Firewall Concern

  • 7 February 2012
  • 7 replies

I have installed WSA Essentials 2012 and have a question/concern regarding the firewall.
I have set the firewall mode to "Warn if any process connects to the internet unless explicitly allowed".
This seems to be working each time I open a new appliction (that needs network access) I get a popup asking if I should allow it.
So far so good...
However, I noticed in the popup that there is a line stating "Allowing in 60 seconds" and this counts down to 0 and then allows access.  After the 60 seconds the dialog box is recreated on the screen and the countdown start again (it does this a couple of times), though after the first 60 seconds the app is granted access.
This does not seem like a secure feature.  If a unwated app tries to send information and I am away from the screen, it will be allowed in 60 seconds?
Can anyone confirm that this is the way this works?  Is there anyway to change the behavior to not allow the connection by default?
Unless I am not thinking this through clearly, this seems to be completely insecure and goes against the whole point of having WSA asking me to allow connections.

Best answer by JimM 8 April 2012, 01:55

View original

7 replies

Userlevel 7
Badge +56
Unfortunately that is the way it works but in my case I have Look'n'Stop Firewall also so it would be a good suggestion to have a block  feature or somthing the like if you would like to add to the List
Best Regards,
Userlevel 4
Hi gerlin,
I wanted to let you know that I am currently working on this issue and will reply back to this thread with more information, just as soon as I get it.  I totally understand how this aspect of the Webroot Firewall can be confusing and I am going to do my best to find out the best approach here.
Thanks for the responses.
I realize that the firewall in WSA is very simple without many options of control. For my needs I may be better off just disabling it and adding another firewall.
However,  in my opinion regarding tihs issue, I think simply changing the deault behavior (after the timeout) is to block access (do not remember the block, so it will ask again next time), is the safe action to take.  I would think that this would take very little programming effort.
Thanks for looking at this.
Userlevel 4
Hi Lou,
I agree with you in that the default behavior should be to block the connection after the timer is finished counting down.  We have a team that is currently looking into this right now and I will post back as soon as I have some more information.
Thank you for bringing this to our attention.
Userlevel 7
Badge +56
I would like to see the count down gone and just have the 3 options Allow, Block, Allow Once with the window still open for user intervention! Plus you have to use it in conjunction with Windows Firewall as stated here to be fully protected: because Windows Firewall is great at inbound protection!
Yes, this is a good idea.  Just leave the prompt on the screen, blocking traffic until the user makes a selection.
Userlevel 7
Regarding the repeated countdown timers, this behavior is expected in cases where a process spawns multiple threads. The alerts for these threads are queued behind an active message that is waiting for a response. Internet Explorer (iexplore.exe) is a process that is known to spawn multiple threads in a manner that will cause this behavior.

You had also asked "Is there anyway to change the behavior to not allow the connection by default?" Yes. The alert options customize how you are notified when processes on your computer connect to the Internet. If you want to ensure that certain processes are always blocked, you can manage them manually in PC Security > Firewall > Network Applications (Advanced) > View Network Applications.