TinyWall

Is TinyWall open-source?

Yes! You can find the source repository here on GitHub.

What are the system requirements to run TinyWall?

TinyWall runs on Intel- or AMD-based (not ARM) Windows 11 / 10 / 8.1 / 8 / 7, as well as on Windows Server 2019 / 2016 / 2012 R2.

Who is TinyWall best suited for?

TinyWall was made with single private users, small-office / home-office computers, or family PCs in mind. It offers a secure firewall with a simple user interface and the most commonly needed options. TinyWall is not really suited for headless machines, servers, and networks with more than 5 computers, because it lacks support for a command-line interface, remote management, and domain-controller integration.

How does TinyWall compare to other firewall products?

A firewall filters network traffic to ensure that no unwanted network communication takes place. In this regard TinyWall is just as reliable as any other paid firewall. Some firewalls on the market come bundled with additional non-firewall modules, such as HIPS, anti-malware or anti-virus. TinyWall does not offer these modules and is purely a firewall.

Why do I need a software firewall? I already have a hardware firewall.

Hardware firewalls restrict traffic based on information in the network packets, like ports, hosts and protocols, but they are unable to determine what applications are communicating. For example, if you allow HTTP/80 in a hardware firewall, you will be able to browse the internet, but you’ve also automatically given internet access to all other kinds of software you might not trust. A software firewall has the advantage that it allows you to control applications separately even if they use the same ports and protocols.

Additionally, most consumer hardware firewalls are set up to only filter incoming communication. TinyWall will also let you control network traffic originating from your computer.

Is TinyWall compatible with other security software?

• TinyWall is compatible with all antivirus file system protections.
• TinyWall is compatible with blocklisting software, such as PeerBlock.
• Some "web shields" of specific security suites may make you unable to control applications separately using TinyWall.
• With the exception of Windows Firewall, no other firewall software should be active while TinyWall is installed. This includes standalone firewalls as well as software that provide a nicer interface to Windows Firewall. Note that being able to install two firewalls at the same time does not mean they will work without issues in all cases.
• If you are using HIPS, anti-malware, or behavioral analysis programs, make sure they are set not to restrict TinyWall. This often needs additional configuration in the other security software.
• If TinyWall is set to do so in its settings, no other software may be used to manage or protect the hosts file.

Will TinyWall report telemetry or send information from my computer?

No. TinyWall checks for updates automatically (you can opt-out) once in a while. During this check the current version of TinyWall running on your computer will be sent. Other than this, no information is collected, neither personal nor anonymized. As examples, TinyWall does not send or otherwise collect telemetry, crash reports, information about your computer, OS or other software, user habits, or IP address.

I installed TinyWall and now I cannot access the internet. What happened?

Upon installation TinyWall locks down your PC such that no network communication may take place, except for a few known applications. If you experience connectivity problems in some programs, use one of the "Whitelist by ..." options in the tray menu to unblock specific applications. Also be sure to check Manage->Special Exceptions if you need anything enabled there.

How do I uninstall TinyWall?

You can remove TinyWall using the "Add or Remove Programs" feature of Windows, like traditional software. Like for any security software that integrates more or less deeper with Windows, it is especially important that you do not delete TinyWall's folder by hand instead of properly uninstalling, as you might cause irreparable damage by doing so.

Can I install TinyWall over a remote connection?

No. After TinyWall is installed, it defaults to blocking network traffic, and the user has to whitelist applications manually one-by-one. If you install TinyWall over a remote connection, you will lock yourself out before getting a chance to whitelist your remote desktop application.

If I install TinyWall, should I disable Windows (Defender) Firewall?

From a security or feature point of view, with TinyWall there is no difference if you enable or disable Windows' built-in firewall. TinyWall will provide the same protections and functions either way, uninhibited. For completely other reasons though, it is recommended you leave Windows Firewall enabled. One of the reasons is, if you disable Windows Firewall, Windows will (falsely) think no firewall is installed and will nag you to enable its built-in firewall. By leaving it turned on, you can avoid this annoyance. A second reason to leave Windows Firewall on is, if you ever decide to uninstall TinyWall in the future, you might forget to re-enable Windows Firewall and you'd be left without any protection. There is no such concern if you leave it enabled the whole time.

Am I left unprotected if I close TinyWall's icon in the taskbar?

No. The taskbar icon is only the GUI component of TinyWall and is not responsible for your computer's protection.

I am trying to whitelist applications by window, but TinyWall doesn't see or register the "click". Why?

You can only whitelist other applications by window if they aren't using higher privileges. If you want to whitelist an admin app using the window method, make sure TinyWall's taskbar is running as admin too. You can easily achieve this by selecting "Elevate" from TinyWall's taskbar context menu.

Why is there an option to create a blocking rule if TinyWall blocks all applications by default anyway?

If you create a blocking rule, TinyWall will block that application even in operating modes that would normally let programs pass through, such as in the "Allow outgoing" or "Auto-learning" modes.

What is the "Unblock LAN traffic" option for?

It is an option to easily allow network traffic from/to the local network. It is most useful if you only wish to limit internet traffic. Normally, when TinyWall is operating in "Normal" mode with this option unchecked, it will block all traffic except for whitelisted applications. But if "Unblock LAN traffic" is checked, traffic from/to the LAN will be allowed by default even in "Normal" mode. Basically, if this option is enabled, TinyWall behaves as if the firewall was mostly disabled for the local network, but enabled for the internet.

What is the difference between port-based and domain-based blocklists?

Domain-based blocklist is implemented as a custom hosts file and blocks specific remote hosts irrespective of the port number. Its goal is to block certain hosts no matter what application tries to communicate with them, and in addition to malware it will also block some forms of internet advertising. It is recommended to turn the domain-based blocklist on. Port-based blocklist is implemented as a firewall rule and blocks traffic based on port numbers irrespective of the remote host. Its goal is to undermine some common and known malware that use specific ports. Though it usually affects only specific (malicious) applications, the option for port-based blocklist is only kept around for compatbility with older installations and its use is not recommended anymore.

What does "Block internet during display power-save" do?

If this option is activated, TinyWall will block internet-related network traffic during the time your monitor is turned off due to inactivity. Applications will not be blocked from using the local network (LAN), so services like file sharing or a media center will continue working when the monitor is off, assuming the necessary whitelisting rules are present. However, internet wlll not be blocked when the monitor is turned off in TinyWall's disabled or autolearning modes, or if the monitor is turned off manually by the user instead of entering its power-save automatically.

How do I get WireShark to work with TinyWall?

You need to whitelist the System process and give it "Unrestricted" access, then reboot the computer. For details and explanation, please refer to this online post. Note that a similar procedure might be needed for other software too that do networking inside the Windows kernel.

I have whitelisted an application but it still cannot access the network. What is going on?

You might find that even though you have whitelisted the executable of an application, it still cannot connect to the internet. However, the conclusion that TinyWall is not working is probably wrong. This kind of issue is most often caused by whitelisting the wrong executable, or not whitelisting every executable needed for the operation of a particular program. Some applications use multiple executables to connect to the internet. If you do not unblock them all, they still won't be able to access the internet, even though the whitelisting has succeeded.

How do I figure out which executables need to be whitelisted for my application?

If whitelisting by window or process does not seem to work for a particular application, it is best to use TinyWall's Connections window. Open the Connections windows, enable showing blocked connections there, and disable other options for clarity. Then try using your program once until it fails to connect to the network again. Refresh TinyWall's Connections window, and check which of the newly blocked executables belong to your program. Whitelist as necessary.

What is the basic way to create rules in TinyWall?

First, check if there is a built-in "Special Exception" for your use-case in TinyWall's configuration, and enable it if there is.

If your application is a traditional desktop application (not a Windows service or an app managed by the Windows Store):

1. Unblock your application using the "by window" method from TinyWall's icon. You might need to use the "Elevate" option first if the application you want to unblock is running with admin privileges.
2. If the application still fails to access the network, open TinyWall's Connections window to check what was blocked, and unblock anything related to your application in question. Ignore everything else there.

If your application is installed as a Windows service or is an app managed by the Windows Store:

1. Open TinyWall's configuration window, and click the "Add application" button.
2. Based on your application's type, use the "Choose a service" or "Pick a UWP app" buttons correspondingly.

Whitelisting still does not seem to take effect. / Some apps can access the internet even when they shouldn't.

You probably have Avast! Antivirus, AdMuncher, Mailwasher or similar security software installed. These have modules that work by redirecting other applications to the local computer, then making the internet connection themselves instead of the original program. It is best to disable these modules (such as avast! web-shield) in cases like this.

Why doesn't auto-learn learn the rules I need?

To prevent unintentionally learning rules that could make almost every program access the internet, TinyWall's auto-learn function has been restricted from learning rules for system or svchost processes. Furthermore, due to technical limitations in Windows, auto-learn cannot recognize services. As a result, TinyWall's auto-learn mode is mostly only suited to learning traditional desktop applications installed by the user themself.

TinyWall crashes, or is often unavailable to its GUI, or I get UAC prompts on boot.

Once you are sure it is not another security software that is interfering with TinyWall, send me a mail with the description of your problem. You can find my e-mail address on the very bottom of this page. If there are any logs present in the C:\ProgramData\TinyWall directory, please attach them to your mail.

Why does TinyWall seem to use a lot of memory?

Memory analysis of a process, especially of .Net processes like TinyWall, is more complicated than looking at the values reported by the Task Manager. First of all, all .Net processes have a somewhat increased memory usage, because of the supporting runtime that gets loaded, but this is perfectly normal and expected. This is how Microsoft designed it, and it happens with all .Net programs. Second, what the Task Manager counts is not the memory reserved by TinyWall itself, but the memory reserved by the .Net runtime, which is higher but not really all used. Third, you'd be mistaken to sum the memory used by the two TinyWall processes. The two processes of TinyWall share a lot of things in memory which are thus loaded only once, but Windows counts them separtately for each process, thereby double-counting a significant portion of TinyWall's memory usage. The end effect of all these is that the actually used amount of memory is less than what is reported to you by such simple tools. Besides, what you'd like to know is probably not how many megabytes TinyWall uses, but whether it will slow down your computer. It won't.