I have a question about the WSA firewall.
It is declared that WSA firewall need windows firewall to work, it is an added protection.
However, when I set the WSA firewall with block one process called "iexplorer.exe" which is ie browser.
And then I set the windows firewall to allow the connection for "iexplorer.exe".
The result is blocking the internet for browser.
Further more when I turned off the windows firewall, WSA pops out an dialog to warn me.
I clicked "No" for not activate the windows firewall, and WSA firewall is still open.
In this situation, I still can't use IE to surf the internet.
The question is, is WSA firewall independent with windows firewall?
If no, why suggest to open windows firewall?
If yes, why I turned off the windows firewall, and WSA firewall still works?
I check the previous discussions as well, but it didn't mention about the "independent" or "priority"
If I turned off the windows firewall( because setting windows firewall rule is so inconvenient)
Only rely on WSA firewall, what is the risk for outbound and inbound respectively?
Best answer by pegasView original
Foremost there is necessary to understand that the Windows firewall is very powerfull for inbound connections. Yes you can also set outbound rules but it is not so simple task. That's where WSA firewall stands up and provides strong protection. Therefore you shouldn't rely just on the Windows firewall or WSA firewall. They needs to be run together unless you are using a thrid party firewall. Having them run along you have very strong firewall where Windows controls inbound and WSA outbound connections.
Here's what the leader of development team said:
"The only "help" that WSA receives from the Windows firewall is inbound protection. There is only really one way to write an inbound firewall and the Windows firewall covers it off perfectly fine. No third party firewall is going to be more effective so we instead put our focus in other areas where we could actually make new innovations."
As far as I know that's more less correct. That explains what you have observed with IE. Even though Windows firewall was active IE was blocked because IE process was set to Block in WSA firewall.
BTW, Windows outbound rules are set to allow everything unless explicitly blocked.
Then look at Windows 7 however, and the built-in firewall is more customizable and can do more, but it's still not perfect. One of the best things about the WSA firewall is that it will warn you if any new, untrusted files connect to the internet while in an infected state. You don't get that with the standard Windows 7 firewall, and WSA fills that gap. Likewise, the Windows firewall fills the inbound gap quite well, which is why we don't need to have WSA step in and do that instead.
"With both the SecureAnywhere and Windows firewall turned on, your data has complete inbound and outbound protection."
EDIT: Also I'm behind a Firewall Router which again has both inbound and outbound so very well protected! :D
Also the Online Help File says the same as pegas so you should run both together.
I will turn both windows firewall and WSA firewall on, but I'd like to know how the rule been applied to OS.
May I know if there any priority between WSA firewall and windows outbound firewall?
Like I said, seems the WSA firewall outbound rule have higher priority then windows outbound firewall rule.
Consider only outbound rule, since they are like two doors, can I said that because either one door is not strong enough, so I need two doors in this?
Windows provide WFP to create network filtering applications. For webroot, I believe that is used these apis to achieve.
However, WFP works only if the BFE service is on.
Why WSA works if I trun the BFE service down? (if WSA uses WFP apis)
I also install Norton product, Norton will wake BFE up automatically.
I've switched my family from Norton 360 to Webroot Complete.
I'm a bit concerned that the firewall doesn't seem to have many options...including options the program says it has.
PC Security > Firewall >Network Applications does not have allow, block, permit showing.
Additionally, even with Windows Firewall activated, the fire wall has failed several times on the GRC test site.
Should I be adding another firewall ?
Mike in Oz
Please have a look at this thread and notice what PrevxHelp has to say as he is the VP of Development at Webroot: http://www.wilderssecurity.com/showthread.php?t=335773
Quote from the WSA Firewall Help file.
Do I reinstall or is this a limitation of windows 8
I have tried unistalling and reinstalling. That didn't work.
We are looking into this with our developers and will update the thread with our results.