and the detection dialog show, I Press EnableAll

https://i.imgur.com/sweiw6i.png


3) Process Explorer is working now and can access the internet, no problems. A entry was added under my programs.

https://i.imgur.com/ploLNN5.png



4) I restart my computer and the entry is still there as you can see

https://i.imgur.com/IN4qD4T.png


5) The event log is EMPTY

https://i.imgur.com/a4SxaAY.png


6) I start process explorer and it can't access the internet. It's broken (e.g. Fails to connect to virustotal). No detection dialog. Nothing.


7) The event log now shows a detection when it's supposed to show zone EnableAll since I have it in my EnableAll zone list.

https://imgur.com/a/a8QWn
Iggiz
 
Posts: 7
Joined: Thu Jun 15, 2017 10:42 pm

Re: Bug in latest stable version (x64 8.1.0.16)

Postby sp4096 » Fri Jun 16, 2017 3:31 pm

On 64bit windows, PE loads the 64bit unit into temp and deletes it after use.
Try to display Path in Programs and Events panes to show something like ...\Utilities\procexp.exe and ...\Utilities\procexp64.exe.
Me thinks you'd need to have both entries but I haven't used their VT connection, so it's just a guess.
sp4096
 
Posts: 101
Joined: Tue Apr 26, 2016 2:57 am

Re: Bug in latest stable version (x64 8.1.0.16)

Postby VistaFirewallControl » Fri Jun 16, 2017 4:02 pm

Exactly, the firewall identifies programs by full paths.
So
...\Utilities\procexp.exe and ...\Utilities\procexp64.exe.
are different entities to list and to permit separately.
This explains the "double" detection.

How do you run ProxExp? Directly from a zip in Explorer? clicking on procexp.exe or procexp64.exe (one can relaunch another accordingly to system bitness)?
We would like to reproduce. How temp and the file deletion are involved ?
What is R: drive?
Access.log from the firewall installation folder would be helpful as well.
The log should show detection of ProcExp on different paths.

We tried to reproduce but everything worked as expected.
First ProcExp was detected (with the Detection event), blocked for the detection, the prompt is shown, EnableAll set, VT retry showed the VT results.
Next ProcExp launch (on a different path) did the same individually.
VistaFirewallControl
Site Admin
 
Posts: 1479
Joined: Fri Mar 27, 2009 11:25 am

Re: Bug in latest stable version (x64 8.1.0.16)

Postby sp4096 » Fri Jun 16, 2017 4:29 pm

Just to complete the story on my end ...
I tried the VT job from ProcessExplorer and all seems ok.
Sphinx detected myUtilities\procexp64.exe.
I set it to WebBrowser zone, and it worked fine. Just one rule needed.
Ending PE shows the rule as inactive - red crossed circle - as expected.
After restart that rule was retained, still inactive since the temp file is gone.
I ran PE again, selected a different file for VT check. No alerts, got VT results silently, no problems.
The path is c:\users\admin2\appdata\local\temp\procexp64.exe.
I use RunAsAdmin for running PE.
Just my 5cents, and hope you don't mind a hijack :)
sp4096
 
Posts: 101
Joined: Tue Apr 26, 2016 2:57 am

Re: Bug in latest stable version (x64 8.1.0.16)

Postby Iggiz » Fri Jun 16, 2017 4:38 pm

On the first start I get this in the logs:

2017:06:16|18:33:18|Blocked|1|IPv4 TCP 74.125.34.46:443(51058)|R:\temp\procexp64.exe|Detection Outgoing|R:\temp\procexp64.exe
2017:06:16|18:34:11|Allowed|1|IPv4 TCP 74.125.34.46:443(51059)|Sysinternals Process Explorer|EnableAll Outgoing|R:\temp\procexp64.exe


After pc restart i get this in the logs:

2017:06:16|18:36:41|Blocked|1|IPv4 TCP 74.125.34.46:443(49692)|Sysinternals Process Explorer|Detection Outgoing|R:\temp\procexp64.exe



My process explorer is located here:
"C:\Program Files (x86)\ProcessExplorer\procexp.exe"

I run it via a shortcut on the desktop.


R: drive is a ramdisk, I have my Temp folder on it.



Everything works fine on 7.5, this problem only occurs on 8.
Iggiz
 
Posts: 7
Joined: Thu Jun 15, 2017 10:42 pm

Re: Bug in latest stable version (x64 8.1.0.16)

Postby VistaFirewallControl » Fri Jun 16, 2017 7:41 pm

Thank you for the clarification!

>R: drive is a ramdisk, I have my Temp folder on it.

What is the software created the ramdisk? The ramdisk software was updated recently?
What is the OS version?

W10FC v8.1 64 bit Free/German Edition. Correct?


>Everything works fine on 7.5, this problem only occurs on 8.

Actually there were no any changes in the programs detection since v6....
We have just tried to reproduce the problem on the "normal" temp folder. Everything worked correctly.
We would like to reproduce with the ramdisk though.
The temp folder was reassigned by TEMP variable of the environment? Or anyhow else?

Looking forward to hear from you
VistaFirewallControl
Site Admin
 
Posts: 1479
Joined: Fri Mar 27, 2009 11:25 am

Next

Return to Specific behavior

Who is online

Users browsing this forum: No registered users and 1 guest

cron
suspicion-preferred