This project has moved. For the latest updates, please go here.

asks about same program over and over

Nov 18, 2016 at 3:35 AM
at least daily I get notification about avira's scheduler.exe asking permission for outbound. always for the same remote port. I give it permission, and later it asks again.

I can switch off the port, so it will apply to any remote port, still it asks.
I have gone into windows firewall and deleted the collection of past scheduler.exe rules.

this is not the first time this sort of thing has happened for other files. if i remember correctly, in the past I created a rule manually, so that wfn didn't have to get involved. can't remember for sure if I did this for scheduler.exe, but in any case, giving permission once should be enough.

any idea what is happening?
Developer
Nov 18, 2016 at 6:29 AM
This is going to sound like a lot of work, but I'm afraid I'm going to need as much information as you can provide me... :|
(I assume you're running V2.0 Alpha 9, the latest?)

Can you take a screenshot of the Notifier (with the "Advanced" panel visible)?
And, can you take screenshot of every tab of the rule when you look at it in the Windows Firewall configuration panel?
Nov 18, 2016 at 1:35 PM
Edited Nov 18, 2016 at 1:55 PM
I have the same problem.
This morning when I booted my computer I had about a hundred or so prompts. I'm still getting some.
About fifty of them were for host process for windows service
I looked at the rules in wfn and I see about fifty of the same rule over and over for host process for windows service ... all of the same data in the columns.
Another example is nvcontainer.exe ... I even had the wfn window open with the filter set to nvcontainer as another nvcontainer prompt occurred. I clicked ALLOW yet another rule was not added, even after refreshing wfn. Another one came up while I was typing this. Have had about ten so far today.
It's easy to reproduce this problem, just set your firewall settings to block and prompt and reboot your computer.
I am running v2.0 Alpha 9
Developer
Nov 19, 2016 at 8:11 AM
clyfton wrote:
It's easy to reproduce this problem, just set your firewall settings to block and prompt and reboot your computer.
Well, that's the issue: I don't experience this problem, and because not every single user is complaining, I would guess most people aren't affected somehow. This is why I need to know all the details of the rule that WFN created, so I can step-by-step walk through WFN's process for creating the rule and/or popping up the Notifier.
Nov 19, 2016 at 9:39 PM
Ok. You talked me into it.
I had to turn off WFN due to the excessive alerts.
I turned it back on and within a few moments got the expected HOST PROCESS FOR WINDOWS SERVICE alert.
I took screenshots as requested and attached.
But I'm not sure what to do about your request to ... take screenshot of every tab of the rule when you look at it in the Windows Firewall configuration panel.
It looks like there are at least a thousand CUSTOM RULE - HOST PROCESS FOR WINDOWS SERVICES[wuauserv] [R:xxx]
with xxx being either 443 or 80.

http://i63.tinypic.com/2chxthd.png

http://i65.tinypic.com/n4uo78.png
Developer
Nov 20, 2016 at 7:27 PM
Ok, it seems WFN is detecting a lot of services, which is a good sign.

clyfton wrote:
But I'm not sure what to do about your request to ... take screenshot of every tab of the rule when you look at it in the Windows Firewall configuration panel.
I'm talking about this window:
http://programming4.us/image/022011/Using%20the%20Integrated%20Windows%20Firewall%20with%20Advanced%20Security_1.jpg
Search for "Windows Firewall with Advanced Security" in the Start menu.

And then the properties of one of the non-working rules:
http://www.digitalcitizen.life/sites/default/files/img/win_firewall_advanced/win_firewall_advanced6.png
Notice all the tabs...
Nov 21, 2016 at 2:57 PM
Nov 22, 2016 at 4:58 AM
Edited Nov 22, 2016 at 5:05 AM
I am not getting as many repeats as clyfton, happy to say. recently it has been limited to avira framework. I took a screen shot of firewall showing the listing. I had already deleted the repeats and have just been skipping them recently.


Here is image from win firewall: https://postimg.org/image/6h66gnt53/

hopefully that is a working link . I spent the last half hour on 4 different sites trying to get one to work for me.
Nov 22, 2016 at 7:37 PM
here is another, from IE, which I don't use very often. as you can see here: https://postimg.org/image/gmxwuldp9/ it is asking about IE and port 443, which I allowed

here is image of Win Firewall, showing that port 443 is now allowed , 'all ports' was already allowed. https://postimg.org/image/dl1c6w7rh/

I hope this helps. If you need other info, let me know.
Nov 22, 2016 at 11:11 PM
another from avira scheduler.exe. for port 443. they are generally all for port 443. I allowed. there was already a rule allowing all ports.

wfn notification: https://postimg.org/image/crw376uhr/

wind firewall: https://postimg.org/image/osh93x9vh/
Dec 3, 2016 at 10:05 PM
lately I have been getting repeated notifications about avira avguard.exe. I have tried adding the .exe manually, open to all ports and addresses. still get notifications. any ideas about solving these problems?
using wfn and the native win10 firewall as opposed to a third party firewall was an experiment. not going well.
Developer
Dec 4, 2016 at 3:21 PM
(Sorry for the slow responses. I haven't forgotten about this, don't worry. There was another person talking about joining the project, and (s)he was interested in looking into this, but I haven't heard from them in a while.)

The IE one: I see the popup appears to be referring to the 64 bit version of IE (not in "Program Files (x86)"); maybe the rule was for the 32-bit version?

As for Avira: I'm starting to suspect the service detection code may be mis-identifying the service, causing a rule-mismatch and thus a new pop-up. I'll investigate, probably by installing Avira myself and seeing what happens.
Developer
Dec 4, 2016 at 5:20 PM
Right, I think I figured it out. Avira's scheduler is opening connections outside of the service. In other words, the connection isn't coming from the service that's running in the executable, but WFN can't really handle this case properly (for fundamental reasons).

Delete all copies of the rule, and when the Notifier pops up again, disable the "Service"-checkbox in the Advanced panel, then create the rule. Let me know if that works for you.
Developer
Jan 1 at 4:32 PM
A new version (V2.0 Alpha 10) has just been released; can you try that? It should have WFN behave itself much better when dealing with these situations.