The Portable Freeware Collection Forums

I've been considering adding a connection check as part of my standard testing for some time, but I've delayed it a bit because I don't want to mess with more system noise that might affect the registry. However, recent news about Wacom devices tracking WAY more than is necessary made me start to wonder.

Now the initial checks about the Wacom issue above were using a network sniff tool (like Wireshark) to sort out what was being sent, but that's a more intensive test. At this stage, I'd just like to know what Baas used to call a "phoning home": where a program doesn't need to connect to the internet but does anyway. Maybe it's just auto-checking for updates, but maybe I'd prefer it didn't.

There are a few tools to test for this, including PortExpert (and several others that Special mentioned in that thread), but does anyone have any recommendations? Do you run tests like these? Bonus points if you can point me to a program that makes it easy to block local software connections.

--

Update: the excellent Simplewall viewtopic.php?p=86582#p86582 did the trick here

When Wireshark is overkill, for me it's CurrPorts
Maybe also LiveTcpUdpWatch for all UDP activity

simplewall viewtopic.php?f=4&t=23397
asks for the user's permission to establish a new connection.

webfork wrote: ↑I've been considering adding a connection check as part of my standard testing for some time...

That should be standard procedure, yes.

It's just that it's not that easy or straightforward as checking for system traces -- e.g., there have been cases where programs delay days or even weeks before 'phoning home'...

Midas wrote: ↑Sat Mar 21, 2020 7:38 am It's just that it's not that easy or straightforward as checking for system traces -- e.g., there have been cases where programs delay days or even weeks before 'phoning home'...

It's sounding like for the test I'm going to need something comprehensive, like a more robust firewall or some 3rd party program that notifies me when there's a new connection.

For users, is there a way to new programs as blocked-by-default from the Windows firewall? Does anyone know of a program or tweak?

See juverax previous post, I think Simplewall does just that. Correct me if I'm wrong, please.

Midas wrote: ↑Sun Mar 22, 2020 10:37 am See juverax previous post, I think Simplewall does just that. Correct me if I'm wrong, please.

I completely missed that, thanks both juverax and Midas.

And yes, this definitely works, though not by default. You've got to select Enable Filters. In any case, the result (when used with Splat's update checker):


So this indicates 1). it's definitely blocking connections based on the error and 2) this is easily resolved by allowing the connection. Furthermore, it shows both what IP is being contacted, as well as the protocol used (in this case TCP). It even solved a problem I didn't know I had by pointing out a system process that was long overdue to get removed. Marking this as resolved. Thanks!

webfork wrote: ↑Sat Mar 21, 2020 11:09 am For users, is there a way to new programs as blocked-by-default from the Windows firewall? Does anyone know of a program or tweak?

i use the free (installer) "Windows Firewall Control" - now owned by Malwarebytes

by default any new programs are blocked from connecting to the internet - will trigger a popup so you can see immediately who is calling home

may not be 100% though as in the past i think there were a few programs that were able to launch the default browser and open to their home page but i haven't seen this happen in a few years now. Also sometimes i wonder if clever programs are able to use something like svchost.exe, which has to be allowed to access internet

bitcoin wrote: ↑Mon Mar 30, 2020 8:29 am i use the free (installer) "Windows Firewall Control" - now owned by Malwarebytes

Are you talking about the Binisoft program? because it looks like Majorgeeks has that program listed but has malwarebytes screenshots: https://www.majorgeeks.com/files/detail ... ntrol.html

bitcoin wrote: ↑Mon Mar 30, 2020 8:29 am i wonder if clever programs are able to use something like svchost.exe, which has to be allowed to access internet

Someday down the road I'd like to figure out how to catch stuff like that, but at the moment my goal is just finding out when a connection attempt happens and maybe where it points to.

webfork wrote: ↑Wed Apr 01, 2020 6:59 pm

bitcoin wrote: ↑Mon Mar 30, 2020 8:29 am i use the free (installer) "Windows Firewall Control" - now owned by Malwarebytes

Are you talking about the Binisoft program? because it looks like Majorgeeks has that program listed but has malwarebytes screenshots: https://www.majorgeeks.com/files/detail ... ntrol.html

yeah it was Binisoft

i wonder how much he got for selling the program

webfork wrote: ↑Wed Apr 01, 2020 6:59 pm

bitcoin wrote: ↑Mon Mar 30, 2020 8:29 am i wonder if clever programs are able to use something like svchost.exe, which has to be allowed to access internet

Someday down the road I'd like to figure out how to catch stuff like that, but at the moment my goal is just finding out when a connection attempt happens and maybe where it points to.

there are two different svchost.exe that popup although supposedly only one needs to be allowed. There are also a few others like NT Kernel and System that i allow for now just because i'm too weary to look all these things up.

Old thread update: I tested out Tinywall's connections view: