Welcome
Welcome to vistafirewallcontrol

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

Wish: add PID on events

Wish: add PID on events

Postby sp4096 » Sun Feb 12, 2017 4:32 am

It would be nice to see PID when something runs to be able to see further details in ProcessExplorer or TaskManager. Especially for svchost.
Scheduled task names would also be great if shown in events.
sp4096
 
Posts: 111
Joined: Tue Apr 26, 2016 2:57 am

Re: Wish: add PID on events

Postby VistaFirewallControl » Sun Feb 12, 2017 2:05 pm

Unfortunately any PID related operation would be inconsistent or not strict at least.
There are several reasons for that.

- WxFC is based on WindowsFilteringPlatform, the security core of Windows.
WFP has fullpath as the only parameter to identify processes.
So there is no a direct way to set permissions or check events by PID.

- Every process (with the same fullpath) may be launched multiple times, so you may have multiple PIDs for the same protected/listed application.
Looks like possibility of multiple PIDs would hardly make your expected further investigations simpler.
So PID would be able to be useful only if there is only a single instance of a process.

>Scheduled task names would also be great if shown in events.

Fullpath is the only process identifier. WFP can’t trace a process parent or way the process was created (manually, automatically, by scheduler etc)
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am

Re: Wish: add PID on events

Postby sp4096 » Mon Feb 13, 2017 1:40 am

Understood. Thanks.
sp4096
 
Posts: 111
Joined: Tue Apr 26, 2016 2:57 am


Return to What is VistaFirewallControl, features

Who is online

Users browsing this forum: No registered users and 0 guests

suspicion-preferred