Conflict between "Programs" and "Application Groups"

[ghost]

There is a conflict or misbehavior between Programs window list and applications/path added to the Application groups.

For example, when an application is blocked it will be listed as "Alert" in the Programs window, so if you add a program/path to the application group, the application that was blocked would not get whitelisted and get network connection.

I noticed this when I was trying to whitelist UWP, as you know, the path changes on every update which is really annoying, especially on windows firewall, and even if some rules are automatically created by the update, the uwp desktop apps like Foobar need the exe to be whitelisted not the "uwp app" like would work with pure uwp apps like the weather app. But anyway, instead of me going to programs and whitelisting every new version whenever it happens and I get no network connection, I finally thought I would make use of the Application Group and wildcard support (duh).

So I put an asterisk on the number version and I noticed it Foobar was working, but not the weather app, and I thought something broke on the firewall but it seems the app just stayed blocked because it was blocked first and then in "Alert" state on the programs list, and it worked as expected when realized I had to delete it from the Programs list. I tested with the other few I have whitelisted in the Application Groups and same behavior.

Hope you can find a way to "sync" or remove the alert or ignore it or auto allow it or something if it is whitelisted on the Applications groups, I mean, now I know about it, I don't mind it much but it was confusing at first why it wasn't working, so I guess would be confusing for others who don't test until fixing like I do.

PS: The Weather app, doesn't even show even a name in the program list, it shows blank so that made it more confusing, but double clicking on it I saw that it was the weather app. I guess that shouldn't be the behavior so I wanted to mention it as well.

Thank you and have a nice day! Thanks for your work and amazing firewall 👌

[tnodir]

There is a conflict or misbehavior between Programs window list and applications/path added to the Application groups.

It's by design: Programs rules override Application groups.

You can diagnose why an application can't get network connection in the Connections window: block reason will be "Programs logic".

Hope you can find a way to "sync" or remove the alert or ignore it or auto allow it or something if it is whitelisted on the Applications groups

We can add some "Find conflicts with Application Groups" button to Programs window, to select conflicting apps.
But again, it's a correct usage: e.g. you can whitelist "C:/Games/**" in App. Groups, but block "C:/Games/Some/Update.exe" in Programs.

PS: The Weather app, doesn't even show even a name in the program list, it shows blank ...

Thanks, it was already fixed in coming version.

[ghost]

That makes completely sense being by design and it is amazing it works that way.
I think the confusion happened because I did it with Foobar which doesn't use network unless I use the youtube plugin while the weather app gets blocked the first moment you click on and then added to the program list. and when I went to connection window I got some blank entry, which I then realized it was weather app.
I just wasn't sure how well the wildcard support was on Application groups, since I was doing it only on the version number. And I was experimenting with it, but it was like one worked fine, then the other didn't then changing stuff I saw both weren't working anymore. And it ended up being my user error and being confused about it until I saw them being added in program list.

You can diagnose why an application can't get network connection in the Connections window: block reason will be "Programs logic".

Is that something you are adding for the next version? or it is there but I am too blind to see it? because 3.3.9 only shows Programs, PID, Protocol, IP, Dir, and Time. But I noticed you have been improving connection window for the next version(s) of Fort. so I guess it's only about waiting for a future version to have it?

If I am not reading too much beyond what you said and it is what I comprehended is correct and you are adding that, then perfect.
I was thinking that was the best solution: improving the connections window to tell the difference about which app is getting blocked by Programs vs Programs Groups and also the IPv4 tab which are more special features of the firewall.
A button "Find conflicts with Application Groups" like the one you suggest, I don't think would be the way to make it easier, because like you said, it done by design so why suggest otherwise? Better let connection window tell the user that information.

what about a search box to filter apps in the connection window? For example, I find Process Hacker having the search box which you can use to filter any text/numbers and it will display anything that has those values on any tab. Of course, I use it mostly to block or allow individual IPs from an app, so I don't get other stuff like svchost entries in the middle. Not like a Critical high priority feature to have but if it can be done without too much trouble, maybe someday.

[tnodir]

3.3.9 only shows Programs, PID, Protocol, IP, Dir, and Time.

I was thinking that was the best solution: improving the connections window to tell the difference about which app is getting blocked by Programs vs Programs Groups and also the IPv4 tab which are more special features of the firewall.

It already implemented: tool-tip on Dir when mouse hovering ;)
Ok, let me add new column for block reason..

I thought to show allowed/blocked connections in one window.
Now considering to show them in separate pages.

[tnodir]

what about a search box to filter apps in the connection window?

Sure, filtering should be added someday.

[ghost]

It already implemented: tool-tip on Dir when mouse hovering ;)
Ok, let me add new column for block reason..

Ohhhhh nicee! Now I see how it works, I like it, I don't think a column for just that would be necessary, since most people would use the normal Programs to block anyway and they won't know what it is for. The only advantage I see about adding a column just for that would be to be able to use the copy feature, and eventually be used as a filtering option, but hovering seems nice since it is doesn't use space and one of those things I don't expect to be used often so it wouldn't be useful information for most people. If you still want to add it, you could always add an option to hide and unhide the column or maybe an option to modify the Direction column to include the information like Out [Programs Logic], just like the option that modifies IP column and replaces IPs with hostnames.

But nice, of course if I knew it was easy as hovering I wouldn't have made this thread lol

[tnodir]

hovering seems nice since it is doesn't use space

Yes. It'll show specific icon due a block reason for now.