Private Winten - Open Source Windows 10 privacy tool with built in Firewall

Discussion in 'MDL Projects and Applications' started by DavidXanatos, Dec 23, 2018.

  1. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    387
    1,468
    10
    This happens when a process gets started does a DNS query and terminates, before Windows's Event Tracking can process the event and relay it to priv10.
    I'm working on a solution to that by using yet an other ETW event that is fired on process creation. This way we should always know to which executable a particular PID belongs to.
     
  2. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    387
    1,468
    10
    how is it working any issues?
     
  3. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,206
    1,190
    60
  4. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    387
    1,468
    10
    > A "clean leftovers"
    There are already some cleanup functions in the current build:
    upload_2019-12-14_15-58-15.png

    the normal clean up removes all programs which do no longer exist.
    the extended cleanup in addition also removes all programs which have no rules and no open sockets.

    > "All processes"
    The entry "All processes" contains all rules which are set to apply to any process running on the system, like for example block IP address 1.2.3.4 no mather what tryes to connect to it.

    The entry "Windows NT-Kernel/System" is the system process PID 4 which is in fact creating connections and the firewall can manage it, for example windows file sharing, build in VPN's and alike act from a thread in the system process.
    the user is not supposed to set a access option for these two entries.

    > Each time you want to "upgrade" an Private 10
    That is odd.. it is supposed to auto start the service + there now is the installer which should stop the service update the files and than restart everything.
     
  5. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,206
    1,190
    60
  6. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    387
    1,468
    10
    is priv10 setup as the system dns?
    upload_2019-12-14_17-23-48.png
    without that checked the dns queries dont go through the priv10 dns proxy

    The DNS Inspector data are logged to the inspector tab on the firewall page.
     
  7. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,206
    1,190
    60
    Ah, you got me, I did not checked the second toggle "Setup DNS proxy as default DNS in Windows" that explains it. I set the DNS via network interface. Okay, that's on me then.
     
  8. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    387
    1,468
    10
    I cant reproduce that also even if I could i would have no odea how to fix that as the menu handling is done by the MSFT .NET framework code

    if local host was set for all adapters as dns proxy than it should work despite of the check box, the check box just sets this for you
     
  9. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,206
    1,190
    60
    Yeah, that's why I unchecked it. However, if I uncheck it but set e.g. Cloudflare in the network interface manually it still doesn't show anything, so I enabled the toggle and now it works. The only thing I noticed is that "auto refreshing" the list is not integrated. You actually have to switch to another entry like "whitelist" and then back to "Query log" to see the new/updated entries. That's maybe something for the next release.

    Hm, okay I might come up with something or report it, because this bug/glitch is annoying. I thought it's fixed in newer .NET Framework versions but apparently it's not.

    Anyway good work :shake:
     
  10. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    387
    1,468
    10
    If you set cloud flare it wil ofcause not work in the network interface it must be set to 127.0.0.1 for ipv4 and ::1 for ipv6

    All the list handling in WPF seams a but bad performing, hence no auto refresh, but there is a refresh button at the bottom so that you don't need to switch views



    An other thing:
    I'm thinking of a feature, using the ETW process monitor, that would allow the user to flag processes as not permitted to run and if that start they would be killed imminently.
    like
    search_ui.exe (MSFT cortana)
    CompatTelRunner.exe (MSFT)
    or
    software_reporter_tool.exe (Google)
    or other corporate spyware.

    Currently you can use tweaks to disable CompatTelRunner.exe and tweak guard to ensure after a upgrade it stays disabled, but for example software_reporter_tool.exe changes directories with version updates. and also will depand on where chrome is installed. so its not easy to lust hardcode a path to block it.

    The process monitor would become active when a process with a blacklisted exe name starts no matehr the path and kill it or kill it and apply a tweak to prevent it from starting again.


    Do you think this deserves an own page or should be integrated into the firewall page?
     
  11. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,206
    1,190
    60
    I would say, own page.
     
  12. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    387
    1,468
    10
    An other issue: I need some input for the overview page.
    I would like it to instead of the log feature some more useful information. But well UI design is ot my strong side.
    things that come to mind:

    1) list of undone tweaks that are to be re applyed
    1b) list of tweaks which have been automatically re applyed if enabled

    2) list of firewall rules modifyed outside of priv10
    2b) list of removed/restored firewall rules

    probably some dnsinfos:
    3) recently blocked domaind
    3b) recently allowed domains?

    4) domains with the most traffic?

    or more general things:
    5) total network traffic with graph?

    6) i think it would be usefull to be able to pin individual tweaks to that view, for example enabling/disabling MSFT account login to be able to use the store when neede

    7) list of recently added programs to firewall

    8) list of recently firewall blocked applciations
    8b) list of recently firewall allowed applciations

    what else

    so what of that do you think is useful,
    or anything I forgot?
    any suggestions for the UI layout?
     
  13. boldrake

    boldrake MDL Novice

    Oct 6, 2016
    5
    0
    0
    I think it's good to have as much information as possible, then choose what user to view
     
  14. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    387
    1,468
    10
    #156 DavidXanatos, Dec 15, 2019
    Last edited: Dec 15, 2019
    (OP)
    > 2) "list of firewall rules modified outside priv10" that might actually help, however my proposal is to drop the entire idea and introduce an option to block all rules which are not created via priv10. Then log could show that rule xyz was blocked by priv10.

    This option already exist "Undo Unauthorized rule changed"

    > 6) "pin individual tweaks to that view," I'm not sure what you mean by that. Would it not be better to explain what every tweak does in detail maybe with e.g. links to MS documentation or so?! So that a user know, "okay that might break MS Account login"?!
    I mean that for some tweaks you don't need to go to the twek page but you can do/undo them from the overview page

    > 7) "list of recently added programs to firewall" don't we have this already? I mean I can sort entries by timestamp or last access.
    there is a sort by last activity but no sort by first seen date column.
    the idea was to see what apps were added recently

    Somethign like "First network activity" list in GlassWire

    Like this:
    upload_2019-12-15_10-39-24.png


    EDIT:
    I took a look at GlassWire and I'm quite puzzled by it, it seams to use the windows firewall as firewall in the same way as WFC, yet it comes with a kernel driver what for?! may be they are not aware of the ETW tricks hmm... will have to investigate that further
     
  15. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,206
    1,190
    60
  16. Wolfens

    Wolfens MDL Novice

    Aug 17, 2018
    29
    34
    0
    @DavidXanatos
    These would be useful along with the mouseovers for the icons and uniform layout using tabs as mentioned by @CHEF-KOCH .
    As you state for 6 above that would be convenient and knowing whether something has been reapplied.

    I have having a crash notice when closing using the X
    Unhandled Exception: System.Runtime.InteropServices.SEHException: External component has thrown an exception.
    at _CxxThrowException(Void* , _s__ThrowInfo* )
    at krabs.error_check_common_conditions(UInt32 status)
    at krabs.details.trace_manager<krabs::trace<krabs::Details::kt> >.unregister_trace(trace_manager<krabs::trace<krabs::Details::kt> >* )
    at Microsoft.O365.Security.ETW.KernelTrace.Stop()
    at PrivateWin10.NetworkMonitor.Dispose() in F:\Projects\Windows10_Tools\PrivateWin10\PrivateWin10\Core\NetworkMonitor.cs:line 91
    at PrivateWin10.Priv10Engine.Run() in F:\Projects\Windows10_Tools\PrivateWin10\PrivateWin10\Core\Priv10Engine.cs:line 225
    at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
    at System.Threading.ThreadHelper.ThreadStart()
    I note:
    F:\Projects\Windows10_Tools\PrivateWin10\PrivateWin10 this path is not on my system maybe it is on yours?
     
  17. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    387
    1,468
    10