search

henrypp / simplewall

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
GNU General Public License v3.0
6.29k stars 487 forks source link

Disabling filters from cmd without firewall prompt dialog (-uninstall -silent) #1698

Open fragtion opened 9 months ago

fragtion commented 9 months ago

Checklist

App version

3.7.7

Problem you are trying to solve

I got locked out of one my windows-based cloud VPS's after creating a block rule without specifying the IP (oops)

I have serial access to the VPS and can spawn command prompt / powershell

However, when running simplewall.exe -silent -uninstall, it still pops up a prompt asking if I want to disable windows firewall

Unfortunately I only have cmd access so I can't access that dialog window.

Is there any other method I could use so long, to disable the filters?

Suggested solution

Possibility to disable the simplewall filters purely from command prompt

Screenshots / Drawings / Technical details

image

fragtion commented 9 months ago

Alright I was able to recover access to my VPS with following technique:

cmd:

reg export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\Filter" C:\FilterBackup.reg
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\Filter" /f

and disable firewall (I did with Powershell): Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

Followed by a reboot of the VPS.

Hopefully this can help someone else who makes the same mistake. It's a bit extreme of a workaround, but can save you from reprovisioning the whole VPS...

reddyshyam commented 9 months ago

Out of the topic but I would like to have this feature too if possibe please. Would be handy to disable filters and enable them via CMD

HeresJonny commented 8 months ago

Would also be handy for malware to disable blocking filters silently...

reddyshyam commented 8 months ago

Would also be handy for malware to disable blocking filters silently...

🤣 That is also quite possible.

fragtion commented 8 months ago

Would also be handy for malware to disable blocking filters silently...

The likelihood of any malware specifically targeting a niche third-party utility like simplewall is very slim, so that does not seem like a great reason to avoid developing a feature that would make the software better for simplewall's actual userbase where there is clearly a use-case/demand for such feature to exist..

Besides, if the malware developer really wanted to disable the filter rules, they'd be better off taking the approach I did (in post 2 of this thread - https://github.com/henrypp/simplewall/issues/1698#issuecomment-1890748816) - simply deleting the rules from registry - as that would disable the filters universally anyway, regardless of which app set them (simplewall or otherwise)..

Another thing is, the malware developer would also need to have a good enough knowledge about simplewall to know that such a command exists, which will be scarcely documented anywhere besides the command line help prompt anyway. As a user of simplewall for several years, I was only prompted to try find such a command-line option when I really needed it - so even most seasoned simplewall users won't know that such a feature exists unless they really need to use it as they probably only use the GUI most of the time anyway.

So from the point of view of malware alone, the case for not adding this feature does not seem to be a strong/compelling one after all