Process Hacker and Windows discussion

 
User avatar
Almighty1
Member
Posts: 74
Joined: 28 Jul 2017 17:47
OS: Windows, Linux, FreeBSD
Location: San Francisco, California USA

Re: Plugins-Extra

03 Dec 2017 09:18

I already know how to remove the DLL. The video was to show what happens when I have the FirewallMonitorPlugin.dll enabled or installed, PH will just run for a few seconds and then it will exit. The only way to get PH running is to rename the .dll so the extension is not .dll like .dl1 or .dll.ORIG instead and PH will run fine.
 
User avatar
tomcat
Member
Posts: 20
Joined: 12 Jul 2017 15:59

Re: Plugins-Extra

03 Dec 2017 18:44

FirewallMonitorPlugin

Windows 10 Pro for Workstations x64, everything works in the best way without any modifications.
as well as on others - windows 10 Pro x64, windows 10 enterprise x64 and windows 10 enterprise ltsb x64.
Image , Image
Image

I think it's a problem with your WinOS
 
User avatar
viksoftru
Member
Posts: 617
Joined: 15 Aug 2011 06:01
OS: Win7 (Live! DVD), BSD
Location: Russia

Re: Plugins-Extra

03 Dec 2017 20:48

Almighty1

In my Win7 this plug-in display only clear window, but PH not crashed.
 
User avatar
Almighty1
Member
Posts: 74
Joined: 28 Jul 2017 17:47
OS: Windows, Linux, FreeBSD
Location: San Francisco, California USA

Re: Plugins-Extra

03 Dec 2017 21:35

FirewallMonitorPlugin

Windows 10 Pro for Workstations x64, everything works in the best way without any modifications.
as well as on others - windows 10 Pro x64, windows 10 enterprise x64 and windows 10 enterprise ltsb x64.
Image , Image
Image

I think it's a problem with your WinOS
Well tomcat, as I was asking earlier. What is the source of your FirewallMonitorPlugin.dll since that makes a difference. I know you and dmex are not using the one supplied by viksoftru in his link https://yadi.sk/d/193Gnglm4Ia5D from post #27 which is the one I am using so we are not using the exact same thing. And if you reference what dmex said earlier, he said the binary from viksoftru is outdated and not compatible with Windows 10 and just recently as of the last week, viksoftru did say there are problems with his FirewallMonitorPlugin.dll under Windows 10. In his profile, it appears he is compiling the binary under Windows 7. That was why I asked what binary you were using and if you or dmex can provide a copy of it just for testing as obviously we are not using the same binary of the .dll. Just because it is named the same, doesn't mean it is the same binary or version as the binary is only the final product. I am attaching the one I am using which is dated November 17, 2017 from viksoftru.
FirewallMonitorPlugin.zip
(69.05 KiB) Downloaded 246 times
See post(s) #40-#42 of this thread for reference and you will see that you asked dmex to upload a new compiled version of FirewallMonitorPlugin.dll and viksoftru responded saying it is already in his archive. It would help to read what was said as viksoftru is not a native speaker obviously since if you read even the last page, he said his plugin had problems with Windows 10 and my video is to show the problem with his compiled binary in Windows 10 on what is happening but he says it works fine in Windows 7 which everyone already knows it works in Windows 7. In addition, I never knew dmex even had compiled binaries available since in the first post on the thread, he said we can request the binaries but I don't see the binaries anywhere for download. When both you and dmex responded in posts #45 and #46 of this thread, as dmex is the author of PH, I doubt he would be using binaries from viksoftru and I don't think you would be either since the binary I am referring to came from https://yadi.sk/d/193Gnglm4Ia5D as mentioned in post #27, otherwise you would not be asking dmex for a new compiled version after dmex said in post #40:
"The version viksoftru uploaded is outdated and not compatible with the latest nightly build."

I am sure dmex knows what he is talking about when he says viksoftru's version of FirewallMonitorPlugin.dll is outdated and not compatible with the latest nightly build. And then when I said there was a problem with the FirewallMonitorPlugin.dll, I specifically referenced viksoftru's version which was when dmex replied in post #45 saying he doesn't have any problem with FirewallMonitorPlugin.dll in WIndows 10 which obviously is referencing his own build of FirewallMonitorPlugin.dll which you agreed with in post #46, otherwise he would be contradicting himself
because of what he said earlier in post #40 if he is saying he is using viksoftru's version of FirewallMonitorPlugin.dll without problems in Windows 10. Also, you never said what specific version of PH you are running. I can reproduce the same problem even with a newly installed Windows 10 with Fall Creators Update with all the updates so I doubt it is a problem with my Windows 10 OS. Not to mention, all my systems have 32GB of ram.

Just out of curiousity, I noticed in your screenshot, the Network tab is showing a "Country" column, how does one enable that? Thanks!
Last edited by Almighty1 on 03 Dec 2017 22:07, edited 5 times in total.
 
User avatar
Almighty1
Member
Posts: 74
Joined: 28 Jul 2017 17:47
OS: Windows, Linux, FreeBSD
Location: San Francisco, California USA

Re: Plugins-Extra

03 Dec 2017 21:37

Almighty1

In my Win7 this plug-in display only clear window, but PH not crashed.
If you read the earlier posts, this is under Windows 10, not Windows 7. It's obvious the plug-in works fine in Windows 7 as you had already indicated earlier and in post #52, you even said there are problems with it in Windows 10.
 
User avatar
tomcat
Member
Posts: 20
Joined: 12 Jul 2017 15:59

Re: Plugins-Extra

03 Dec 2017 22:14

Almighty1
I use Viktor https://yadi.sk/d/193Gnglm4Ia5D plugins before as now.
PH Nightly Builds: 3.0.1121 Binaries.zip
I've tried your plugin and works without any problems.
I attach mine, but it is the same.
Do you use self patched win10 ??
FirewallMonitorPlugin.zip
(67.72 KiB) Downloaded 227 times
 
User avatar
Almighty1
Member
Posts: 74
Joined: 28 Jul 2017 17:47
OS: Windows, Linux, FreeBSD
Location: San Francisco, California USA

Re: Plugins-Extra

03 Dec 2017 22:22

Thanks tomcat,

Didn't even realize 1121 of PH was out as I only updated to 1118 about 7 hours ago when it was the latest. It could be something else causing it and not the OS. That's why it would be helpful if there were ways to log what is causing PH to crash with the plug-in enabled as everyone's system is different so it may only be under certain conditions. What do you mean self patched win 10? I have all the latest updates from WindowsUpdate so Windows 10 is actually v1709 Build 16299.98 Also, for your PH, do you use the binaries or do you use the source and compile PH yourself? I am using the binaries version.

You probably missed my last question in the previous post, just out of curiousity, I noticed in your screenshot, the Network tab is showing a "Country" column, how does one enable that? Thanks!
 
User avatar
tomcat
Member
Posts: 20
Joined: 12 Jul 2017 15:59

Re: Plugins-Extra

03 Dec 2017 22:45

What do you mean self patched win 10? I have all the latest updates from WindowsUpdate so Windows 10 is actually v1709 Build 16299.98 Also, for your PH, do you use the binaries or do you use the source and compile PH yourself? I am using the binaries version.
You probably missed my last question in the previous post, just out of curiousity, I noticed in your screenshot, the Network tab is showing a "Country" column, how does one enable that? Thanks!
Self patched?
I mean, you removed cortana and others, they do it often.
I use latest PH Nightly Builds: 3.0.1121_Bin.zip
Network tab is showing a "Country" column:
Tools>>NetworkTools>>GeoIP database update..
Image

Right click on network columns >> Choose columns >> show> Country
Image
Image
 
User avatar
Almighty1
Member
Posts: 74
Joined: 28 Jul 2017 17:47
OS: Windows, Linux, FreeBSD
Location: San Francisco, California USA

Re: Plugins-Extra

03 Dec 2017 23:13

Thanks tomcat for the pointers on the displaying country under Network as I was looking all over for where to enable what is displayed for columns! My Windows 10 is stock, I haven't removed anything. I even have some apps that are no longer included in the newer builds of Windows 10. Anyways, I got PH 3.0.1121 working with FirewallMonitorPlugin.dll. As everything else works, one has to figure what would conflict with it which has to be security or firewall related. Previously, I thought it could be Norton Security with Backup v22.11.2.7 by first killing the two nsbu.exe processes and then running PH but it still crashes PH on startup when the FirewallMonitorPlugin.dll is enabled. So next was MalwareBytes Premium v3.3.1 so closed that and made sure that no service or any process from MalwareBytes is running and PH still crashes on startup with FirewallMonitorPlugin.dll enabled so this time, I went back to Norton Security with Backup v22.11.2.7 and disabled the Smart Firewall for 15 minutes and PH runs file with FirewallMonitorPlugin.dll enabled, I guess killing nsbu.exe processes doesn't kill all the processes in Norton Security with Backup v22.11.2.7 so it seems that is where the conflict is and need to find a way to have PH with FirewallMonitorPlugin.dll enabled while Smart Firewall is enabled in Norton Security with Backup v22.11.2.7.

Image
Last edited by Almighty1 on 03 Dec 2017 23:28, edited 4 times in total.
 
User avatar
tomcat
Member
Posts: 20
Joined: 12 Jul 2017 15:59

Re: Plugins-Extra

03 Dec 2017 23:23

Almighty1
You cannot have two firewalls active at the same time, normally that you has problems.
 
User avatar
Almighty1
Member
Posts: 74
Joined: 28 Jul 2017 17:47
OS: Windows, Linux, FreeBSD
Location: San Francisco, California USA

Re: Plugins-Extra

03 Dec 2017 23:26

tomcat,
I thought FirewallMonitorPlugin was not a Firewall but only to show the current active firewall on the system's process/events as that is the description of the FirewallMonitor plug-in. I mean think about it, the Windows Firewall would be active as soon as the Norton Smart Firewall is disabled.
Last edited by Almighty1 on 03 Dec 2017 23:31, edited 1 time in total.
 
User avatar
tomcat
Member
Posts: 20
Joined: 12 Jul 2017 15:59

Re: Plugins-Extra

03 Dec 2017 23:31

Firewall Monitor Plugin is not a firewall, this plugin controls Windows Firewall activity.
Uninstall Norton Smart Firewall .
 
User avatar
Almighty1
Member
Posts: 74
Joined: 28 Jul 2017 17:47
OS: Windows, Linux, FreeBSD
Location: San Francisco, California USA

Re: Plugins-Extra

03 Dec 2017 23:32

tomcat,

That was what I was saying. There is no way to uninstall Norton Smart Firewall alone without uninstalling the entire NSBU as it's part of Norton Security with Backup. But regardless, there never can be two firewalls active at the same time as Norton would handle the Firewall and only when Norton is disabled would Windows Firewall get enabled automatically.
 
User avatar
tomcat
Member
Posts: 20
Joined: 12 Jul 2017 15:59

Re: Plugins-Extra

03 Dec 2017 23:38

That was what I was saying. There is no way to uninstall Norton Smart Firewall alone without uninstalling the entire NSBU as it's part of Norton Security with Backup. But regardless, there never can be two firewalls active at the same time as Norton would handle the Firewall and only when Norton is disabled would Windows Firewall get enabled automatically.
Then you cannot solve your problem.
Norton Smart Firewall and Windows firewall at the same time they can not go,
Norton Smart Firewall automatically and fully take control of the built in Windows 10 Firewall.
I'm sorry but you will have to decide for only one.
 
User avatar
Almighty1
Member
Posts: 74
Joined: 28 Jul 2017 17:47
OS: Windows, Linux, FreeBSD
Location: San Francisco, California USA

Re: Plugins-Extra

04 Dec 2017 00:11

tomcat,

First, only one firewall will run at a given time, not both so not sure where you are getting the idea that two firewalls are running at the same time as it is not even possible. Even Windows will show that the Windows Defender Firewall is disabled and only using Norton Security with Backup as the active Firewall. Where does it say that FirewallMonitor plug-in is only for the Windows Defender Firewall? Ofcourse, if it only supports Windows Defender Firewall and not third party firewalls, then the problem is easily solved by not using it even though I think instead of PH getting killed with the FirewallMonitor plug-in, it should instead just autodisable itself so PH will run without it. So there i no Norton Smart Firewall and Windows Firewall at the same time as Windows will not allow it as seen in the screenshots below. Once you use any other firewall, it usually will register itself and Windows Defender Firewall is automatically disabled. When there are no other firewall running or the other firewall is disabled, then Windows Defender Firewall will automatically be enabled and active as the current firewall. There is no need to uninstall Norton Smart Firewall to solve the current problem either as all one needs to do is disable the Norton Smart Firewall in Norton Security with Backup permanently or until system restart as seen here:
https://i.imgur.com/RRNtSRK.mp4


Windows will only allow one firewall to run at a given time so this will happen:
1) Norton Security with Backup runs with Norton Smart Firewall, Windows 10 Firewall aka Windows Defender Firewall is automatically disabled.
2) Norton Smart Firewall is disabled, Windows 10 Firewall aka Windows Defender Firewall is automatically enabled

What you are saying is Norton Security with Backup runs with Norton Smart Firewall active and Windows 10 Firewall aka Windows Defender Firewall is also active, that may be possible but not in this case as only one firewall is active. See below as this is confirmed by Windows that shows Norton Security with Backup as the active firewall and Windows Defender Firewall as inactive:
2017-12-03_16-01-32.jpg
2017-12-03_16-06-36.jpg
2017-12-03_16-08-31.jpg
2017-12-03_16-09-44.jpg
Even in this page, you can't turn on or off Windows Defender Firewall because those options are not even clickable as Windows already says Norton Security with Backup is handling it which means Windows Defender's Firewall is already disabled:
2017-12-03_16-21-16.jpg
So in response to what you said:
Then you cannot solve your problem. - problem is easily solved, see above. If FirewallMonitorPlugin.dll cannot run with any firewall other than Windows Defender Firewall, then just don't use it.
Norton Smart Firewall and Windows firewall at the same time they can not go, - See above, Norton Security with Backup is the active firewall, Windows Firewall is inactive so they are not running at the same time.
Norton Smart Firewall automatically and fully take control of the built in Windows 10 Firewall. - That is incorrect as Norton Smart Firewall runs, Windows 10 Firewall automatically is inactive. They will never run on the same time unless the third party firewall does not register itself as a firewall.
I'm sorry but you will have to decide for only one. - It is only running one, it will never run both in my case atleast. If you have Norton running, Windows Firewall will not run. If you don't have Norton running, Windows Firewall will automatically activate. I am sure there are people who actually run two firewalls at the same time but not in this case.
 
User avatar
viksoftru
Member
Posts: 617
Joined: 15 Aug 2011 06:01
OS: Win7 (Live! DVD), BSD
Location: Russia

Re: Plugins-Extra

04 Dec 2017 06:09

Almighty1

Idea: plugin read WFP event, but I don't know send this events Symantec or not. Please, try check this...
 
User avatar
Almighty1
Member
Posts: 74
Joined: 28 Jul 2017 17:47
OS: Windows, Linux, FreeBSD
Location: San Francisco, California USA

Re: Plugins-Extra

04 Dec 2017 11:43

viksoftru, which section of Event Viewer would this be under? I would think if it was logged, the log will be very big with all the connections I have, 100+ browser tabs opened alone combined on both Google Chrome and Microsoft EDGE for example.
 
User avatar
tomcat
Member
Posts: 20
Joined: 12 Jul 2017 15:59

Re: Plugins-Extra

04 Dec 2017 13:07

It is only running one, it will never run both in my case atleast. If you have Norton running, Windows Firewall will not run.
If you don't have Norton running, Windows Firewall will automatically activate.
When you enable/disable one.
Check service and tell what's going on with Windows Firewall service and vice versa, ist stopped/enabled/disabled or what??
 
User avatar
Almighty1
Member
Posts: 74
Joined: 28 Jul 2017 17:47
OS: Windows, Linux, FreeBSD
Location: San Francisco, California USA

Re: Plugins-Extra

04 Dec 2017 13:23

The service will always be running because it will deactivate when another firewall is running and will reactivate when it is not. If this was a issue, then all the people running third party firewalls and using Windows 10 would have complained about it but the only issue so far is with the FirewallMonitor plug-in when using PH.

This has been covered in the following topic:
https://community.norton.com/en/forums/ ... firewall-0

Not to mention, I am running Windows 10 Home x64 with Fall Creators Update and Home does not have the Group Policy Editor.

Officially from Microsoft:
https://technet.microsoft.com/en-us/lib ... 10%29.aspx
2017-12-04_5-31-47.jpg

I mean I already know how to do the workaround and I found the cause of it on my own after 4 months of posting. I actually want to see what dmex says since he is the developer of the plugins and PH so he should know how it works exactly internally like if it works only with Windows Defender Firewall or if it works with third party firewalls as well and instead of PH crashing with a third party firewall, it can easily just disable the plug-in automatically should a third party firewall be installed on the system. There is not enough of a description on exactly what the requirements of the FirewallMonitor plug-in is since even if it is working, the plug-in description just says it will only monitor the firewall processes/events but never specifically said what the requirements are. I am running the other 23 plug-ins from the extra plug-ins without issues. As a Astrophysicist and a rocket scientist, I just like to experiment with things so actually using it is another issue as my main purpose for PH is to monitor processes and to kill google chrome so that I can restore them later with tabs outliner when I run chrome again either to update chrome or after rebooting the computer.
Last edited by Almighty1 on 04 Dec 2017 13:34, edited 1 time in total.
 
User avatar
tomcat
Member
Posts: 20
Joined: 12 Jul 2017 15:59

Re: Plugins-Extra

04 Dec 2017 13:32

PH FirewallMonitorPlugin it works only with Windows built in Firewall processes/events !!