zlacker

[parent] [thread] 5 comments
1. just_t+(OP)[view] [source] 2026-02-02 19:02:36
Which firewall software do you use? I should probably start using firewalls in my computers as well...
replies(2): >>Saris+m9 >>batat+eL2
2. Saris+m9[view] [source] 2026-02-02 19:48:45
>>just_t+(OP)
I've been using Fort: https://github.com/tnodir/fort

It's the best one I found after trying a few, because it's pretty easy to use, and lets me disable notification popups which is a part that always frustrates me about other options.

replies(1): >>valbu+601
◧◩
3. valbu+601[view] [source] [discussion] 2026-02-02 23:20:15
>>Saris+m9
Why am I hearing about that specific FW in year 2026, this seems really good, at least the features written if it really supports rules based on parent processes, wildcards, SvcHost granularity without gotchas. Been wrangling with Windows FW for ages, trying to get some badly behaved programs to update like Discord, Teams and others that change install paths or updater executable names or hiddenly use msedgewebview2. PolicyAppId and tagging based rules have given some success but Windows FW is still really broken. Definitely giving Fort a try.
replies(2): >>Saris+pa1 >>batat+CM2
◧◩◪
4. Saris+pa1[view] [source] [discussion] 2026-02-03 00:08:58
>>valbu+601
It's quite good! It definitely deserves to be more popular, I hope it gets some more recognition.

Wildcards are great, like you said for those apps that change the directory name every single update.

5. batat+eL2[view] [source] 2026-02-03 12:57:44
>>just_t+(OP)
It doesn't matter really because nowadays all of them are just a front-ends to Windows Firewall.

Also legitimate software (i.e. firewall/AV) cannot use "oldschool" tricks like system service descriptor table hooks to obtain godlike privileges these days, while malware sometimes can do this by exploiting vulnerabilities, so in such cases it may be an unequal fight.

◧◩◪
6. batat+CM2[view] [source] [discussion] 2026-02-03 13:08:03
>>valbu+601
> A "Core Isolation: Memory Integrity" feature of Windows 10+ prevents creating such memory area (leading to BSOD).

> We tried to attestation sign the driver via new EV certificate by MS to fix the driver's limitation, but failed (see #108).

> So for now users have to disable the "Core Isolation: Memory Integrity" feature

Disabling HVCI doesn't sound like a good idea honestly. I mean they abuse kernel memory protection to bypass EV Certificate restrictions leaving the system in a state where another driver can mess with FW's internal structures using the same trick.

[go to top]