search

henrypp / simplewall

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
GNU General Public License v3.0
6.05k stars 479 forks source link

Windows 10 x64 18362.476 "0x00000005","FWPM_ENGINE_COLLECT_NET_EVENTS" in Simplewall 3.0.8, 3.0.9 #580

Closed Chaython closed 4 years ago

Chaython commented 4 years ago

I've tried deleting simplewall and running from a clean portable.... Date,Function,Code,Description,Version "‎11/‎24/‎2019 ‏‎9:01:51 AM","FwpmEngineSetOption()","0x00000005","FWPM_ENGINE_COLLECT_NET_EVENTS","3.0.9" Duplicate issue, but last report was over a year ago. #222 Upon launch simplewall gives this error. In both 3.0.9 and 3.0.8. Clean or used. In the simplewall that was in use I was getting

Date,Function,Code,Description,Version "‎11/‎24/‎2019 ‏‎8:56:34 AM","FwpmEngineSetOption()","0x00000005","FWPM_ENGINE_COLLECT_NET_EVENTS","3.0.8" "‎11/‎24/‎2019 ‏‎8:56:35 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-1453024234-3616180941-1102234005-2266292043-2317887315-1176952642-787715550","3.0.8" "‎11/‎24/‎2019 ‏‎8:56:35 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436","3.0.8" "‎11/‎24/‎2019 ‏‎8:56:35 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-3465616109-161728717-3184539781-2371661060-2987382861-4249231001-3297839211","3.0.8" "‎11/‎24/‎2019 ‏‎8:56:35 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-799895971-3247220568-3867405995-831436046-3503946419-4257854523-163331328","3.0.8" "‎11/‎24/‎2019 ‏‎8:56:35 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-485311954-964556172-911770903-1917867353-8150032-3804483009-1057853067","3.0.8" "‎11/‎24/‎2019 ‏‎8:56:35 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-394563152-2424855110-4045318511-2346754585-2661108320-1744268866-3126932671","3.0.8" "‎11/‎24/‎2019 ‏‎8:56:35 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-3577337024-2797280128-295763726-2934344621-2088001155-2443986515-2613701780","3.0.8" "‎11/‎24/‎2019 ‏‎8:56:35 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-696134374-33265785-2065080720-3455019919-3100006001-323292606-77967077","3.0.8" "‎11/‎24/‎2019 ‏‎8:56:35 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-654996597-2065672326-1213243404-2927886825-3234197215-637772001-2508660845","3.0.8" "‎11/‎24/‎2019 ‏‎8:56:35 AM","DnsQuery (DNS_TYPE_A)()","0x0000007b","74.125.28","3.0.8" "‎11/‎24/‎2019 ‏‎8:56:35 AM","DnsQuery (DNS_TYPE_AAAA)()","0x0000007b","74.125.28","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:54 AM","FwpmEngineSetOption()","0x00000005","FWPM_ENGINE_COLLECT_NET_EVENTS","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:55 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-1453024234-3616180941-1102234005-2266292043-2317887315-1176952642-787715550","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:55 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:55 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-3465616109-161728717-3184539781-2371661060-2987382861-4249231001-3297839211","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:55 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-799895971-3247220568-3867405995-831436046-3503946419-4257854523-163331328","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:55 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-485311954-964556172-911770903-1917867353-8150032-3804483009-1057853067","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:55 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-394563152-2424855110-4045318511-2346754585-2661108320-1744268866-3126932671","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:55 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-3577337024-2797280128-295763726-2934344621-2088001155-2443986515-2613701780","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:55 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-696134374-33265785-2065080720-3455019919-3100006001-323292606-77967077","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:55 AM","_wfp_createrulefilter()","0x00000000","S-1-15-2-654996597-2065672326-1213243404-2927886825-3234197215-637772001-2508660845","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:55 AM","DnsQuery (DNS_TYPE_A)()","0x0000007b","74.125.28","3.0.8" "‎11/‎24/‎2019 ‏‎9:02:55 AM","DnsQuery (DNS_TYPE_AAAA)()","0x0000007b","74.125.28","3.0.8"

No "new"[applications launched while simplewall is active] applications are appearing in a clean nor the used simplewall. The clean simplewall only shows the following "apps" simplewall.exe, svchost.exe, system. All services and packages are loaded. Filtering is still working if you manually add to the profile.xml. It just stopped working yesterday. No idea why. Other issues I was having before it stopped working was 3.0.8 kept prompting to update to 3.0.9 but update would fail. 3.0.9 would keep prompting for a language pack update. If you chose to install it would have a progress percentage. it would run indefinitely and percentage would go -19999%... AOE2DE in Windows Store would make multiple new "apps" entries whenever you launched the game, not refering to an exe rather a device mounted in the filesystem

"\device\harddiskvolume..\Microsoft.MSPhoenix_101.101.33059.0_x64__8wekyb3d8bbwe

[you couldn't open the containing folder, nor could you copy the dir and go to it]... Though it seems to just be how AOE2DE works, nothing to do with simplewall... [other windows store apps also refer to "device\harddiskvolume..\" AOE2DE is the only app however the will make like 5 entries on launch.

There's timestamps in XML, so perhaps the clock doesn't match what simplewall expects the clock to be? The used Simplewall profile seems to hate windows UWP packages S-1-15-2-394563152-2424855110-4045318511-2346754585-2661108320-1744268866-3126932671 and doesn't like me blocking 74.125.28 as it expects 74.125.28.xxx. So the used log should be irrelevant as the error that's actually breaking functionality is "FwpmEngineSetOption()","0x00000005","FWPM_ENGINE_COLLECT_NET_EVENTS"

arcanacodec commented 4 years ago

I'm having the same issue, it was working fine then started doing this, maybe the culprit is a Windows 10 update.

Chaython commented 4 years ago

The following was pushed to me on the 19th; I don't recall having the issues back then [think it started Friday not Tuesday]. Though I will try reverting kb4524570 and lyk

kb4524570 security update kb4524569 service stack update https://support.microsoft.com/en-gb/help/4524570/windows-10-update-kb4524570

Chaython commented 4 years ago

For the "FWPM_ENGINE_COLLECT_NET_EVENTS" a clean windows install fixed the issue. Never trust windows to update itself.