tnodir
commented
1 week ago If there is not a solution for this with SW, maybe someone found some other way?
Fort Firewall solves it by using driver, so you can filter by service names.
I think, SW also could solve this problem by using its Service, monitoring the running services and updating the rules for service process id-s.
Tinywall also does not use driver (but uses a Service) and has an "Allow same rules to children processes" feature. So Tinywall updates its rules by process id-s.
Checklist
App version
3.8.2
Problem you are trying to solve
I want to contain and control svchost.exe.
Suggested solution
This was posted some time ago, but it appears no one has come up with a solution for it:
"Containing svchost" https://github.com/henrypp/simplewall/issues/516
Now, like others, I am blocking svchost.exe and allowing when needed which is kind of OK, but it is getting really annoying, yet not annoying enough to wholesale allow svchost.exe.
There has to be a solution to this. Like, if svchost.exe is started by "example program" allow svchost.exe for "some amount of time". Or, always allow it if started by some app you know and trust. But I cannot create a rule that works like this.
It almost seems like svchost was designed this way to annoy people to the point that they just allow it, which basically grants access to anything, anytime, to do whatever it wants.
If there is not a solution for this with SW, maybe someone found some other way? I can't find any decent options. It would be great if I could do this with SW. If I am missing something, let me know.
Thanks!
Screenshots / Drawings / Technical details
No response