A free, lightweight and non-intrusive firewall
Frequently Asked Questions
What are the system requirements to run TinyWall?
TinyWall runs on all versions (including all editions and languages, 32bit and 64bit) of Windows Vista, Windows 7, Windows 8, 8.1, and Windows 10. However, firewall tampering protection is not active on Windows Vista. Also, Windows Vista users need to install Microsoft .Net Framework 3.5 SP1 or newer before installing TinyWall.
How does TinyWall compare to other firewall products?
The traditional task of a firewall is to filter network traffic to ensure that no unwanted network communication takes place. In this regard TinyWall is just as reliable as any other paid firewall. Some other products include a Host-based Intrusion Prevention System (HIPS) which provides additional security, at the cost of incompatibility with some applications and the need for more user intervention. TinyWall does not come with HIPS functionality.
Why do I need a software firewall? I already have a hardware firewall.
Hardware firewalls restrict traffic based on information in the network packets, like ports, hosts and protocols, but they are unable to determine what applications are communicating. If you allow HTTP/80 in your hardware firewall, you will be able to browse the internet, but you’ve also automatically given internet access to all other kinds of software you might not trust. A software firewall allows you to control applications separately.
Additionally, most consumer hardware firewalls are set up to only filter incoming communication. TinyWall will also let you control network traffic originating from your computer.
How do I uninstall TinyWall?
The latest version of TinyWall can be uninstalled from the Windows Control Panel just like any other software.
If you are using version 1.0.x, in TinyWall's tray menu go to Manage, select the Maintenance tab and click the Uninstall button there. If this button is greyed out, you first need to select Elevate in the tray menu to make sure you have the necessary privileges. If you have any problems uninstalling TinyWall v1, please use this utility to remove it. Do not use this utility on later versions of TinyWall.
Is TinyWall compatible with other security software?
- TinyWall is compatible with all antivirus file system protections.
- TinyWall is compatible with blocklisting software, such as PeerBlock.
- Some "web shields" of specific security suites may make you unable to control some application separately using TinyWall, but TinyWall will still continue to function perfectly.
- With the exception of Windows Firewall, no other firewall software should be active while TinyWall is installed. Even if two firewall products can technically coexist, it is strongly discouraged to avoid user confusion.
- If you are using HIPS software, make sure not to restrict TinyWall in the HIPS software. This usually needs additional configuration in the HIPS software.
- If TinyWall is set to do so in its settings, no other software may be used to manage or protect the hosts file.
After installation TinyWall is automatically granted internet access. Why?
This is to enable the automatic update checks and the download of updates for TinyWall. TinyWall does not send any information about the user or the computer over the internet. If you still wish to deny TinyWall access to the internet, disable TinyWall on the Special Exceptions tab.
I installed TinyWall and now I cannot access the internet. What happened?
Upon installation TinyWall locks down your PC such that no network communication may take place, except for a few known applications. If you experience connectivity problems in some programs, use one of the "Whitelist by ..." options in the tray menu to unblock specific applications.
Can I install TinyWall over a remote connection?
No. After TinyWall is installed, it defaults to blocking network traffic, and the user has to whitelist applications manually. If you install TinyWall over a remote connection, you will lock yourself out.
I am trying to whitelist applications by window, but TinyWall doesn't register the "click". Why?
TinyWall can only whitelist other applications by window if they aren't using higher privileges. If you want to whitelist an admin app using the window method, make sure TinyWall's tray is running as admin too. You can easily achieve this by selecting "Elevate" from the tray's context menu.
Why does Tinywall keep disabling File and Printer Sharing?
TinyWall does not. It is a design deficiency in Windows File and Printer Sharing to check for specific rules, instead of actually trying to access the network. TinyWall creates the rules correctly if enabled in its settings. First, make sure you have File and Printer Sharing enabled in TinyWall. Then, instead of trying to browse the local network, map your remote folder/drive to a local drive letter (enable it to reconnect every time you log on. This will work flawlessly and comfortably, and in fact is also proof that TinyWall enables file sharing correctly. Other computers can also access shares on your PC, of course. To use network printers, you might need to whitelist manufacturer-specific executables too, depending on your printer drivers.
Why the option to block applications if TinyWall blocks all applications by default anyway?
TinyWall blocks all applications by default in some of its operation modes, including the "Normal" mode which is the standard mode of operation. Explicitly blocking is useful to deny network access for an application even when the firewall mode is set to allow all outgoing communication.
What is the "Unblock LAN traffic" option for?
It is an option to easily allow network traffic from/to the local network. It is most useful if you only wish to limit internet traffic. Normally when TinyWall is operating in "Normal" mode with this option unchecked, it will block all traffic except for whitelisted applications. But if "Unblock LAN traffic" is checked, traffic from/to the LAN will be allowed by default even in "Normal" mode. Basically, if this option is enabled, TinyWall behaves as if the firewall was mostly disabled for the local network, but enabled for the internet.
What is the difference between port-based and domain-based blocklists?
Port-based blocklist is implemented as a firewall rule and blocks traffic based on port numbers irrespective of the remote host. Its goal is to undermine some common and known malware that use specific ports. It usually affects only specific (malicious) applications. Domain-based blocklist is implemented as a custom hosts file and blocks specific remote hosts irrespective of the port number. Its goal is to block certain hosts no matter what application tries to communicate with them, and in addition to malware it will also block some forms of internet advertising.
I have whitelisted an application but it still cannot access the network. What is going on?
You might find that even though you have whitelisted the executable of an application, it still cannot connect to the internet. However, the conclusion that TinyWall is not working is probably wrong. This kind of issue is most often caused by whitelisting the wrong executable, or not whitelisting every executable needed for the operation of that particular program. Some applications use multiple executables to connect to the internet. If you do not unblock them all, they still won't be able to access the internet, even though the whitelisting has succeeded.
If you do not know which files need to be whitelisted for an application to work, the easiest solution is to use the learning mode of TinyWall. Enter learning mode using the tray menu, use the application for a few minutes, then switch TinyWall back to its "Normal" mode. For maximized security, you should ensure that no other programs are used at the same time and that your computer is free from malware before entering learning mode.
Whitelisting does not seem to take effect.
or: Some programs can access the internet even when they shouldn't be able to.
You probably have Avast! Antivirus, AdMuncher, Mailwasher or similar security software installed. In the following passages we use Avast! as an example, but it goes for any software that works similarly.
Some shields of avast! work by redirecting other applications to the local computer, then making the internet connection themselves instead of the original program. As a result, avast! needs to be unblocked instead of your browser, for example, to be able to access the internet. If you are using avast!, the recommended solution is configure its webshield to only operate on browser traffic, and unblock the "avast! Antivirus" service in TinyWall.
Why can some Windows Store apps access the internet even though they haven't been whitelisted?
Due to the way Microsoft has implemented the Windows Store App core infrastructure, some apps (but not all) share the internet over the same executables (typically WWAHost.exe). This means that if you have whitelisted any app that uses these shared executables, other apps that also use these files will also get internet access. Examples for such applications are the Windows Store App itself, and Skype.
Why does TinyWall not pass all the leak tests I have tried?
Passing some leak tests requires HIPS functionality that TinyWall does not provide. To counter this effect, you can try the following heuristic approach: Do not whitelist Internet Explorer and use an alternative browser instead. This blocks a common HIPS-related attack vector that is often checked by leak tests.
TinyWall's service crashes, or is often unavailable to its Controller, or I get UAC prompts on boot.
Probably some other security software is interfering with your TinyWall installation. Make sure that the TinyWall Service is not disabled by you or by other software, and that security, control, or sandboxing software on your computer does not limit or restrict TinyWall.
Another possible reason could be bugs in TinyWall's service that make it stop or crash for an abnormal reason. If there is a file called "errorlog" in C:\ProgramData\TinyWall, please send this file to me so that I can investigate any issues and make corrections if necessary.
Why does TinyWall seem to use a lot of memory?
Memory analysis of a process, especially .Net processes like TinyWall, is more complicated than looking at the values reported by the Task Manager. First of all, all .Net processes have a somewhat increased memory usage, because of the supporting runtime that gets loaded, but this is perfectly normal and expected. This is how Microsoft designed it. Second, what the Task Manager counts is not the memory reserved by TinyWall itself, but the memory reserved by the .Net runtime, which is higher but not really all used. Third, you'd be mistaken to sum the memory amounts used by the two TinyWall processes. The two processes of TinyWall share a lot of things in memory which are thus loaded only once, but Windows counts them separtately for each process, thereby double-counting a significant portion of TinyWall's memory usage. The end effect of all these is that the actually used amount of memory is less than what is reported to you by such simple tools.
Another thing you might want to ask yourself is, whether you are actually interested in how much megabytes TinyWall uses. The answer is probably, no. What you really want to know is whether it will slow down your computer, and the answer to that is too, no.