This question is a means of preventing automated form submissions by spambots.
What are the l a s t four characters of "c30a3c4df493ac6090d3d25a"? You must also add "xx!1.." to the answer but type "1" as a word not a number.
Smilies
:clap: :crazy: :thumbdown: :thumbup: :wtf: :yawn: :tired: :relaxed: :grin: :smile: :wink: :sad: :eek: :shock: :???: :cool: :lol: :mad: :razz: :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :neutral: :mrgreen: :geek: :ugeek: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :wave:
   

If you wish to attach one or more files enter the details below.

Odysseus, 2017-03-20 01:24 »

Hello, thanks for your posts, OP: I implemented the firewall hack in Win10, just letting through progs I trusted and switching to "recommended settings" when I wanted an update (and back to my personal firewall policy afterwards, of course).

Everything went fine for nearly a year, but now I get "error 87 / invalid parameter" when trying to import said policy. Note that it isn't a corrupt file, as the dozen or so policies I saved all show the same error. And it isn't a software glitch either as saving/importing new policies works OK.

Has MSoft silently changed something in the way the policies are now saved? :evil:

I googled around a lot but couldn't find any information on this specific error, or even on the (binary) format of the .wfw files Windows uses for exporting the settings.

As I now have to rebuild my settings from scratch, a word of caution: save your settings also in the tab-separated text format available with a right click on the Inbound Rules (& Outbound Rules) folder(s) in the advanced firewall interface, then clicking Export List in the popup menu. You won't be able to re-import these lists, but at least they are human readable (e. g. with some spreadsheet).

Hope that helps. Good luck!

!, 2016-06-13 11:57 »

Weird behaviour but then again, it's Windows. Nothing makes sense in it anymore! :sick:

Tina, 2016-06-10 17:42 »

1. I only added 'explorer.exe' 'cause it's POPPeepers' parent,
and I thought, maybe, that it might use that as the source for
the rule.

2. The IE icons' Properties in taskbar (Win10, which I pinned
from the 64bit version; also, I don't like the START either since
it doesn't work (when doing 'all apps', if I type in a letter
(A-Z) to see my program, it just puts up a blank white window
(rectangle on end) which needs ESC to get rid of, so I'm FORCED
to scroll down the list and then select it...SO MUCH USELESS/PRONE
TO MISTAKES work by the user???!!!))

shows it is NOT from x86:
"C:Program FilesInternet Exploreriexplore.exe"

Anyway, I added a new OB rule:
Rule Name: ALLOW iexplore.exe-32
----------------------------------------------------------------------
Enabled: Yes
Direction: Out
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: Any
Edge traversal: No
Program: C:Program Files (x86)Internet Exploreriexplore.exe
InterfaceTypes: Any
Security: NotRequired
Rule source: Local Setting
Action: Allow
Ok.

but it made no difference. Once again, they both failed, I added
the service back to the WinUpd OB rule, and, again, w/o
re-starting anything, they then both worked.

3. And anyway, this wouldn't explain POPPeepers' failure...

4. nor Win7s'. On both, I did:

C:>dir /s /a /x iexplore.exe

Win7 only has this:
Directory of C:Program FilesInternet Explorer
12/16/2011 02:03 AM 673,048 iexplore.exe

while Win10 does have both:
Directory of C:Program FilesInternet Explorer
10/30/2015 01:18 AM 816,320 iexplore.exe

Directory of C:Program Files (x86)Internet Explorer
10/30/2015 01:19 AM 819,904 iexplore.exe

and both have winsxs entries.


BTW: normally, I don't need to Enable any of my ALLOW rules
when the WinUpd rule has the service in it...

!, 2016-06-09 17:53 »

Tina wrote:..."Do not add service containers or programs that host services,
such as Svchost.exe, Dllhost.exe, and Inetinfo.exe, to the rules
list without specifying the individual service that is to be allowed
or blocked. Specifying only the service container as a program
might compromise the security of the computer."...

Forgot to comment this one, that's true. Those load other programs inside themselves, (yeah crazy fucking Windows), so when you block them, a lot of other stuff gets blocked but it shouldn't be a problem. I mean, it depends what you use. Also, I personally use FireFox and not IE so I only have to open FireFox, I KILL ALL ELSE! *lol*

!, 2016-06-09 17:50 »

One thing, you don't need to add "explorer.exe", that is the file management thing which shows "My Computer" and files and such. The thing you want to open is "iexplorer.exe" BUT... there are TWO of those, one is x64 bit and the other is 32 bit. One is in the "C:Program FilesInternet Explorer" and the other is in the "C:Program Files (x86)Internet Explorer", maybe you only opened one of the IE and you run the other one. Try adding both of them and see if it works to surf. I'll await report. :mrgreen:

Tina, 2016-06-09 15:21 »

Unfortunately, I already tried that, with no success.

Here are the 4 OB rules I created:

Rule Name: BLOCK WinUpd,etc
----------------------------------------------------------------------
Enabled: Yes
Direction: Out
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: Any
Edge traversal: No
Program: C:WindowsSystem32svchost.exe
InterfaceTypes: RAS,Wireless
Security: NotRequired
Rule source: Local Setting
Action: Block
Ok.


Rule Name: ALLOW explorer.exe
----------------------------------------------------------------------
Enabled: Yes
Direction: Out
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: Any
Edge traversal: No
Program: C:Windowsexplorer.exe
InterfaceTypes: Any
Security: NotRequired
Rule source: Local Setting
Action: Allow
Ok.


Rule Name: ALLOW iexplore.exe
----------------------------------------------------------------------
Enabled: Yes
Direction: Out
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: Any
Edge traversal: No
Program: C:Program FilesInternet Exploreriexplore.exe
InterfaceTypes: Any
Security: NotRequired
Rule source: Local Setting
Action: Allow
Ok.


Rule Name: ALLOW POPPeeper.exe
----------------------------------------------------------------------
Enabled: Yes
Direction: Out
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: Any
Edge traversal: No
Program: C:PPPeeperPOP PeeperPOPPeeper.exe
InterfaceTypes: Any
Security: NotRequired
Rule source: Local Setting
Action: Allow
Ok.

After a TRUE PowerOff (not that lousy HIBERNATE, which causes
WTS to fail to start my tasks due to RC x'80070002' on Win10, but
works properly when I hear the Windows Startup sound), I connect
to the Internet, start both programs, and try to access it; they
both fail to do so (POPPeeper gets 'connection error', while IE11
gets 404/Page Not Found for any URL I try to access, even my
own).

But, after I alter the WinUpd rule and restrict it to the
WinUpd service, w/o re-starting anything, even the connection,
then they both work normally (POPPeeper sees my e-mail headers,
and IE11 can access any URL, including my own).

Win7 does the same thing, so I must be missing something, but
don't know what. Worse, the doc for Win10 is no longer on my
machine, so I've been reading the doc on Win7 (problem#34 w/this
HORRIBLE Win10!!!), but, so far, I see nothing useful except
maybe this:

"Do not add service containers or programs that host services,
such as Svchost.exe, Dllhost.exe, and Inetinfo.exe, to the rules
list without specifying the individual service that is to be allowed
or blocked. Specifying only the service container as a program
might compromise the security of the computer."

Comments?

!, 2016-06-07 18:31 »

Tina wrote:FYI: When I enabled the rule, it also blocked ALL URLs for some
reason. Specifically, I used IE11 to get to various normal URLs;
they all failed. My own e-mail peeper, which only has explorer.exe
as its' parent, also failed. However, when I restricted the rule
even further, to only the WinUpd service, then everything else worked
again. I'm hoping this will do it, even tho I've always kept that
service disabled (since '11),

I'm STILL drunk, 4th day in a row but I'll try to answer now. *lol* ... you can enable per application basis in Windows firewall. I usually make it so everything is closed then you can choose to only open IE etc. You just choose which program EXE file to open in firewall rules.

Tina wrote:...so, hopefully, my Win7 won't get
INFECTED(!) by Win10! I have to classify it as malware/virus/trojan,
since those newer KB fixes apparently installs their code to your
machine w/o your permission! I know a friend who woke up 1 day to
that different Win10 splash screen. She lost her passwords, had to
figure out how to connect for e-mail, etc! Only she knows how many
more problems that introduced to her machine!

...those sons of bitches at Microsoft... Windows 10 "upgrade" thing is acting exactly like virus imho.

Tina wrote:... I still use HOSTS to block most other URLs (due to dnsapi.dll?),
like the telemetry. I also DIS'd the latter via the registry,
which works, as the option is now greyed out.

Yeah, good to mix hosts and other stuff.

Tina wrote:... I also do many ROUTE ADDs to block various IPaddrs that I see when
doing PINGs and TRACERTs against the various WinUpd URLs that I see
in Win7 when I REVIEW available fixes, even tho there are many of them
that change; it seems to work, but, say, only 95% of the time.
Somehow, some still get thru, even if I have a ROUTE ADD for them.
It seems that MS installs a DNS server at connect time, as shown in a
ROUTE PRINT 0.0.0.0? I also monitor/log EV3008 in DNS-Client (stripped
and sorted to only show the description line which has the DNS, since
NETMON 3.4/DNS appears to be GONE in Win10?).

This one I don't know, never used it I think. :oops:

Tina wrote:... Why am I doing all this? Since 15SEP, I have 33 problems with Win10
compared to Win7; 11 are still pending, either circumvented, or,
worse, LOSS OF FUNCTION! I can't tolerate such garbage!

Garbage indeed. :thumbup:

!, 2016-06-06 10:43 »

Sorry, till reply soon... omfg, third day, sitll drunk... :clap: :lol: but last day now, tomorrow I'll be normal. :mrgreen:

!, 2016-06-04 23:24 »

Haven't forgotten to reply, but too drunk now! lol... will do, soon! Tomorrow I hope! Sorry! :oops:

!, 2016-06-04 10:42 »

I hear you Tina, Windows 10 is garbage indeed! I know why your stuff got blocked etc. I just woke up but I will answer your post later today. Too dizzy from morning right now hahahaha... so yeah, I'll respond to your issues soon tonight! :mrgreen: :oops:

Top