Which features is Windows 10 Defender Firewall blocking that Opera wants to do?
-
leocg Moderator Volunteer last edited by leocg
@opedara said:
There's been a lot of general answers and guesses all over the place, but it seems the most specific answer is that Opera makes a new folder during update..
Yes, that part is already finished.
now, how that triggers a firewall prompt to unblock an incoming connection, I don't know.
After updates? Because of what was said above, the firewall thinks that there is a new program and you need to allow the connections again.
Now, what triggers the firewall alert after the first installation may be many things.
Some minutes ago I got the alert when I went to blogs.opera.com/desktop. -
opedara last edited by
@leocg I don't know exactly how it works... I wasn't trying to describe exactly how it works.
Because of what you said above, the firewall thinks that there is a new program and you need to allow the connections again
What do you mean because of what I said above? The firewall doesn't do anything because of what I said.
So here's what doesn't make sense to me: "the firewall thinks that there is a new program"... the firewall doesn't listen to when Windows installs programs, does it? It just listens for incoming connections and blocks new ones at ports that aren't enabled... right?
The issues with your fine sentence that I'm quoting there above are:
- I never unblocked the restriction for Opera in the firewall... I always clicked Cancel when the prompt popped up, because I couldn't tell what it was trying to do!
- If the program moved (or the old one was removed and a new one put in a different place), then I still don't know why the firewall prompt is triggering, because based on what you said it's a new connection (as opposed to a response).
So, the only way what you're saying makes sense is if I'm missing detail, I'm misunderstanding something, or between the old app's request to Opera's server and the response back to the new app... the firewall is catching it and considering it a security issue that I need to pull the switch on.
Which is correct? If I'm missing detail, please fill in that detail. If I'm misunderstanding, please explain where and clear it up. If this is just some sort of SNAFU where the thing that sent the request to Opera's server doesn't exist but the response is telling the firewall it needs to get to the app which the firewall is aware is in a new place... then I need to know for sure if that's what you're saying, because it seems like an unusual situation that probably shouldn't happen anyway and rarely does for any other apps I use.
Regardless... I still can't tell exactly what it's trying to do in that new incoming connection. Explaining it's just because of update app location move... doesn't state what the new incoming request is trying to do. Just say "we've acknowledged that you updated"? Maybe I missed the particular thing you stated that it's trying to do, if we can even find out.
Oh and nevermind the mDNS on UDP port 5353 for Opera posts I found about security issues and computer vulnerabilities... maybe someone should provide some history on that.
-
burnout426 Volunteer last edited by
Best thing to do would be to enabling logging for the Windows firewall. Then, when this happens, immediately look at the log.
https://www.howtogeek.com/220204/how-to-track-firewall-activity-with-the-windows-firewall-log/
-
-
leocg Moderator Volunteer last edited by
@opedara said :
o here's what doesn't make sense to me: "the firewall thinks that there is a new program"... the firewall doesn't listen to when Windows installs programs, does it? It just listens for incoming connections and blocks new ones at ports that aren't enabled... right?
By default, incoming connections are blocked by the firewall. When a incoming connection comes, you get a prompt to allow the program - more specifically the executable - associated to that connection to keep receiving those connections.
So if the path to the program executable changes, the firewall will ask for permission again. -
burnout426 Volunteer last edited by
@burnout426 said in Which features is Windows 10 Defender Firewall blocking that Opera wants to do?:
Best thing to do would be to enabling logging for the Windows firewall. Then, when this happens, immediately look at the log.
https://www.howtogeek.com/220204/how-to-track-firewall-activity-with-the-windows-firewall-log/
Testing this myself, the log wasn't too helpful. All I see are dropped requests for SSDP before/after the firewall dialog comes up.
-
A Former User last edited by
@dugglebb Would moderator please care to explain why I was banned for using capitals in this reply.
Seems your AI isn't particularly intelligent here -
burnout426 Volunteer last edited by burnout426
Someone at Opera said that it's often WebRTC that triggers the firewall dialog.
Close Opera. Press Windows key + r to open the run dialog. Then, type
wf.mscand press enter. Under, "Inbound Rules", look for "Opera Internet Browser" and "opera.exe" entries and delete them.Then, start Opera, goto https://webrtc.github.io/test-pages/src/canvas-capture/, click start and you should then get the dialog.
In short, that's one case that could trigger it and a case where you might have to allow the connection to get real-time chatting to work for a page.
If you click cancel in the dialog, it will add block rules to "Inbound rules" for the firewall. Then, you won't get the dialog for that connection again unless you clear the rules from the firewall.
So, my advice for now is to click "cancel" on that dialog so that the block rules are added. Then, if something on a page (like video chatting, or anything else really) doesn't work, you can delete the rules and restart Opera to see if a dialog pops up and accept the connection to see if it makes things work. If it doesn't, delete the allows rules that are added to Inbound rules.
For further info, I think someone would have to check things on a URL-by-URL basis.
Hope that helps at least a little.
-
opedara last edited by opedara
@burnout426 I'm not gonna delete the firewall's inbound rules for Opera, because I have a concern about what Opera is trying to do that the firewall is blocking... I understand what you're trying to say with your suggestion (so I can test the link you provide), but the suggestion is counter to the issue I have a concern with. I hope you can understand that I'm not going create the security risk I'm trying to avoid. The whole point of the post was to find out what exactly Opera is trying to do when I get the firewall pop-ups.
I understand that it may be Opera updating its exe to a new folder, though I don't see how that causes a new inbound connection from Opera's servers, nor do I see any reason to unblock it, because I can't tell what that new inbound connection is trying to do.
I don't have WebRTC that I'm aware of, and going to your link seems to test just fine (though I didn't remove the blocked inbound Opera connections as you suggested, for the security reasons I stated above). I don't use WebRTC that I'm aware of, and regardless I don't know why Opera would be trying to access WebRTC when I open it up or create a new inbound connection that the firewall considers a security risk or why I need it anyway. Why would Opera be trying to send me a new inbound connection through WebRTC when I open it? That sounds like a really strange thing to do.
I understand how the firewall pop-up dialog works; I don't need it explained (in fact I already explained in my original post, as well as saying that I already did the things you're saying I should do now).
I don't have any other choice in the firewall pop-up than to click Cancel if I don't want the connection to be unblocked... normally in dialogs, "Cancel" doesn't change anything, but sometimes that doesn't stop the same pop-ups from happening over and over. Considering I've only ever clicked Cancel on the firewall pop-up (in regards to Opera), I can't explain why I've gotten them multiple times. They look identical. They don't identify anything I can distinguish as specific. Maybe this is from each new file name? I don't know, but I still haven't been able to determine what the inbound connection is trying to do through that new file.
I suppose if still nobody can state exactly what the Opera server's inbound connection is trying to do when the firewall prompt appears, then how do we find out? Do we need Wireshark tracking? I mean, maybe it's completely innocuous, but I've been able to figure out why other programs do it... not Opera. It still seems to be a mystery, and for me with this program it's a security risk.
-
leocg Moderator Volunteer last edited by
@opedara said:
I'm not gonna delete the firewall's inbound rules for Opera, because I have a concern about what Opera is trying to do that the firewall is blocking...
If there are no rules, then you will be prompted to decide what to do.
I don't have WebRTC that I'm aware of
It's part of the web, it's not something that you install. Almost all browsers support it.
and going to your link seems to test just fine (though I didn't remove the blocked inbound Opera connections as you suggested, for the security reasons I stated above).
If there are rules, the firewall will follow them and you will not be prompted to allow the connection or not.
I don't know why Opera would be trying to access WebRTC when I open it up or create a new inbound connection that the firewall considers a security risk or why I need it anyway
Firewalls don't exactly check the security of a connection, they check if there is a rule to allow or block that connection. If there aren't any rules, they will ask you what to do and that's why you see the dialog asking to allow or not the connection.
Why would Opera be trying to send me a new inbound connection through WebRTC when I open it?
Not Opera, of course, but a site/page/server. The only way to know would be by logging the network traffic, I guess.
I suppose if still nobody can state exactly what the Opera server's inbound connection is trying to do when the firewall prompt appears, then how do we find out?
It may not be an Opera server.
-
opedara last edited by
If there are no rules, then you will be prompted to decide what to do.
There are rules... the rules you told me to delete... which I didn't delete, for the reasons I stated. I still get prompted, like tonight. The problem really wasn't me getting prompted or not getting prompted, the problem was me not knowing what Opera's blocked inbound request was trying to do... so I'm not quite sure what you're trying to say here.
It's fine that WebRTC is part of the web... but knowing that doesn't reduce my security concern here.
If there are rules, the firewall will follow them and you will not be prompted to allow the connection or not.
Right, that makes sense with not seeing the pop-up again for that inbound request... but the problem isn't the firewall or its rules... the problem is not knowing what Opera's trying to do with its inbound request that Windows Firewall blocks by default.
Firewalls don't exactly check the security of a connection, they check if there is a rule to allow or block that connection. If there aren't any rules, they will ask you what to do and that's why you see the dialog asking to allow or not the connection.
OK, so at this point Opera's the only app causing the pop-ups... so... I'm really curious why so many. I'm assuming that clicking Cancel sets a rule to continue blocking requests that match the rule, and with no prompt.
It may not be an Opera server.
So a non-Opera server is trying to make an inbound request to the opera.exe and the firewall prompts me to block or allow... yet I use 5 different browsers, and Opera's the only one this happens with.
PS: It happened again tonight, after clicking a Business Insider link from a Facebook post.
Is it possible that something on that website is trying to access the opera.exe in an unusual way? How would it even try? The problem is I can't tell what's actually trying to do what.
Because this only happens while using Opera, I have to side with the thought that the problem is somehow Opera...
-
leocg Moderator Volunteer last edited by
@opedara said :
There are rules... the rules you told me to delete... which I didn't delete, for the reasons I stated. I still get prompted, like tonight.
Probably there was an update.
The problem really wasn't me getting prompted or not getting prompted, the problem was me not knowing what Opera's blocked inbound request was trying to do
What site triggers the prompt? if you know, maybe you can try to find out what request that site is sending to the browser.
OK, so at this point Opera's the only app causing the pop-ups... so... I'm really curious why so many. I'm assuming that clicking Cancel sets a rule to continue blocking requests that match the rule, and with no prompt.
Because of the way Opera works, with a different executable and path for each build.
So a non-Opera server is trying to make an inbound request to the opera.exe and the firewall prompts me to block or allow... yet I use 5 different browsers, and Opera's the only one this happens with.
All at the same time, accessing the same sites and with all related rules deleted from the firewall?
PS: It happened again tonight, after clicking a Business Insider link from a Facebook post.
Is it possible that something on that website is trying to access the opera.exe in an unusual way? How would it even try? The problem is I can't tell what's actually trying to do what.Why unusual?
You can try using some network monitor tool to find out what that connection is.
-
opedara last edited by opedara
@leocg This thread isn't going anywhere but in circles, and I feel like you're dodging something or not telling us something.
The main question has not been explained adequately, only vaguely. I still don't have enough information to feel safe enabling Opera doing whatever it's trying to do through the firewall, because we don't know exactly what it's trying to do, or why it's so stupid about it. Opera should do better. We should expect better.
It pops up when either I open the app or go to a website in it, like YouTube, or Facebook, or you name it. It's completely random apparently.
Why unusual?
Wh... what do you mean "Why unusual?" That doesn't make sense within the context of my question. How am I even supposed to attempt to answer that? That's a really bizarre response.
I'm honestly wondering if there's a language barrier here. I'm done pleading for information. Some crafty hacker will just have to see what Opera's doing, we shouldn't be wasting time here with a moderator on this issue that asks weird questions and makes weird statements and provides inadequate answers.
-
leocg Moderator Volunteer last edited by
@opedara said:
Wh... what do you mean "Why unusual?" That doesn't make sense within the context of my question. How am I even supposed to attempt to answer that? That's a really bizarre response.
You called the incoming connection unusual and I asked why, a normal question.
-
amunoto last edited by amunoto
I noticed that the firewall prompt re-appears each time right after an automatic update. There is no (relevant) delay.
Last time, I did not have any open tabs, and messengers in the side pane were disactivated. (Plugings / extensions are not disactivated, though.)To me it really seems that it is Opera that is doing whatever here.
And not some tab or some external actor.I'd really like to know what is causing the firewall alert, but I have understood from the discussion above that supposedly Opera cannot tell me this, because Opera doesn't know anything about the data transfer that triggers the alert.
I am not fully convinced, but well, I guess that's just my personal problem.
Thx to the very patient leocg, answering post after post.
Too bad though, that the answers do not satisfy the people here.
Or maybe, it is just the product, and not the answers. -
leocg Moderator Volunteer last edited by
@amunoto said :
To me it really seems that it is Opera that is doing whatever here.
And not some tab or some external actor.Opera is receiving the incoming connection.
I'd really like to know what is causing the firewall alert, but I have understood from the discussion above that supposedly Opera cannot tell me this, because Opera doesn't know anything about the data transfer that triggers the alert.
Basically, that's it. Not that Opera doesn't know anything but it knows only when the connection is received, what means that it needs to be allowed first.
Maybe inspector or a program like Fiddler can tell what is causing the incoming connection on that time. -
-
opedara last edited by
You called the incoming connection unusual and I asked why, a normal question.
No, I didn't call the incoming connection unusual, so you misread my question.
My question was: "Is it possible that something on that website is trying to access the opera.exe in an unusual way?"
That's not me stating that something (or anything in particular) is unusual, that's me asking if something on that website is trying to access the opera.exe in an unusual way... it's not only a yes/no question but asking for any thoughts or speculation on something on that website that might be trying to access the opera.exe in an unusual way...
Anyway, I'm done with this conversation. It's mostly been vague or not very useful information, misreads, red herrings and rabbit holes... I've gotten more useful info from past or offsite threads like the one I mentioned about the mDNS on UDP port 5353. This forum is apparently not the place to discuss what the !@#$ Opera is doing trying to get through my firewall in an unusual way quite often, and twice over the last week on different websites, including Opera's default start page.
Really disappointed with this thread, no need to take it personal or take jabs in replies, I probably won't read them anyway until they contain concrete hard facts that can connect the dots, which will probably never be stated here because Opera's doing something fishy or stupidly unnecessary that's a security risk to us, and I'm glad my firewall is blocking it.
-
-
careware last edited by
@opedara I would agree this thread is weird...
The bottom line is, it's gonna take a fair bit of effort to figure out. You have to decide if that energy exceeds moving to a different browser.
Personally, I am just ignoring the issue until I can summon the energy to make the move...I find it a bit strange that Opera seem to design their browser this way... from a customers perspective, it's best not to have to exert energy...
