Which features is Windows 10 Defender Firewall blocking that Opera wants to do?
-
burnout426 Volunteer last edited by
@burnout426 said in Which features is Windows 10 Defender Firewall blocking that Opera wants to do?:
Best thing to do would be to enabling logging for the Windows firewall. Then, when this happens, immediately look at the log.
https://www.howtogeek.com/220204/how-to-track-firewall-activity-with-the-windows-firewall-log/
Testing this myself, the log wasn't too helpful. All I see are dropped requests for SSDP before/after the firewall dialog comes up.
-
A Former User last edited by
@dugglebb Would moderator please care to explain why I was banned for using capitals in this reply.
Seems your AI isn't particularly intelligent here -
burnout426 Volunteer last edited by burnout426
Someone at Opera said that it's often WebRTC that triggers the firewall dialog.
Close Opera. Press Windows key + r to open the run dialog. Then, type
wf.msc
and press enter. Under, "Inbound Rules", look for "Opera Internet Browser" and "opera.exe" entries and delete them.Then, start Opera, goto https://webrtc.github.io/test-pages/src/canvas-capture/, click start and you should then get the dialog.
In short, that's one case that could trigger it and a case where you might have to allow the connection to get real-time chatting to work for a page.
If you click cancel in the dialog, it will add block rules to "Inbound rules" for the firewall. Then, you won't get the dialog for that connection again unless you clear the rules from the firewall.
So, my advice for now is to click "cancel" on that dialog so that the block rules are added. Then, if something on a page (like video chatting, or anything else really) doesn't work, you can delete the rules and restart Opera to see if a dialog pops up and accept the connection to see if it makes things work. If it doesn't, delete the allows rules that are added to Inbound rules.
For further info, I think someone would have to check things on a URL-by-URL basis.
Hope that helps at least a little.
-
opedara last edited by opedara
@burnout426 I'm not gonna delete the firewall's inbound rules for Opera, because I have a concern about what Opera is trying to do that the firewall is blocking... I understand what you're trying to say with your suggestion (so I can test the link you provide), but the suggestion is counter to the issue I have a concern with. I hope you can understand that I'm not going create the security risk I'm trying to avoid. The whole point of the post was to find out what exactly Opera is trying to do when I get the firewall pop-ups.
I understand that it may be Opera updating its exe to a new folder, though I don't see how that causes a new inbound connection from Opera's servers, nor do I see any reason to unblock it, because I can't tell what that new inbound connection is trying to do.
I don't have WebRTC that I'm aware of, and going to your link seems to test just fine (though I didn't remove the blocked inbound Opera connections as you suggested, for the security reasons I stated above). I don't use WebRTC that I'm aware of, and regardless I don't know why Opera would be trying to access WebRTC when I open it up or create a new inbound connection that the firewall considers a security risk or why I need it anyway. Why would Opera be trying to send me a new inbound connection through WebRTC when I open it? That sounds like a really strange thing to do.
I understand how the firewall pop-up dialog works; I don't need it explained (in fact I already explained in my original post, as well as saying that I already did the things you're saying I should do now).
I don't have any other choice in the firewall pop-up than to click Cancel if I don't want the connection to be unblocked... normally in dialogs, "Cancel" doesn't change anything, but sometimes that doesn't stop the same pop-ups from happening over and over. Considering I've only ever clicked Cancel on the firewall pop-up (in regards to Opera), I can't explain why I've gotten them multiple times. They look identical. They don't identify anything I can distinguish as specific. Maybe this is from each new file name? I don't know, but I still haven't been able to determine what the inbound connection is trying to do through that new file.
I suppose if still nobody can state exactly what the Opera server's inbound connection is trying to do when the firewall prompt appears, then how do we find out? Do we need Wireshark tracking? I mean, maybe it's completely innocuous, but I've been able to figure out why other programs do it... not Opera. It still seems to be a mystery, and for me with this program it's a security risk.
-
leocg Moderator Volunteer last edited by
@opedara said:
I'm not gonna delete the firewall's inbound rules for Opera, because I have a concern about what Opera is trying to do that the firewall is blocking...
If there are no rules, then you will be prompted to decide what to do.
I don't have WebRTC that I'm aware of
It's part of the web, it's not something that you install. Almost all browsers support it.
and going to your link seems to test just fine (though I didn't remove the blocked inbound Opera connections as you suggested, for the security reasons I stated above).
If there are rules, the firewall will follow them and you will not be prompted to allow the connection or not.
I don't know why Opera would be trying to access WebRTC when I open it up or create a new inbound connection that the firewall considers a security risk or why I need it anyway
Firewalls don't exactly check the security of a connection, they check if there is a rule to allow or block that connection. If there aren't any rules, they will ask you what to do and that's why you see the dialog asking to allow or not the connection.
Why would Opera be trying to send me a new inbound connection through WebRTC when I open it?
Not Opera, of course, but a site/page/server. The only way to know would be by logging the network traffic, I guess.
I suppose if still nobody can state exactly what the Opera server's inbound connection is trying to do when the firewall prompt appears, then how do we find out?
It may not be an Opera server.
-
opedara last edited by
If there are no rules, then you will be prompted to decide what to do.
There are rules... the rules you told me to delete... which I didn't delete, for the reasons I stated. I still get prompted, like tonight. The problem really wasn't me getting prompted or not getting prompted, the problem was me not knowing what Opera's blocked inbound request was trying to do... so I'm not quite sure what you're trying to say here.
It's fine that WebRTC is part of the web... but knowing that doesn't reduce my security concern here.
If there are rules, the firewall will follow them and you will not be prompted to allow the connection or not.
Right, that makes sense with not seeing the pop-up again for that inbound request... but the problem isn't the firewall or its rules... the problem is not knowing what Opera's trying to do with its inbound request that Windows Firewall blocks by default.
Firewalls don't exactly check the security of a connection, they check if there is a rule to allow or block that connection. If there aren't any rules, they will ask you what to do and that's why you see the dialog asking to allow or not the connection.
OK, so at this point Opera's the only app causing the pop-ups... so... I'm really curious why so many. I'm assuming that clicking Cancel sets a rule to continue blocking requests that match the rule, and with no prompt.
It may not be an Opera server.
So a non-Opera server is trying to make an inbound request to the opera.exe and the firewall prompts me to block or allow... yet I use 5 different browsers, and Opera's the only one this happens with.
PS: It happened again tonight, after clicking a Business Insider link from a Facebook post.
Is it possible that something on that website is trying to access the opera.exe in an unusual way? How would it even try? The problem is I can't tell what's actually trying to do what.
Because this only happens while using Opera, I have to side with the thought that the problem is somehow Opera...
-
leocg Moderator Volunteer last edited by
@opedara said :
There are rules... the rules you told me to delete... which I didn't delete, for the reasons I stated. I still get prompted, like tonight.
Probably there was an update.
The problem really wasn't me getting prompted or not getting prompted, the problem was me not knowing what Opera's blocked inbound request was trying to do
What site triggers the prompt? if you know, maybe you can try to find out what request that site is sending to the browser.
OK, so at this point Opera's the only app causing the pop-ups... so... I'm really curious why so many. I'm assuming that clicking Cancel sets a rule to continue blocking requests that match the rule, and with no prompt.
Because of the way Opera works, with a different executable and path for each build.
So a non-Opera server is trying to make an inbound request to the opera.exe and the firewall prompts me to block or allow... yet I use 5 different browsers, and Opera's the only one this happens with.
All at the same time, accessing the same sites and with all related rules deleted from the firewall?
PS: It happened again tonight, after clicking a Business Insider link from a Facebook post.
Is it possible that something on that website is trying to access the opera.exe in an unusual way? How would it even try? The problem is I can't tell what's actually trying to do what.Why unusual?
You can try using some network monitor tool to find out what that connection is.
-
opedara last edited by opedara
@leocg This thread isn't going anywhere but in circles, and I feel like you're dodging something or not telling us something.
The main question has not been explained adequately, only vaguely. I still don't have enough information to feel safe enabling Opera doing whatever it's trying to do through the firewall, because we don't know exactly what it's trying to do, or why it's so stupid about it. Opera should do better. We should expect better.
It pops up when either I open the app or go to a website in it, like YouTube, or Facebook, or you name it. It's completely random apparently.
Why unusual?
Wh... what do you mean "Why unusual?" That doesn't make sense within the context of my question. How am I even supposed to attempt to answer that? That's a really bizarre response.
I'm honestly wondering if there's a language barrier here. I'm done pleading for information. Some crafty hacker will just have to see what Opera's doing, we shouldn't be wasting time here with a moderator on this issue that asks weird questions and makes weird statements and provides inadequate answers.
-
leocg Moderator Volunteer last edited by
@opedara said:
Wh... what do you mean "Why unusual?" That doesn't make sense within the context of my question. How am I even supposed to attempt to answer that? That's a really bizarre response.
You called the incoming connection unusual and I asked why, a normal question.
-
amunoto last edited by amunoto
I noticed that the firewall prompt re-appears each time right after an automatic update. There is no (relevant) delay.
Last time, I did not have any open tabs, and messengers in the side pane were disactivated. (Plugings / extensions are not disactivated, though.)To me it really seems that it is Opera that is doing whatever here.
And not some tab or some external actor.I'd really like to know what is causing the firewall alert, but I have understood from the discussion above that supposedly Opera cannot tell me this, because Opera doesn't know anything about the data transfer that triggers the alert.
I am not fully convinced, but well, I guess that's just my personal problem.
Thx to the very patient leocg, answering post after post.
Too bad though, that the answers do not satisfy the people here.
Or maybe, it is just the product, and not the answers. -
leocg Moderator Volunteer last edited by
@amunoto said :
To me it really seems that it is Opera that is doing whatever here.
And not some tab or some external actor.Opera is receiving the incoming connection.
I'd really like to know what is causing the firewall alert, but I have understood from the discussion above that supposedly Opera cannot tell me this, because Opera doesn't know anything about the data transfer that triggers the alert.
Basically, that's it. Not that Opera doesn't know anything but it knows only when the connection is received, what means that it needs to be allowed first.
Maybe inspector or a program like Fiddler can tell what is causing the incoming connection on that time. -
opedara last edited by
You called the incoming connection unusual and I asked why, a normal question.
No, I didn't call the incoming connection unusual, so you misread my question.
My question was: "Is it possible that something on that website is trying to access the opera.exe in an unusual way?"
That's not me stating that something (or anything in particular) is unusual, that's me asking if something on that website is trying to access the opera.exe in an unusual way... it's not only a yes/no question but asking for any thoughts or speculation on something on that website that might be trying to access the opera.exe in an unusual way...
Anyway, I'm done with this conversation. It's mostly been vague or not very useful information, misreads, red herrings and rabbit holes... I've gotten more useful info from past or offsite threads like the one I mentioned about the mDNS on UDP port 5353. This forum is apparently not the place to discuss what the !@#$ Opera is doing trying to get through my firewall in an unusual way quite often, and twice over the last week on different websites, including Opera's default start page.
Really disappointed with this thread, no need to take it personal or take jabs in replies, I probably won't read them anyway until they contain concrete hard facts that can connect the dots, which will probably never be stated here because Opera's doing something fishy or stupidly unnecessary that's a security risk to us, and I'm glad my firewall is blocking it.
-
careware last edited by
@opedara I would agree this thread is weird...
The bottom line is, it's gonna take a fair bit of effort to figure out. You have to decide if that energy exceeds moving to a different browser.
Personally, I am just ignoring the issue until I can summon the energy to make the move...I find it a bit strange that Opera seem to design their browser this way... from a customers perspective, it's best not to have to exert energy...
-
careware last edited by
@leocg said in Which features is Windows 10 Defender Firewall blocking that Opera wants to do?:
@careware said in :
I find it a bit strange that Opera seem to design their browser this way...
What way?
In such a way as to cause a pop up? Like...described in this thread... you seem to think it's not by design...you could be right...I don't know...
I don't know what the real cause is, seems as tho nobody in this thread does.... one suggestion is because opera's executable is getting replaced on updates...
That doesn't help me.....I dunno man... all I can tell you is it doesn't happen with other browsers...one can only presume it's something opera is doing that the other browsers aren't...
Maybe, maybe not,Do you work for Opera or are you just a hobby moderator? Where I stand it's easier to swap browsers than try and find out what the issue is... that's why I find it a bit strange, because it doesn't bode well for Opera... but who the hell knows...im a consumer, they're always ignorant fools
-
leocg Moderator Volunteer last edited by
@careware No, I don't work for Opera.
As already said in this topic, the only way to know what incoming connection triggers the firewall pop-up would be to keep monitoring the network traffic. And that would tell only the one that caused that pop-up.
And yes, you may see the firewall pop-up again after each update because opera changes the path to the opera.exe executable file.
-
leocg Moderator Volunteer last edited by
Let me try to organize things a little bit.
Why do I have to authorize incoming connections to Opera, in Windows Firewall, (almost) every time after each update?
That's because the path to opera.exe changes on every update and that makes the firewall thinks that it's dealing with a different program
What are those incoming connections that triggers the firewall alert pop-up?
That is yet to be determinate and can be a lot of things. And it's something normal. needed for web to work.