Solved

About WSA firewall compatible with windows firewall

  • 21 November 2012
  • 29 replies
  • 3481 views

Hi,
 
I have a question about the WSA firewall.
It is declared that WSA firewall need windows firewall to work, it is an added protection.
However, when I set the WSA firewall with block one process called "iexplorer.exe" which is ie browser.
And then I set the windows firewall to allow the connection for "iexplorer.exe".
The result is blocking the internet for browser.  
Further more when I turned off the windows firewall, WSA pops out an dialog to warn me. 
I clicked "No" for not activate the windows firewall, and WSA firewall is still open.
In this situation, I still can't use IE to surf the internet.


 
The question is, is WSA firewall independent with windows firewall?
If no, why suggest to open windows firewall?
If yes, why I turned off the windows firewall, and WSA firewall still works?
 
I check the previous discussions as well, but it didn't mention about the "independent" or "priority"
If I turned off the windows firewall( because setting windows firewall rule is so inconvenient)
Only rely on WSA firewall, what is the risk for outbound and inbound respectively?
 
Thank you.
icon

Best answer by pegas 21 November 2012, 11:43

Hello liasnic and welcome on the Webroot Community Forum.
 
Foremost there is necessary to understand that the Windows firewall is very powerfull for inbound connections. Yes you can also set outbound rules but it is not so simple task. That's where WSA firewall stands up and provides strong protection. Therefore you shouldn't rely just on the Windows firewall or WSA firewall. They needs to be run together unless you are using a thrid party firewall. Having them run along you have very strong firewall where Windows controls inbound and WSA outbound connections.
 
Here's what the leader of development team said:
"The only "help" that WSA receives from the Windows firewall is inbound protection. There is only really one way to write an inbound firewall and the Windows firewall covers it off perfectly fine. No third party firewall is going to be more effective so we instead put our focus in other areas where we could actually make new innovations."
 
View original

29 replies

Userlevel 7
Hello liasnic and welcome on the Webroot Community Forum.
 
Foremost there is necessary to understand that the Windows firewall is very powerfull for inbound connections. Yes you can also set outbound rules but it is not so simple task. That's where WSA firewall stands up and provides strong protection. Therefore you shouldn't rely just on the Windows firewall or WSA firewall. They needs to be run together unless you are using a thrid party firewall. Having them run along you have very strong firewall where Windows controls inbound and WSA outbound connections.
 
Here's what the leader of development team said:
"The only "help" that WSA receives from the Windows firewall is inbound protection. There is only really one way to write an inbound firewall and the Windows firewall covers it off perfectly fine. No third party firewall is going to be more effective so we instead put our focus in other areas where we could actually make new innovations."
 
Userlevel 7
Badge +55
Hello liasnic and Welcome to the Webroot Community Forums.
 
Also the Online Help File says the same as pegas so you should run both together.
 
Daniel 😉
Hi,
 
I will turn both windows firewall and WSA firewall on, but I'd like to know how the rule been applied to OS.
May I know if there any priority between WSA firewall and windows outbound firewall?
Like I said, seems the WSA firewall outbound rule have higher priority then windows outbound firewall rule.
 
Userlevel 7

@ wrote:
I will turn both windows firewall and WSA firewall on
That's wise and highly recommended ;)
 
@ wrote:
Like I said, seems the WSA firewall outbound rule have higher priority then windows outbound firewall rule.
As far as I know that's more less correct. That explains what you have observed with IE. Even though Windows firewall was active IE was blocked because IE process was set to Block in WSA firewall.

BTW, Windows outbound rules are set to allow everything unless explicitly blocked.
Userlevel 7
Just to add a little to what's been said, if you have an outbound connection blocked in either firewall, it would block that connection.  Having it allowed in one and blocked in the other will still result in a block.  It's kind of like trying to walk through two doors - one of which is closed.  The order of the doors doesn't matter if one of them is closed.
Userlevel 7
Thx Jim for the additional clarification. It gives now a complete picture how Windows and WSA firewall work together.
Thanks Jim. That would be more clear to me.

Consider only outbound rule, since they are like two doors, can I said that because either one door is not strong enough, so I need two doors in this?
Userlevel 7
I wouldn't exactly say that, but I would say that WSA's firewall is an enhancement to the existing WIndows firewall.  This isn't a "one is better than the other" kind of comparison.  This is more of a "This one does things this other one doens't do and viceversa" kind of comparison.  You didn't used to even have outbound firewall capabilities in older versions of the Windows firewall, such as in XP, which is a supported operating system.  If you have WSA on an XP computer, the outbound firewall door only exists once.  You don't even have two of them.  
 
Then look at Windows 7 however, and the built-in firewall is more customizable and can do more, but it's still not perfect.  One of the best things about the WSA firewall is that it will warn you if any new, untrusted files connect to the internet while in an infected state.  You don't get that with the standard Windows 7 firewall, and WSA fills that gap.  Likewise, the Windows firewall fills the inbound gap quite well, which is why we don't need to have WSA step in and do that instead.
Userlevel 7
@ wrote:
  You didn't used to even have outbound firewall capabilities in older versions of the Windows firewall, such as in XP, which is a supported operating system.  If you have WSA on an XP computer, the outbound firewall door only exists once.  You don't even have two of them.  
 
 
Hello liasnic, Welcome to the Webroot Community Forum. :D
Now I'm confused.  So using WSA with Widows Firewall Windows XP SP-3, what do I have? Inbound & Outbound or just Inbound?
https://detail.webrootanywhere.com/agenthelp.asp?n=Managing_the_Firewall
 
"With both the SecureAnywhere and Windows firewall turned on, your data has complete inbound and outbound protection."
 
 
Userlevel 7
Badge +55
Both still it's just XP has no outbound at all but WSA fills that gap! But Win Vista, Win 7 & Win 8 has both but I don't use Windows firewall because I use a third party firewall in Look'n'Stop since 2005 and so far it's been a one time charge but it's future is up in the air ATM.
 
TH
 
EDIT: Also I'm behind a Firewall Router which again has both inbound and outbound so very well protected! :D

 


Userlevel 7
Badge +55
Here is some info about XP Firewall & Win 7 Firewall
 
TH
Actually, I'm still curious about how WSA firewall do the "independent" things.
 
Windows provide WFP to create network filtering applications. For webroot, I believe that is used these apis to achieve.
 
However, WFP works only if the BFE service is on. 
 
Why WSA works if I trun the BFE service down? (if WSA uses WFP apis)
 
I also install Norton product, Norton will wake BFE up automatically.
 
Greeting gang,
 
I've switched my family from Norton 360 to Webroot Complete.
I'm a bit concerned that the firewall doesn't seem to have many options...including options the program says it has.
PC Security > Firewall >Network Applications does not have allow, block, permit showing.
Additionally, even with Windows Firewall activated, the fire wall has failed several times on the GRC test site.
Should I be adding another firewall ?
 
Thanks
Mike in Oz
Should say, I'm running windows 8 - I know, the few and the brave 🙂
Userlevel 7
Badge +55
Hello mapleleaf3 and Welcome to the Webroot Community Forums.
 
Please have a look at this thread and notice what PrevxHelp has to say as he is the VP of Development at Webroot: http://www.wilderssecurity.com/showthread.php?t=335773
 
TH
Userlevel 7
Badge +55
@ wrote:
Greeting gang,
 
I've switched my family from Norton 360 to Webroot Complete.
I'm a bit concerned that the firewall doesn't seem to have many options...including options the program says it has.
PC Security > Firewall >Network Applications does not have allow, block, permit showing.
Additionally, even with Windows Firewall activated, the fire wall has failed several times on the GRC test site.
Should I be adding another firewall ?
 
Thanks
Mike in Oz
Windows Firewall should pass the GRC test can you make sure it's on?
 
Quote from the WSA Firewall Help file.
The SecureAnywhere firewall monitors data traffic traveling out of your computer ports. It looks for untrusted processes that try to connect to the Internet and steal your personal information. It works with the Windows firewall, which monitors data traffic coming into your computer. With both the SecureAnywhere and Windows firewall turned on, your data has complete inbound and outbound protection.You should not turn off either the Windows firewall or the SecureAnywhere firewall. If they are disabled, your system is open to many types of threats whenever you connect to the Internet or to a network. These firewalls can block malware, hacking attempts, and other online threats before they can cause damage to your system or compromise your security.
 
TH
Yep...firewall is on.
ok, read the post...still unclear.
Do I reinstall or is this a limitation of windows 8
also, to be fair to customers, the product should clearly state that it has to work with windows firewall to achieve maximum protection
Userlevel 7
Badge +55
I know it doesn't when you purchase but the online Help File does https://detail.webrootanywhere.com/agenthelp.asp?n=Managing_the_Firewall but shows nothing specific about Win 8 as it's still a very new OS IMO but I will let the Webroot Staff help you anwser your questions as I can only show you the info that I know about.
 
Sorry,
 
TH
I noticed the other day that WSA isn't showing firewall filters to 'Block' and 'Allow' applications. Fresh copy of Windows 8 Pro x64. Here is a pic of the problem below.
 
I have tried unistalling and reinstalling. That didn't work.
 

Userlevel 7
Thank you for this information and your concern, mar122999.
 
We are looking into this with our developers and will update the thread with our results.
Thanks Mike!
Userlevel 7
Badge +13
I didn't think much of it.but have that same issue(network applications) as well.Will keep track of this thread
Userlevel 7
Badge +13
Issue(network applications not displaying properly) seems to be exclusive to Windows 8 machines.My wife has windows 7 installed and no issues,and i called 2 others i have done installs for with Vista and XP OS and they do not have this issue.

Reply