WFC4

[xeon]

You recommend WFC4, but why is behavior blocker always showing "not verified"? Always returns to not verified every-time a re-boot.

How can I make it trusted?

Sometimes the icon will not start, I believe this is the problem.

Screen-shots:

[JeremyNicoll]

The author of WFC does not digitally sign the product - there's something on the binisoft website about that - too expensive to get the certificate; I'm not sure if you can tell EAM to trust it.  You would be able to define an application rule and 'allow' all behaviours, but that's not quite the same thing, or is it?

[xeon]

3 minutes ago, JeremyNicoll said:

The author of WFC does not digitally sign the product - there's something on the binisoft website about that - too expensive to get the certificate; I'm not sure if you can tell EAM to trust it.  You would be able to define an application rule and 'allow' all behaviours, but that's not quite the same thing, or is it?

Well if Emsisoft recommends WFC, make no sense to not trust sig or not. I put no trust in sigs anyway!.

I do see a way to allow all behaviors, I click allow all behaviors is is still verifying .

[GT500]

16 minutes ago, JeremyNicoll said:

too expensive to get the certificate

To be fair, the cost of those certificates is ridiculous, and since you need two of them (a SHA-1 cert and a SHA-256 cert) to be fully Windows 7 compatible (or compatible with older versions of Windows that don't support SHA-2) the cost is actually double, and they bill you yearly for certificates for digitally signing software. It's a huge investment, and small companies often can't afford it.

 

12 minutes ago, xeon said:

Well if Emsisoft recommends WFC, make no sense to not trust sig or not. I put no trust in sigs anyway!.

There's no point in sitting there and manually added the hashes for all of those programs so that they appear as "Trusted" in the Behavior Blocker. As soon as one of the binaries changes, the hashes change, and you have the same problem all over again. It would be a full time job to stay on top of it.

[xeon]

6 minutes ago, GT500 said:

To be fair, the cost of those certificates is ridiculous, and since you need two of them (a SHA-1 cert and a SHA-256 cert) to be fully Windows 7 compatible (or compatible with older versions of Windows that don't support SHA-2) the cost is actually double, and they bill you yearly for certificates for digitally signing software. It's a huge investment, and small companies often can't afford it.

 

There's no point in sitting there and manually added the hashes for all of those programs so that they appear as "Trusted" in the Behavior Blocker. As soon as one of the binaries changes, the hashes change, and you have the same problem all over again. It would be a full time job to stay on top of it.

Then why recommenced WFC?

Then behavior blocking is mostly relying on certificates?

Thanks.

[GT500]

Just now, xeon said:

Then why recommenced WFC? Then behavior blocking is mostly relying on certificates?

I think GlassWire is the only major Windows Firewall manager that is digitally signed. Not everyone likes it, so we listed multiple alternatives so that people could find something they liked.

[xeon]

4 minutes ago, GT500 said:

I think GlassWire is the only major Windows Firewall manager that is digitally signed. Not everyone likes it, so we listed multiple alternatives so that people could find something they liked.

I think I mentioned before it is more of a monitor then a firewall. 

[GT500]

2 minutes ago, xeon said:

I think I mentioned before it is more of a monitor then a firewall.

Yeah, it's just a fancy interface for managing the Windows Firewall (or monitoring it, depending on which version you have).

[JeremyNicoll]

The most recent version of WFC was released on 9 Sept.    I'd have thought that by now the current version of the app itself would have been seen by lots of people.  Does "Not Verified" in the OP's screenshot mean that VirusTotal & Emsi's   https://www.isthisfilesafe.com/   still aren't sure, or does the OP have  using the anti-malware-network  turned off?

[GT500]

It could indicate an error during the Anti-Malware Network lookup, or perhaps a failure to contact the Anti-Malware Network. I'll ask to see if I can verify that.

[stapp]

WFC is now on version 5.0.0.1 (released yesterday)

[Ken1943]

I do not have it monitored and get Reputation Unknown. Version 5.0.0.1

I do not have any problems with it.

[xeon]

3 hours ago, Ken1943 said:

I do not have it monitored and get Reputation Unknown. Version 5.0.0.1

I do not have any problems with it.

Same here, but I do get the explanation point in the wfc icon, then the message it cant connect to wfcs.

Putting it in the exclusions is useless, EAM still says verifying/unknown.

They have to make a way to exclude WFC or any program correctly.

And I don't want EAM looking up every program I use, because I know they are safe. That feature is off.

[GT500]

Whether the program is listed as monitored or verified has nothing to do with whether or not it is excluded (the exclusions don't effect that list). If it's excluded from monitoring, then hooks will not be opened to the program (this can be verified by using Process Hacker), and the Behavior Blocker will ignore it when it is running.

[Shmu26]

WFC updated, and here we are again, Emsisoft thinks it sees suspicious behavior. The only logical solution is as you said, to exclude it from monitoring.

[Buddel]

On 5.10.2017 at 7:30 AM, stapp said:

WFC is now on version 5.0.0.1 (released yesterday)

It's version 5.1.0.0.

[stapp]

2 minutes ago, Buddel said:

It's version 5.1.0.0.

But it was 5.0.0.1 when I made that post last October 

[Buddel]

Oops, you're right, @stapp

[GT500]

On 3/4/2018 at 1:28 PM, Shmu26 said:

WFC updated, and here we are again, Emsisoft thinks it sees suspicious behavior. The only logical solution is as you said, to exclude it from monitoring.

Unfortunately that's what happens when software publishers/developers don't digitally sign their applications. Our system for determining whether applications are safe is largely automated, and it can take a little bit of time for a new version of an application that's not digitally signed to be automatically trusted.

There's a link you can click on in Behavior Blocker notifications to tell it that you think it's safe and to allow it, or you can add an exclusion to prevent the Behavior Blocker from trying to take action against that application at all.

[Shmu26]

I am happy with that, Emsisoft is doing the right thing. Better safe than sorry. 

[GT500]

20 hours ago, Shmu26 said:

Better safe than sorry. 

Quite true.