Process Hacker Forums

Whether it works only with it or not is not the issue. The issue is that it shouldn't kill the entire PH when it is enabled. If you read the links, other firewalls only will touch parts of the firewall and will disable the parts of Windows Defender Firewall that it is using. Relying too much on what is included is never a good thing since Windows Defender even for anti-virus has it's limitations. Besides, I have a real firewall which is known as a FreeBSD Unix server that all traffic is going through. This is similar to the best firewall available which is from Nokia.

What you protect so much that you need three firewalls at the same time??
Windows built in Firewall is very good and enough to block all inbound and control the all outbound connection.
There's a little help for creating a quick Windows Firewall rule. Merge FirewallRules.reg file and do right mouse click on the *.exe you want to control, and select rule from the context menu.

I don't need three firewalls at the same time. One acts as a router, firewall, traffic shaping, email server and everything else while Windows itself really runs on just one firewall as remember, if you read Microsoft and others, it will disable the advanced features of Windows Defender Firewall anyways. I am running a 10GB network at home with enterprise grade equipment and also act as a Internet Service Provider so any downtime to customers will cost as I have to pay 400% for every 100% of downtime. You forgot that most people already have 2 firewalls whether they like it or not since the so called Wireless Router or Router which is nothing more than a NAT router is also a firewall except NAT is not a real router.

The point is Windows is not known as a secure OS in the first place. My FreeBSD box is not just a firewall, it serves other purposes including traffic shaping/QoS. I don't even create firewall rules on Windows using the built in or third party for that matter as I prefer to leave everything opened to be honest. The only reason for using Windows is really because of application support and basically I make $US25.28 per minute so ofcourse having a system that actually is available and secure is important. If you look at the network tab of PH, you will notice there is a firewall status tab which works fine when Norton Smart Firewall is on. Claiming something is very good and the reality is completely different. Most of the time, I am not trying to block or enable firewall based on the IP or the port but sometimes it's to prevent some programs from phoning home. People would not be using third party firewalls and third party anti-virus in Windows if that was the case so basically each has it's purpose as it allows more customization as based on what you showed above, there is no inbound protection, only outbound. Not to mention, Mac OSX for example is more secure because it is actually running FreeBSD as the OS which is what Darwin is based on. My computers are connected 24/7 and I want the best protection possible since it's what my income depends on and also I need the computer to make payments which can cause late fees or harm in my credit rating should the computer be down for any reason.

So rather than trying to start something political about why one should and should not run something which is based more on personal opinion, remember the original discussion is about the FirewallMonitor plug-in when enabled is crashing Process Hacker which is really the whole point of the discussion. Shouldn't really need to learn and use yet another security solution to solve a problem like that. I will do that when I have time but already have a backlog of things to do as is. Not to mention, everytime there is a new nightly build of PH that is out, it's already enough of a challenge as Norton Security with Backup will start deleting all the .exe and .dll files which means I will have to wait until it is done with the deleting which can take up to 30 minutes, then extract the files again and right click on each .exe file, 2 in the x32 folder, 2 in x64, 1 in x64/x86 and then have to right click on each of the 70 .dll's (35 from x32 and 35 from x64) and select File Insight individually for each file and then wait for the Norton File Insight window to open for each .dll file which means there are 2 more clicks as I need to click on Trust first and then Close for each .dll so that alone is already 210 mouse clicks alone and another 30 minutes of lost time.

Okay, I'm kind today. I'll tell you one place, check for himself once with him on the blocking of the network operation flew. All firewalls usually put their filter driver in the chain of network stack filters, and naturally adjust the parameters of the NIC driver for its operation.

I then had Comodo Firewall v8 and at one point the network was inaccessible from the word "absolutely" - neither LAN nor WAN. I checked the switch - it's practically working, one LED burned out - I soldered it, a trifle. The main SoC is intact, but with a "repair" diode . The longer the casing is opened - everything on the latches and nozzle of the compound - the plant for the fastening has stinted.

Began to check - there is no connection, and the network seems to be as it is. Who is guilty? The firewall. Disconnected - useless, sc stop <drivername> & sc query <drivername> - STOP status, but there is no network. Uninstalled, manually swiped all traces from the system - there is no network. It turned out that the driver changed the TCP / IP parameters and had to reset them, after temporarily setting another NIC, disabling the drivers and removing all the main tracks from the OS, removing the temporary NIC, deleting its tracks, resetting the stack settings, returning the main NIC to the location, with it, raise IPFw and already set it up. Dances with a tambourine, and the cause of the curve is the stack of Uncle Billy. Well, from him nothing else to wait is not necessary for he knows how to only beautiful boxes glue and hack work to sell.

LOL, in mid-October when Fall Creators Update came out, I was having a weird issue where the WiFi when the system is restarted at the login screen would have WiFi disabled and there is no way to turn it on as it's greyed out and if I reboot, it can either be enabled or disabled as it depends on my luck. Turns out that it is ostoto, the WiFi sharing driver that was having a fight with the Intel WiFi drivers, removed ostoto and everything was fine again so it seems ostoto works fine with everything before Fall Creators Update. Similar thing happened when nVidia graphic drivers 388.00 was installed as the setup will make it to about 52% and the screen will turn black because the video was lost and after an hour, the only choice is to force power off which will revert to the previous windows installation. All of the 388.00 to 388.13 drivers had the same problem while the last 387.xx installed fine.
About 10 years ago, I got infected with the win32.tenga virus which basically even killed the anti-virus as it replaces all .exe's. I replaced all the .exe's with good copies and scanned it offline with every A/V scanner you can think of and it was clean but the virus reactivates itself every 3 weeks and basically the only fix is to replace all the .exe's. The system after a few years just died on it's own.

Always surprised me again how people are ready to install the first Bulls Shit that arrive
without having the slightest idea what problems they could be behind it.
And normally when problem occurs , the same reaction always by default uncle Billy's fault,
Windows is not known as a secure OS, software has the bug and and so on.

Then they go looking for help, one tries to help, it detects the problem
he suggests that it is not desirable to have two firewalls or two antiviruses
installed at the same time because they interfere with one another and you'll have problems sooner or later,
and you can never trust that one by one it works well.

What happen, start writing long bullshit like sausages to impress others, it does not happen
,because ignorance is always on the side from which the request starts.

It is even more amazing when the people who are trying to help doesn't even know what they are talking about.... first answer was it works for them, it was the person who had the problem who figured out where the problem was. The person who tried to help blamed it on the Windows OS itself which was the first answer posted in post #62. I don't see where one even tries to help since the only thing the person who was trying to help was try to make someone use something else which has nothing really to do with a problem. We are talking about Process Hacker itself and a problem with a plug-in, no need to tell someone to switch firewalls, etc. Does the problem exist outside of PH and the plug-in? No!

If you can't help, then don't help because I don't see you provide any troubleshooting at all to figure out what caused the problem which was actually found by the person who posted the problem to begin with. If you actually helped, look on other forums and tell people what to do to find out where the problem is as part of the diagnosis as your real answer was it was Windows as a OS that was the problem which is in writing in post #62. And people who have a desire to help do not take 4 months to help either. Not to mention, as proven to you, the Firewall Status under the Network tab in PH works fine. And the fact remains, I post about the problem which can be a bug or feedback with either PH or the FirewallMonitor plug-in, I also was the one who found out what was causing the problem to begin with. I already know the solution to the problem. That is to disable Norton SmartFirewall if I want to use the FirewallMonitor plug-in with PH or run PH without the plug-in and Norton SmartFirewall, there is no need to uninstall anything as a workaround as otherwise I would not have gotten it to work. While all I can see is someone saying Windows OS is the problem or try to convince someone to use Windows Firewall. This is a free world and people can use whatever they desire. This is almost like telling someone that they cannot run Linux on a PC and tell them to use Windows instead as a OS as far as the analogy goes.

So far, all you have done is nothing except try to tell someone not to use another firewall. I am sure there are people in this thread who uses other firewalls and even other anti-viruses or else none of these companies would be alive. Besides, the solution from a certain individual is almost like telling someone to build an entire new house just because there is something wrong with the lock as a analogy. If you can't help, just say so since I was not asking for help with the Windows Firewall or how to configure it as I can find that information on my own. I am asking about a problem with PH and one of the plug-ins. Stop trying to control other people's choices and thinking with what you think. This is a free world, people can use whatever they want. Sooner or later, you will not even have the Windows Firewall either because just like before. I have been running MS-DOS since 1985 and Windows 1.0 so it's not like it's the first BS that arrives. Opinions are just like assholes, everyone has one. Stop being a troll and ignorant as you obviously have not performed due diligence since the bottom line is the one who provided the troubleshooting skills and advice on tracing down the problem and finding the source of the problem and that is the person who posted about the problem, not the individual who claimed to have helped. For all we know, you could just be a Symantec/Norton hater or just someone who only sees Microsoft as god, no different than all the OS wars online. Making a blanket statement like uninstall Norton Smart Firewall when it cannot be uninstalled as it's part of Norton Security with Backup is just being ignorant as you have not cite references or anything of that nature to back up your statement while I already provided what Microsoft has in writing about using third party firewalls. If there were real issues with Norton Smart Firewall, everyone will hear about it sooner or later especially when I read multiple forums daily which is not the case here as Norton Smart Firewall is not a new product. It has existed ever since there was Norton SystemWorks for Windows. Ever since Windows 7 if not earlier, when a third-party firewall, such as the Norton firewall, is installed, WIndows relinquishes its control over firewall operations to the third-party. Until you actually uninstall your Norton product the Windows firewall will be unavailable - you cannot enable it or disable it, no matter whether the Norton firewall is turned off or not. This is done to prevent conflicts that could result from accidentally having two software firewalls running at the same time. As long as you have Norton installed, it will be the sole firewall on the system - so disabling it will leave you with no firewall and no way to substitute the Windows firewall. Microsoft is way ahead of you as they are aware people has the potential to run a third party firewall and it will result in conflicts which will be seen as soon as the both of them are running without even involving running Process Hacker as a example. If Microsoft were not able to do that with the amount of employees they have, then might I suggest you actually go and run the technical operations of Microsoft as the CTO. Windows Defender and Windows Defender Firewall is better than no protection but there are products from third parties that works better and even protects better as you will see from all the postings on various discussion forums including tenforums for example. Just learn that other people can have their own opinions about what they like and not like. Just like some people like iPhones and some people like Android phones, it's called a preference which seems to be something you cannot accept and instead try to force your own opinion as fact and you also want others to believe in your opinions as fact which has nothing to do with solving the problem or even troubleshooting the problem. I am a strong believer of ProcessHacker which is why I have used it for the last 7 years if not longer and since the nightly build is not really what one would call a release version, think of problems as more like a bug report which only the authors of PH or the plug-ins can address as sorry to say, you're not a authority for ProcessHacker, both of us are just users of PH and have nothing to do with the development of PH except feedback will always help a product improve or are you trying to say that Process Hacker is 100% perfect that it needs no further development either.

Besides, since when was it your business what or how someone runs things? I can run 0 or a million firewalls or software as that is my own business, not yours and helping does not mean using "??" or "!!" since that is shouting and just being rude, learn the proper netiquette and what competent communications actually is. And last is to never "ASSUME" things as just like the word, it will just make a "ASS" out of "U" and "ME".

Whaooooooo !! What the writer meant to say ??

One line responses that has nothing to do with the topic, stop trolling and excessive use of !! and ?? again. As you failed to properly respond, you basically agreed with everything said, otherwise you would have said something to defend your point of view which you did not.

https://learning.colostate.edu/guides/g ... ?guideid=4

First look at the topic of this thread, you are going off-topic and basically going into the direction of personal attacks sooner or later. I am already busy enough as-is and I never said this was some mission critical issue, otherwise I wouldn't be waiting four months for replies that really has gotten nowhere as I found the problem and solved the problem on my own. The proof is in the previous posts, who was the one who said the firewall used caused the PH crashing with the plug-in, it was me and not you so I rest my case. Just like if someone has a problem with the app crashing on Android for example, the first troubleshooting is to send a log. Find me somewhere in this thread where you actually advised how to trouble shoot to find the cause of the issue. You wouldn't even respond with where your plug-in came from and basically just blamed it on Windows 10 as a OS in general and then basically you went on with telling someone how to run Windows Firewall which was not even something I asked you for help on as when I have time to experiment with Windows Firewall, I will do that but I don't have the time for that now. I'll just not use the plug-in until the day it doesn't crash PH, problem solved except you wouldn't accept that as a answer and have your own personal agenda of promoting Windows Firewall and then even providing help that others did not ask you for. Where did I even ask you how to add or delete rules with Windows Firewall? When you help others, be sincere about it. Don't provide answers that are has nothing to do with what is asked.

tomcat wrote: ↑04 Dec 2017 14:12

What you protect so much that you need three firewalls at the same time??
Windows built in Firewall is very good and enough to block all inbound and control the all outbound connection.
There's a little help for creating a quick Windows Firewall rule.

Code: Select all

Windows Registry Editor Version 5.00 

;Copyright 2017 tomcat https://wj32.org/processhacker/forums/index.php
;This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License version 3. 
;This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
;See <http://www.gnu.org/licenses/> for more details. 

[-HKEY_CLASSES_ROOT\exefile\shell\FWc]

[HKEY_CLASSES_ROOT\exefile\shell\FWc]
"MUIVerb"="Set Firewall Rules"
"Icon"="imageres.dll,102"
"subcommands"=""

[HKEY_CLASSES_ROOT\exefile\shell\FWc\shell]

[HKEY_CLASSES_ROOT\exefile\shell\FWc\shell\01]
"MUIVerb"="Allow Outbound"
"Icon"="imageres.dll,101"
"CommandFlags"=dword:00000040

[HKEY_CLASSES_ROOT\exefile\shell\FWc\shell\01\command]
@="cmd /q /c echo CreateObject(\"Shell.Application\").ShellExecute \"cmd\", \"/q /c chcp 1251 & netsh advfirewall firewall add rule name=\"\"%1\"\" dir=out action=allow program=\"\"%1\"\" enable=yes | msg * \", \"\", \"runas\" > %%temp%%\\ev.vbs & cscript %%temp%%\\ev.vbs & del %%temp%%\\ev.vbs"

[HKEY_CLASSES_ROOT\exefile\shell\FWc\shell\02]
"Icon"="imageres.dll,100"
"MUIVerb"="Block Outbound"

[HKEY_CLASSES_ROOT\exefile\shell\FWc\shell\02\command]
@="cmd /q /c echo CreateObject(\"Shell.Application\").ShellExecute \"cmd\", \"/q /c chcp 1251 & netsh advfirewall firewall add rule name=\"\"%1\"\" dir=out action=block program=\"\"%1\"\" enable=yes | msg * \", \"\", \"runas\" > %%temp%%\\ev.vbs & cscript %%temp%%\\ev.vbs & del %%temp%%\\ev.vbs"


[HKEY_CLASSES_ROOT\exefile\shell\FWc\shell\03] 
"MUIVerb"="Allow Outbound Port 80-443" 
"Icon"="imageres.dll,101" 
"CommandFlags"=dword:00000040
[HKEY_CLASSES_ROOT\exefile\shell\FWc\shell\03\command]
@="cmd /q /c echo CreateObject(\"Shell.Application\").ShellExecute \"cmd\", \"/q /c chcp 1251 & netsh advfirewall firewall add rule name=\"\"%1\"\" dir=out action=allow program=\"\"%1\"\" enable=yes protocol=6 profile=private,public remoteport=80,443 | msg * \", \"\", \"runas\" > %%temp%%\\ev.vbs & cscript %%temp%%\\ev.vbs & del %%temp%%\\ev.vbs"


[HKEY_CLASSES_ROOT\exefile\shell\FWc\shell\04]
"MUIVerb"="Allow Outbound UDP"
"Icon"="imageres.dll,101" 
"CommandFlags"=dword:00000040
[HKEY_CLASSES_ROOT\exefile\shell\FWc\shell\04\command]
@="cmd /q /c echo CreateObject(\"Shell.Application\").ShellExecute \"cmd\", \"/q /c chcp 1251 & netsh advfirewall firewall add rule name=\"\"%1\"\" dir=out action=allow program=\"\"%1\"\" enable=yes protocol=17 profile=private,public remoteport=53 remoteip=192.168.1.1 | msg * \", \"\", \"runas\" > %%temp%%\\ev.vbs & cscript %%temp%%\\ev.vbs & del %%temp%%\\ev.vbs"

[HKEY_CLASSES_ROOT\exefile\shell\FWc\shell\05]
"MUIVerb"="Show Adv.Firewall Console"
"Icon"="imageres.dll,109"

[HKEY_CLASSES_ROOT\exefile\shell\FWc\shell\05\command]
@="mmc.exe wf.msc"

FirewallRules.zip
Merge FirewallRules.reg file and do right mouse click on the *.exe you want to control, and select rule from the context menu.
Capture.JPG

Hey, tomcat, Why did you set your own copyright on this .reg file? You didn't wrote it.
I have published it in another thread several month ago. This script was made by Trottle and posted here in 2016. You just erased uninstaller part and changed captions but copied all scripts. GNU GPLv3 does not allow to erase previous author's copyright.

diversenok, that was what I was wondering too as I never knew people even copyrighted scripts which is rather generic. Interesting that someone would go taking work of others and claim it as their own while not giving credit to the original author.

Thanks dmex for fixing FirewallMonitorPlugin so the plug-in now works while Norton Smart Firewall is running on the system unlike a unnamed someone who blamed it on everything else under the sun saying it will never work no matter what and thanks viksoftru for making the binaries available for plugins-extra in your archive!

Could you compile and share the followed plugins?
MemoryExtPlugin
PerfMonPlugin

Thanks

kajma wrote: ↑06 Feb 2018 14:18

Could you compile and share the followed plugins?
MemoryExtPlugin
PerfMonPlugin

Thanks

Actually, you can already get all the plugins-extra compiled courtesy of viksoftru with many thanks by downloading the file Process_Hacker-bin.7z from post #27 of this thread at:
viewtopic.php?f=18&t=1929&start=20#p8284

Extract extract the Process_Hacker-bin.7z and take the processhacker-3.0-bin.zip from that file.

Extract the processhacker-3.0-bin.zip first to a folder called processhacker-3.0-bin,
Copy the following desired .dll files from processhacker-3.0-bin\*\plugins where * = x86 and x64 and copy to the current Process Hacker nightly\*\plugins folder where * =x32 and x64 in the nightly build and copy only the *.dll files that were not included with the nightly build.

Copy the processhacker-3.0-bin\ x86\kprocesshacker.sys to \x32\plugins\plugindata folder in the nightly build,
Copy the processhacker-3.0-bin\ x64\kprocesshacker.sys to \x64\plugins\plugindata folder in the nightly build

Hope this helps!

YandexDisk admins enjoy unreasonable blocking of files and directories by extorting personal data of users after which the amount of spam increases instantly. Because we moved to GitHub - https://github.com/VictorVG/PH.git . Release on Git started v3.0.5833.1306.

Thanks viksoftru for providing the compiled binaries for Plugins-extra, everytime I see a new commit(s) to https://github.com/dmex/plugins-extra - that is what I use to update my Plugins-extra, I have a question about something:

1) Is processhacker-3.0-bin\x86\plugins\plugindata\kprocesshacker2_x32.sys same as processhacker-3.0-bin\x86\kprocesshacker.sys
2) Is processhacker-3.0-bin\x64\plugins\plugindata\kprocesshacker2_x64.sys same as processhacker-3.0-bin\x64\kprocesshacker.sys

or are the files in \plugindata based on something else since that was the closest thing the original nightly builds come with but I noticed even in your archive, the file sizes are different but ofcourse the file properties descriptions seems to indicate that kprocesshacker2_x32.sys and kprocesshacker2_x64.sys are both KProcesshacker.sys v2.8.0.0 while the kprocesshacker.sys are v3.1.0.0. Can the v3.1.0.0 be used in place of the v2.8.0.0 for TerminatorPlugin.dll which I think is the only plugin that requires it.

Thanks!

Almighty1 wrote: ↑23 Feb 2018 01:05

Can the v3.1.0.0 be used in place of the v2.8.0.0 for TerminatorPlugin.dll which I think is the only plugin that requires it.

Nope.

Almighty1 wrote: ↑23 Feb 2018 01:05

KPH2 and KPH3 is differential's code branch and branch v2.xx not equivalents branch v3.x.

Yeah, I realized it when I was looking at https://github.com/processhacker/plugin ... /resources that the two .sys files are there as I was wondering when do I need to update those files.

Question: could the PH download with a folder or zip file of these plugins compiled for x86 and x64? Or at least, have the compiled dll plugins for nightly builds under GitHub releases. I feel like this would greatly simplify things rather than trying to setup the SDK and manually compiling.