zlacker

[parent] [thread] 3 comments
1. Saris+(OP)[view] [source] 2026-02-02 19:48:45
I've been using Fort: https://github.com/tnodir/fort

It's the best one I found after trying a few, because it's pretty easy to use, and lets me disable notification popups which is a part that always frustrates me about other options.

replies(1): >>valbu+KQ
2. valbu+KQ[view] [source] 2026-02-02 23:20:15
>>Saris+(OP)
Why am I hearing about that specific FW in year 2026, this seems really good, at least the features written if it really supports rules based on parent processes, wildcards, SvcHost granularity without gotchas. Been wrangling with Windows FW for ages, trying to get some badly behaved programs to update like Discord, Teams and others that change install paths or updater executable names or hiddenly use msedgewebview2. PolicyAppId and tagging based rules have given some success but Windows FW is still really broken. Definitely giving Fort a try.
replies(2): >>Saris+311 >>batat+gD2
◧◩
3. Saris+311[view] [source] [discussion] 2026-02-03 00:08:58
>>valbu+KQ
It's quite good! It definitely deserves to be more popular, I hope it gets some more recognition.

Wildcards are great, like you said for those apps that change the directory name every single update.

◧◩
4. batat+gD2[view] [source] [discussion] 2026-02-03 13:08:03
>>valbu+KQ
> A "Core Isolation: Memory Integrity" feature of Windows 10+ prevents creating such memory area (leading to BSOD).

> We tried to attestation sign the driver via new EV certificate by MS to fix the driver's limitation, but failed (see #108).

> So for now users have to disable the "Core Isolation: Memory Integrity" feature

Disabling HVCI doesn't sound like a good idea honestly. I mean they abuse kernel memory protection to bypass EV Certificate restrictions leaving the system in a state where another driver can mess with FW's internal structures using the same trick.

[go to top]