working-name
commented
1 year ago No, Portmaster is faulty on windows. I never tried SPN, because it has no value proposition for me. Portmaster hasn't worked normally on Windows ever since I first tried it 1+ years ago. And the direction is backwards (UI has become more cumbersome, not more user friendly), with lots of pushback from the devs - oh, it's Windows' fault for this and that. Oh, it's your fault because you cleared your DNS entries... anything but the actual software. To be fair, though, "connection history" sounds like what PM has done all along, I didn't get the distinction of on-machine analysis. For example, where's the "live view" for connections? You have to hit refresh every time you want to see the new connections being made by an app.
Portmaster is currently the most technically advanced firewall available for Windows. Say what you will about the user interface and feature set, but unless you want something that MitMs encrypted connections, nothing else out there has per-process, per-domain, per-port, per-protocol control over your entire computer, including all privileged operating system processes. Not to mention the ability to give you live prompts to allow selected first-time connections to succeed—I've seen live prompts implemented in other ways before, but Portmaster (similarly to Little Snitch for macOS, which is where I came from) is the only firewall that can prompt me about a connection without actually blocking it first.
(FWIW, I also have never paid for Portmaster and have never used the SPN.)
I'm not saying Portmaster isn't a good idea, because it is. But execution wise, it's just not there. If it worked, I'd be praising its accomplishments, and not installing and uninstalling every so often to see if anything got fixed.
I am still willing and saying that the UI gets in the way. The greatest achievement of prompting without blocking is hindered terribly by the fact that you have to click 3 times to open a tiny floater window that resets its position and collapses all of the things you expanded as you scroll down to find the connection you're interested in allowing or blocking. A really, really far cry from the amazing interface Little Snitch presents. I mentioned that sucker 10x in many different ways and tickets - did anything change in the past 6 months? Nope. Should I keep holding out hope that Portmaster will get it right? You tell me.
There are other firewalls that prompt on windows, but yes, not as fully featured past that feature. On linux there's a little snitch clone working almost perfectly.
Speaking of, Portmaster's approach is very similar to what Fort is doing (open source as well, on windows), but Fort is just now getting the per-domain type blocks vs allow/deny all traffic per app. It also isolates privileged svchost stuff, and so on.
Point is, if PM doesn't get it right, someone else will. And it would be foolish to waste all this work by paywalling or asking for money precociously. I definitely would NOT pay for portmaster on windows in its state for the past 1.5 years.
Andell4301
dhaavi
Raphty
Baton34
zsmith009
MagicJinn
lkraider
6Fv
What happened:
Sometimes, when sending an HTTP request or opening some other kind of connection, it will just... hang for 5-10 seconds. It's not my internet or the other server, and Portmaster correctly logs and attributes the connection to the right process, it's just... some things are slow. And this is for allowed connections. Like, websites will take a long time to open but will then load quickly, and Discord messages will occasionally take way too long to send, among other random things throughout the system.
What did you expect to happen?:
Portmaster shouldn't delay any allowed connections
How did you reproduce it?:
I have Windows Defender Firewall fully disabled, and I'm using the network over a USB-3-to-Ethernet dongle, if that matters.
I have Portmaster set to prompt for connections that don't have associated rules, but.... these connections are not being prompted. They just... take a few seconds to open even though they are already allowed.
Debug Information:
Version 1.0.7
``` Portmaster version 1.0.7 commit tags/v1.0.7-0-gdc5dd359bfef1e739ef06fd439d1df15e3603c7c built with go1.19 (gc) windows/amd64 using options main.go by user@docker on 21.02.2023 Licensed under the AGPLv3 license. The source code is available here: https://github.com/safing/portmaster ```Platform: Microsoft Windows 10 Home 10.0.19041 Build 19041
``` System: Microsoft Windows 10 Home windows (Standalone Workstation) 10.0.19041 Build 19041 Kernel: 10.0.19041 Build 19041 x86_64 ```Status: Trusted
``` ActiveSecurityLevel: Trusted SelectedSecurityLevel: Off ThreatMitigationLevel: Trusted CaptivePortal: OnlineStatus: Online ```Config: 11
``` core/automaticUpdates: false core/expertiseLevel: developer dns/nameserverRetryRate: 30 dns/nameservers: [redacted] dns/noAssignedNameservers: 7 dns/noInsecureProtocols: 7 filter/blockInbound: 6 filter/defaultAction: ask filter/endpoints: [redacted] filter/lists: [TRAC MAL DECEP BAD CB-MW WSP SH-CRL SH-OCSP UNBREAK] spn/use: false ```Resolvers: 10/10
``` Cloudflare (dot://cloudflare-dns.com:853#config) dot://cloudflare-dns.com:853#config Failing: false Cloudflare (dot://cloudflare-dns.com:853#config) dot://cloudflare-dns.com:853#config Failing: false 2606:4700:4700::1111 (dns://2606:4700:4700::1111:53#system) dns://2606:4700:4700::1111:53#system Failing: false 2606:4700:4700::1001 (dns://2606:4700:4700::1001:53#system) dns://2606:4700:4700::1001:53#system Failing: false 2001:4860:4860::8888 (dns://2001:4860:4860::8888:53#system) dns://2001:4860:4860::8888:53#system Failing: false 2001:4860:4860::8844 (dns://2001:4860:4860::8844:53#system) dns://2001:4860:4860::8844:53#system Failing: false 1.1.1.1 (dns://1.1.1.1:53#system) dns://1.1.1.1:53#system Failing: false 1.0.0.1 (dns://1.0.0.1:53#system) dns://1.0.0.1:53#system Failing: false 8.8.8.8 (dns://8.8.8.8:53#system) dns://8.8.8.8:53#system Failing: false 8.8.4.4 (dns://8.8.4.4:53#system) dns://8.8.4.4:53#system Failing: false ```SPN: disabled (module disabled)
``` HomeHubID: HomeHubName: HomeHubIP: Transport: --- Client: true PublicHub: false HubHasIPv4: false HubHasIPv6: false ```Compatibility: WFP State (19)
``` Edge traversal Teredo Authorization Sublayer SubLayer Edge traversal Teredo Authorization Sublayer {7b6b11f6-cbb5-433c-ae06-6a4f0076e49e} IPxlat Forward IPv4 filter Callout Filters forwarded IPv4 packets into synthetic IPv6 packets {b255c296-7e0c-4115-95f3-b7f24a8a1162} [no provider key] FWPM_LAYER_IPFORWARD_V4 IPxlat Forward IPv4 sub layer SubLayer Sub layer for filtering forwarded IPv4 packets into synthetic IPv6 packets {4351e497-5d8b-46bc-86d9-abccdb868d6d} IPxlat Inbound IPv6 filter Callout Filters incoming IPv6 packets into synthetic IPv4 packets {93bb703d-0502-42e2-8e30-a14576e5085d} [no provider key] FWPM_LAYER_INBOUND_IPPACKET_V6 IPxlat Inbound IPv6 sub layer SubLayer Sub layer for filtering incoming IPv6 packets into synthetic IPv4 packets {dfb035ca-c2a7-4684-97b6-4dbc57c63590} IPxlat Outbound IPv4 filter Callout Filters outgoing IPv4 packets into synthetic IPv6 packets {66d52657-1979-4e58-b3f7-4756434c4880} [no provider key] FWPM_LAYER_OUTBOUND_IPPACKET_V4 IPxlat Outbound IPv4 sub layer SubLayer Sub layer for filtering outgoing IPv4 packets into synthetic IPv6 packets {d3e70856-fc90-4c0a-b9b2-a6f73e20b5cc} PortmasterInboundV4Callout Callout This callout is used by the Portmaster to intercept inbound IPv4 traffic. {05c55149-4732-4857-8d10-f178f3a06f8c} [no provider key] FWPM_LAYER_INBOUND_IPPACKET_V4 PortmasterInboundV4Filter Filter This filter is used by the Portmaster to intercept inbound IPv4 traffic. {4d24331c-a656-4b98-9d9f-266eff2a533e} [no provider key] FWPM_LAYER_INBOUND_IPPACKET_V4 {a87fb472-fc68-4805-8559-c6ae774773e0} PortmasterInboundV6Callout Callout This callout is used by the Portmaster to intercept inbound IPv6 traffic. {ceff1df7-2baa-44c5-a6e5-73a95849bcff} [no provider key] FWPM_LAYER_INBOUND_IPPACKET_V6 PortmasterInboundV6Filter Filter This filter is used by the Portmaster to intercept inbound IPv6 traffic. {006c4a4a-3066-45ce-8360-90c48555c66b} [no provider key] FWPM_LAYER_INBOUND_IPPACKET_V6 {a87fb472-fc68-4805-8559-c6ae774773e0} PortmasterOutboundV4Callout Callout This callout is used by the Portmaster to intercept outbound IPv4 traffic. {41162b9e-8473-4b88-a5eb-04cf1d276b06} [no provider key] FWPM_LAYER_OUTBOUND_IPPACKET_V4 PortmasterOutboundV4Filter Filter This filter is used by the Portmaster to intercept outbound IPv4 traffic. {b69fe9ab-6ca2-422a-a246-41367aa04a06} [no provider key] FWPM_LAYER_OUTBOUND_IPPACKET_V4 {a87fb472-fc68-4805-8559-c6ae774773e0} PortmasterOutboundV6Callout Callout This callout is used by the Portmaster to intercept outbound IPv6 traffic. {32bad112-6af4-4109-809b-c07570ba01b4} [no provider key] FWPM_LAYER_OUTBOUND_IPPACKET_V6 PortmasterOutboundV6Filter Filter This filter is used by the Portmaster to intercept outbound IPv6 traffic. {8888fde4-e98b-4133-ab83-8d5b45a43405} [no provider key] FWPM_LAYER_OUTBOUND_IPPACKET_V6 {a87fb472-fc68-4805-8559-c6ae774773e0} PortmasterSublayer SubLayer The Portmaster sublayer holds all it's filters. {a87fb472-fc68-4805-8559-c6ae774773e0} Private Internet Access Firewall Provider Implements privacy filtering features of Private Internet Access. {08de3850-a416-4c47-b3ad-657c5ef140fb} Private Internet Access Firewall SubLayer Implements privacy filtering features of Private Internet Access. {f31e288d-de5a-4522-9458-de14ebd0a3f8} Teredo socket option opt out block filter Filter [no description] {452c2f19-bef9-4738-bcf5-04f97ee5f04e} {3b4cc995-4067-4d73-914c-31c2ccf09530} FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6 {7b6b11f6-cbb5-433c-ae06-6a4f0076e49e} ```Notifications Module Error
``` Message: panic: runtime error: invalid memory address or nil pointer dereference Timestamp: 2023-03-21 10:46:22.9235129 -0700 PDT m=+748805.290658501 ModuleName: notifications TaskName: notification action execution TaskType: worker Severity: panic PanicValue: runtime error: invalid memory address or nil pointer dereference StackTrace: goroutine 1314617 [running]: runtime/debug.Stack() /usr/local/go/src/runtime/debug/stack.go:24 +0x65 github.com/safing/portbase/modules.(*Module).NewPanicError(0xc00018a8c0, {0xb27fc0, 0x1d}, {0xaf5879, 0x6}, {0xa10f40?, 0x1254ec0}) /home/user/git/safing/portbase/modules/error.go:61 +0x94 github.com/safing/portbase/modules.(*Module).runWorker.func1() /home/user/git/safing/portbase/modules/worker.go:121 +0x71 panic({0xa10f40, 0x1254ec0}) /usr/local/go/src/runtime/panic.go:884 +0x212 github.com/safing/portmaster/profile.GetLocalProfile({0xc0026446f0, 0x24}, {0x0, 0x0}, 0x0) /home/user/git/safing/portmaster/profile/get.go:133 +0xa27 github.com/safing/portmaster/firewall.saveResponse(0xc0007d21e0?, 0xc001973a20, {0xc000524bb0, 0x10}) /home/user/git/safing/portmaster/firewall/prompt.go:263 +0x145 github.com/safing/portmaster/firewall.createPrompt.func1({0xc0022ad0e0?, 0xc0001b5680?}, 0xc00113fe88?) /home/user/git/safing/portmaster/firewall/prompt.go:191 +0x32 github.com/safing/portbase/notifications.(*Notification).selectAndExecuteAction.func1({0xc9b1b8?, 0xc000731900?}) /home/user/git/safing/portbase/notifications/notification.go:461 +0x2e github.com/safing/portbase/modules.(*Module).runWorker(0x0?, {0xb27fc0?, 0xca4290?}, 0xc000709720?) /home/user/git/safing/portbase/modules/worker.go:130 +0x93 github.com/safing/portbase/modules.(*Module).RunWorker(0x1746b7?, {0xb27fc0?, 0xc0007095e0?}, 0xc00113ffb8?) /home/user/git/safing/portbase/modules/worker.go:52 +0x77 github.com/safing/portbase/modules.(*Module).StartWorker.func1() /home/user/git/safing/portbase/modules/worker.go:27 +0x4a created by github.com/safing/portbase/modules.(*Module).StartWorker /home/user/git/safing/portbase/modules/worker.go:26 +0xac ```Unexpected Logs
``` 230321 09:30:26.418 ate/tables:037 > WARN 113 state: failed to get UDP6 socket table: insufficient buffer error (tried 5 times): provided 1024 bytes; required 1328 bytes - [NT 0x7A] The operation completed successfully. ```Updates: stable (6/29)
``` Active: all/intel/geoip/geoipv4.mmdb.gz: 20230102.9.32 all/intel/geoip/geoipv6.mmdb.gz: 20230102.13.14 all/intel/portmaster/notifications.yaml: 20230227.8.35 all/ui/modules/assets.zip: 0.3.1 all/ui/modules/portmaster.zip: 0.4.5 windows_amd64/kext/portmaster-kext.sys: 1.0.17 Selected: all/intel/geoip/geoipv4.mmdb.gz: 20230102.9.32 all/intel/geoip/geoipv4.mmdb: 20230102.9.32 all/intel/geoip/geoipv6.mmdb.gz: 20230102.13.14 all/intel/geoip/geoipv6.mmdb: 20230102.13.14 all/intel/lists/base.dsdl: 20230301.0.3 all/intel/lists/index.dsd: 2022.6.7 all/intel/lists/intermediate.dsdl: 20230305.0.1 all/intel/lists/urgent.dsdl: 20230311.15.1 all/intel/portmaster/notifications.yaml: 20230227.8.35 all/intel/spn/main-intel.yaml: 20230310.10.36 all/ui/modules/assets.zip: 0.3.1 all/ui/modules/base.zip: 0.2.11 all/ui/modules/console.zip: 0.1.11 all/ui/modules/monitor.zip: 0.2.4 all/ui/modules/portmaster.zip: 0.4.5 all/ui/modules/profilemgr.zip: 0.1.7 all/ui/modules/settings.zip: 0.1.8 windows_amd64/app/portmaster-app.zip: 0.2.5 windows_amd64/core/portmaster-core.exe: 1.0.7 windows_amd64/hub/spn-hub.exe: 0.6.2 windows_amd64/jess/jess.exe: 0.3.1 windows_amd64/kext/portmaster-kext.dll: 1.0.14 windows_amd64/kext/portmaster-kext.pdb: 1.0.17 windows_amd64/kext/portmaster-kext.sys: 1.0.17 windows_amd64/notifier/portmaster-notifier.exe: 0.3.5 windows_amd64/notifier/portmaster-snoretoast.exe: 0.6.0 windows_amd64/notifier/portmaster-wintoast.dll: 0.1.4 windows_amd64/packages/portmaster-installer.exe: 1.0.0 windows_amd64/start/portmaster-start.exe: 1.0.2 ```Goroutine Stack
