No firewall settings for WRSA AV on Windows 10 ?

  • 10 February 2016
  • 38 replies
  • 2151 views


Show first post

38 replies

Userlevel 5
Badge +1
@ wrote:
Completely agree, Daniel...I suspect that given the differences between what is available in Windows 7 and subsequant versions of Windows it is just not a very important topic at the moment in terms of the WSA road map...more is the pity as I thinkthat it is an area where an improvement would be welcomed by many user.
I think that fundamentally it comes down to an issue of trust. We don't necessarily need lots of drill-down options to control things if we fundamentally trust 100% the Webroot team.
 
But in my tests this weekend I'm now really sitting on the fence on the trust issue. I downloaded 10 attachments from the past week in my spam folder with WRSA enabled and not a single squeak from WRSA. So I then scanned each file, again not a squeak. I then uploaded all of them to Virustotal and indeed they were all malware, but typically only 50% of AV softwares detected them as being malicious.
 
Interestingly ALL of the sample were identified as malware by Windows Defender. So guess what? I've now fallen back to WD because I simply trust it more....I find that difficult to say and accept, but based on not only my test, but also AV Test and AV Comparatives they are now ranking WD at 95% or above detection rates.
 
To detect the other 5% and for secure banking, I would love to use WRSA in the same way that MS Security Essentials and WRSA can co-exist on Windows 7, but it's impossible on Windows 10 because WD is switched off when Windows detects WRSA as full AV solution and not treated as just an extra layer of security.
 
So now to get approaching 100% malware coverage I am reverting to either Malwarebytes Premium which DOES work as an extra layer of security on top of WD, or possibly Spyshelter or Zemana, but they are taking me back to the horrible days of chatty HIPS alerts even for trusted processes and applications, ouch!
 
Bottom line is that I really want to make WRSA work, but due to the issues I've noticed plus the fact that as a workaround I can't run WD + WRSA as the extra layer, I am being forced by Webroot design policy to look to alternative solutions. I really want to keep giving my money to Webroot, but they need to wake up and deal with some of these issue. I'm not being arrogant but I guess that for each one person like me there might be a few hundred or even thousands thinking and doing the same, just quietly in the background without sharing their experiences or frustrations on this forum.
 
Userlevel 7
Completely agree, Daniel...I suspect that given the differences between what is available in Windows 7 and subsequant versions of Windows it is just not a very important topic at the moment in terms of the WSA road map...more is the pity as I thinkthat it is an area where an improvement would be welcomed by many user.
Userlevel 7
Badge +56
I'm just saying Webroot could but they would be using the same API's built in Windows 8 and 10 as all other Firewalls have to as well. I would like to see the Granular control back but I don't think it's a priority for Webroot.
 
As I posted here: https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/No-firewall-settings-for-WRSA-AV-on-Windows-10/m-p/239337#M23002
 
Daniel
Userlevel 7
Badge +34
I don't have much to contribute to this discussion but I have always felt that there is a lot of confusion regarding this issue.
 
It seems that since the introduction of Windows 8 when the ability to adjust the firewall settings in WSA was eliminated, the confusion started when users upgraded from Win7 (or earlier) and hasn't been helped by the fact that the online user guide still refers to the firewall settings available in Win7. Many of the recent upgraders to Win10 have become aware of this change and I do feel that WSA need to address this matter one way or the other.
 
 
Userlevel 7
Hi cavehomme
 
Not at all, and no need to apologise as you have quite eloquently raised and discussed on a point that is, I suspect, more of a concern to many users than they might want to admit.
 
I for one would much prefer to be able to control what is allowed outbound from within WSA as was possible under Windows 7, and I do believe that there is indeed a way of doing that as evidenced by a number of standalone apps that are effectively WIndows Firewall 'helpers'. I have often asked myself as to why this sort of functionality could not be included in WSA, but I think that it is because to do so there would need to be either 2 version of WSA; one for Windows 7 & before leveraging the WFC functionality  and another for WIndows 8 & above leveraging the Windows Firewall-related functionality that came in from Windows 8 onwards.
 
Clearly two versions would not be good or sensible and to have both functionality catered for in the one app would most likely increase the size of the app and therefore to some extent add 'bloat' to it.
 
I agree with you in terms of trusting WSA to handle outbound communications properly but it is a bit of a pain in the neck if one does in fact inadvertently block something that one later wants to allow and as fare as I know (and anyone who knows differently please step in here) the only way to resolve that issue is to uninstall WSA and then clean re-install it.
 
Anyway, I will be intrigued to see what this debates sparks off. ;)
 
Regards, Baldrick
Userlevel 5
Badge +1
Thanks for clarifying Baldrick.
 
I may now need to eat my earlier words, I have just discovered that Panda AV Pro in fact includes a fully functioning firewall that REPLACES the Windows firewall ! I had no idea and thought it was just outbound control. I don't know what extra their IS suite offers but it's surprising to see a firewall in the AV product since it's not really just an AV then.
 
Anyway, where this leads me to is that most likely the original statement is correct that the option / granularity that I seek cannot be achieved in Windows 10 due to the restrictions imposed by Microsoft. Anway, I guess I have confidence in WRSA to make the right choices and so I'll continue to use it. Just hope my earlier feature request (not directly related to this issue) of immediately removing known threats via an online lookup gets approved.
 
Apologies for any confusion that I caused, I'll be more awake next time I post !   😉
Userlevel 7
Hi cavehomme
 
I completely understand where you are coming from with this...you just want the Windows 7 level fucntionalioty; nothing more...and I suspect that many of us out there feel the same way so I would urge you to open a Feature Request so that all those that agree with you can comment/support the suggestion and also it becomes apparent to the Development Team that there is a requirment for this feature to be reinstated, etc. Especially since you are quite correct and we are seeing a number of applications out there that are managing to interface with the WPS (as opposed to the older, and now defunct, WFC) functionality and thereby have some control as to what occurs outbound.
 
With reagrd to "...this might be already the default in the WRSA Windows 10 version albeit hidden?" I can categorically state that this is not currently possible in WSA and there is no 'hidden' fucntionality that would allo one to do that...apologies!
 
Regards, Baldrick
 
 
Userlevel 5
Badge +1
Thanks for the suggestion Baldrick. My understanding form the earlier post was that it was not technically possible due to the way that Windows 10 works compared to Windows 7, but now it seems that it's possibly a product design choice. That's a big difference and it's not something unfortunately I've got time to think more about and post requests at the moment, but thanks again for the suggestion.
 
Perhaps I am barking up the wrong tree, thinking about it, all I simply want the Windows 7 WRSA feature enableed of not allowing unknown outbound processes to communicate to the internet rather than the default option of not allowing this only when infected....but perhaps someone can let me know if perhaps this might be already the default in the WRSA Windows 10 version albeit hidden? I don't need the rest of the granularity options, I don't want to tinker with processes, etc, just that simple but important option. Thanks!
Userlevel 7
Hi cavehomme
 
There is a great deal of confusion about this particular area of WSA and to be honest we are not sure as to exactly the limitations and under what rules the Development Team are operating under. As you example shows there are ways to do what you are requesting but the issue remains as to whether the design of WSA currently would allow this or not.
 
Of course, we can expend a great deal of time and/or lines of posts in a debate that at the end of it may be moot as it is down to Webroot's product strategy, etc.
 
Having said that there is nothing to stop you from opening a Feature Request for this in the Ideas Exchange. There have been a number of these over the last year or so and none have gained much traction witht he Development Team but perhaps a new Request, formed based on what you have provided in this thread may have more chance of success. So go ahead, raise a request, and we will see how much traction this one gains and whether in the light of what the competition is now doing the Development Team are prepared to take another look at some more granular outbound firewall functionality being included in future versions.
 
Regards, Baldrick
 
 
Userlevel 5
Badge +1
@ wrote:
It still has a Firewall and it's a Smart Firewall as it will block malware from calling out to it's control center and you will get a pop-up if that's the case. If you want more granular control maybe look for a third party firewall but again it still uses the same API's from Windows 10. https://en.wikipedia.org/wiki/Application_programming_interface
 
Note what JoeJ said here:
"PrevxHelp( JoeJ, VP of Development ) wrote:
 
The firewall in Windows 8 is much easier to work with than previous platforms because of the built in OS controls. Every vendor needs to use the same APIs now (the older methods are deprecated), but that's exactly why we aren't doing it currently - no matter what vendor wraps the APIs, it will be exactly the same underlying calls which are built into the OS, and you can use the OS UI to do the same job if you want to customize it.
 
The reason why we have the functionality on Windows 7 and not Windows 8 is because Microsoft doesn't expose the same normalized interfaces on Windows 7 (or require vendors to use the new APIs)."
 
 
Thanks,
 
Daniel ;)
 
I thought that sounded a great reason Daniel, thanks for sharing, but yesterday I did a test on Panda because I was curious after seeing something on their website, and I was then really surprised to see that they seem to have firewall control over processes in Windows 10 in a similar way to WRSA on Windows 7 but which is not available in Windows 10.
 
I've attached a screenshot for reference (hope this is not going against forum rules, it's not intentional, pls remove if needed) I just want to illustrate my strong desire to have WRSA return to this firewall ability in Windows 10 which another company seems to be already providing. If I am "barking up the wrong tree" please let me know!
 
 

Userlevel 7
Badge +56
It still has a Firewall and it's a Smart Firewall as it will block malware from calling out to it's control center and you will get a pop-up if that's the case. If you want more granular control maybe look for a third party firewall but again it still uses the same API's from Windows 10. https://en.wikipedia.org/wiki/Application_programming_interface
 
Note what JoeJ said here:
"PrevxHelp( JoeJ, VP of Development ) wrote:
 
The firewall in Windows 8 is much easier to work with than previous platforms because of the built in OS controls. Every vendor needs to use the same APIs now (the older methods are deprecated), but that's exactly why we aren't doing it currently - no matter what vendor wraps the APIs, it will be exactly the same underlying calls which are built into the OS, and you can use the OS UI to do the same job if you want to customize it.
 
The reason why we have the functionality on Windows 7 and not Windows 8 is because Microsoft doesn't expose the same normalized interfaces on Windows 7 (or require vendors to use the new APIs)."
 
 
Thanks,
 
Daniel 😉
Userlevel 5
Badge +1
Interesting, thanks. So what does the WRSA firewall actually do then? It's not linked directly to the Windows firewall insomuch as when I disable the WRSA firewall the Windows 10 firewall remains on. What are the WRSA firewall actions, same as on Windows 7 but without the ability to control options?
Userlevel 7
Badge +34
Yes that is normal on W10 and has been like this since W8. The WSA product version makes no difference.
 
It is explained here.
 
 
 

Reply