Recommended Posts

You recommend WFC4, but why is behavior blocker always showing "not verified"? Always returns to not verified every-time a re-boot.

How can I make it trusted?

Sometimes the icon will not start, I believe this is the problem.

Screen-shots:

2017-10-03 13_58_45-.png
Download Image

2017-10-03 14_03_04-.png
Download Image

Share this post


Link to post
Share on other sites

The author of WFC does not digitally sign the product - there's something on the binisoft website about that - too expensive to get the certificate; I'm not sure if you can tell EAM to trust it.  You would be able to define an application rule and 'allow' all behaviours, but that's not quite the same thing, or is it?

Share this post


Link to post
Share on other sites
3 minutes ago, JeremyNicoll said:

The author of WFC does not digitally sign the product - there's something on the binisoft website about that - too expensive to get the certificate; I'm not sure if you can tell EAM to trust it.  You would be able to define an application rule and 'allow' all behaviours, but that's not quite the same thing, or is it?

Well if Emsisoft recommends WFC, make no sense to not trust sig or not. I put no trust in sigs anyway!.

I do see a way to allow all behaviors, I click allow all behaviors is is still verifying .

Share this post


Link to post
Share on other sites
16 minutes ago, JeremyNicoll said:

too expensive to get the certificate

To be fair, the cost of those certificates is ridiculous, and since you need two of them (a SHA-1 cert and a SHA-256 cert) to be fully Windows 7 compatible (or compatible with older versions of Windows that don't support SHA-2) the cost is actually double, and they bill you yearly for certificates for digitally signing software. It's a huge investment, and small companies often can't afford it.

 

12 minutes ago, xeon said:

Well if Emsisoft recommends WFC, make no sense to not trust sig or not. I put no trust in sigs anyway!.

There's no point in sitting there and manually added the hashes for all of those programs so that they appear as "Trusted" in the Behavior Blocker. As soon as one of the binaries changes, the hashes change, and you have the same problem all over again. It would be a full time job to stay on top of it.

Share this post


Link to post
Share on other sites
6 minutes ago, GT500 said:

To be fair, the cost of those certificates is ridiculous, and since you need two of them (a SHA-1 cert and a SHA-256 cert) to be fully Windows 7 compatible (or compatible with older versions of Windows that don't support SHA-2) the cost is actually double, and they bill you yearly for certificates for digitally signing software. It's a huge investment, and small companies often can't afford it.

 

There's no point in sitting there and manually added the hashes for all of those programs so that they appear as "Trusted" in the Behavior Blocker. As soon as one of the binaries changes, the hashes change, and you have the same problem all over again. It would be a full time job to stay on top of it.

Then why recommenced WFC?

Then behavior blocking is mostly relying on certificates?

Thanks.

Share this post


Link to post
Share on other sites
Just now, xeon said:

Then why recommenced WFC? Then behavior blocking is mostly relying on certificates?

I think GlassWire is the only major Windows Firewall manager that is digitally signed. Not everyone likes it, so we listed multiple alternatives so that people could find something they liked.

Share this post


Link to post
Share on other sites
4 minutes ago, GT500 said:

I think GlassWire is the only major Windows Firewall manager that is digitally signed. Not everyone likes it, so we listed multiple alternatives so that people could find something they liked.

I think I mentioned before it is more of a monitor then a firewall. 

Share this post


Link to post
Share on other sites
2 minutes ago, xeon said:

I think I mentioned before it is more of a monitor then a firewall.

Yeah, it's just a fancy interface for managing the Windows Firewall (or monitoring it, depending on which version you have).

Share this post


Link to post
Share on other sites

The most recent version of WFC was released on 9 Sept.    I'd have thought that by now the current version of the app itself would have been seen by lots of people.  Does "Not Verified" in the OP's screenshot mean that VirusTotal & Emsi's   https://www.isthisfilesafe.com/   still aren't sure, or does the OP have  using the anti-malware-network  turned off?

Share this post


Link to post
Share on other sites

It could indicate an error during the Anti-Malware Network lookup, or perhaps a failure to contact the Anti-Malware Network. I'll ask to see if I can verify that.

Share this post


Link to post
Share on other sites
3 hours ago, Ken1943 said:

I do not have it monitored and get Reputation Unknown. Version 5.0.0.1

I do not have any problems with it.

Same here, but I do get the explanation point in the wfc icon, then the message it cant connect to wfcs.

Putting it in the exclusions is useless, EAM still says verifying/unknown.

They have to make a way to exclude WFC or any program correctly.

And I don't want EAM looking up every program I use, because I know they are safe. That feature is off.

Share this post


Link to post
Share on other sites

Whether the program is listed as monitored or verified has nothing to do with whether or not it is excluded (the exclusions don't effect that list). If it's excluded from monitoring, then hooks will not be opened to the program (this can be verified by using Process Hacker), and the Behavior Blocker will ignore it when it is running.

Share this post


Link to post
Share on other sites

WFC updated, and here we are again, Emsisoft thinks it sees suspicious behavior. The only logical solution is as you said, to exclude it from monitoring.

Share this post


Link to post
Share on other sites
2 minutes ago, Buddel said:

It's version 5.1.0.0. :wub:

But it was 5.0.0.1 when I made that post last October :)

Share this post


Link to post
Share on other sites
On 3/4/2018 at 1:28 PM, Shmu26 said:

WFC updated, and here we are again, Emsisoft thinks it sees suspicious behavior. The only logical solution is as you said, to exclude it from monitoring.

Unfortunately that's what happens when software publishers/developers don't digitally sign their applications. Our system for determining whether applications are safe is largely automated, and it can take a little bit of time for a new version of an application that's not digitally signed to be automatically trusted.

There's a link you can click on in Behavior Blocker notifications to tell it that you think it's safe and to allow it, or you can add an exclusion to prevent the Behavior Blocker from trying to take action against that application at all.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.