Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Mining (Altcoins)
Re: [Awesome Miner] - Powerful Windows GUI to manage and monitor up to 200000 miners
by
danielocdh
on 24/01/2019, 06:05:24 UTC
Quote from: patrike on January 23, 2019, 10:45:05 AM
Quote from: danielocdh on January 22, 2019, 11:15:59 PM
Quote from: patrike on January 21, 2019, 01:08:53 PM
Quote from: danielocdh on January 20, 2019, 10:08:58 PM
Quote from: patrike on January 19, 2019, 10:38:35 AM
Quote from: danielocdh on January 19, 2019, 03:07:34 AM
Any way to stop awesome miner from creating firewall rules for every mining software?
I don't want everyone on my LAN to have access to the mining software on my miners.

Local connections usually work even if you don't allow the program, is there any particular reason for awesome miner to create firewall rules?
There are currently no setting to prevent this behavior in Awesome Miner.

Awesome Miner is registering the mining software as an allowed application. Mining software must be able to make outgoing pool connections and also open an API port where Awesome Miner connects for monitoring information. If an application isn't registered to the Windows firewall it may be blocked and Windows almost always shows a dialog where the user must accept the application.

If you try to start almost any mining software outside of Awesome Miner (a software that Awesome Miner didn't register already) you will see that Windows Defender Firewall will show a warning dialog - unless Defender is completely disabled.

In Windows Defender Firewall you also have a setting called "Block all incoming connections, including those in the list of allowed apps". That might be the one you are looking for in your specific scenario.

As for the inbound rules, I understand is good to have them to prevent the popups but there is no need to have them as "allow the connection" rules, because the monitoring connections are local we could have them as "block the connection" rules and the monitoring would still work correctly(as far as I have tested over the years) without allowing other LAN devices access to the mining software.

The "Block all incoming connections, including those in the list of allowed apps" might seem enough for most use cases but I have mining computers that serve other content so I need access to some of their ports.

Please consider adding an option so we can decide whether to create the rules as allow or block rules, thank you.
Can this be solved by using the setting to block all incoming connections, but then explicitly configure Windows Defender to open up a few ports that you need?

Even if you only monitor mining software locally, Windows will still complain and show the Blocked dialog when you launch the mining software unless it's an allowed application. This is the reason why Awesome Miner adds the mining software as allowed as it's very difficult to run mining operations without it.
Block all incoming connections takes precedence over any other rule.

I manually changed the allow rules created by awesome miner for the mining software to block rules. Have been mining since I originally asked about this without any issue or popup (picture of my rules linked). The problem is that when new software is added/updated new rules will be created by awesome miner as allowed rules.
https://imgur.com/a/w7YBXdZ

If you make this an option you could just leave the default as it is now(allowed rules), just in case "blocked" rules might break anything for someone.
Thanks for the update.

I've made a quick implementation to support this case. I've introduced a new setting that you can set directly in the Awesome Miner configuration file as I don't want to expose this in the user interface.

1) Once the next version of Awesome Miner is available, install it, run it once and then exit the application.
2) Open the configuration file (%appdata%\AwesomeMiner\ConfigData.xml) and search for "ConfigureWindowsDefenderAllowedApps".
3) Change the property from true to false and save the file.
Thanks, I tried but it showed a popup the first time a mining software ran.
While testing further I found out 2 possible reasons why:
1 When creating a block rule the rule is created with Profile Private(current profile), while when creating an allow rule the rule is created with Profile All.
2 When creating a block rule the rule is added to the registry a couple of seconds after the miner software is launched, while when creating an allow rule the rule is added to the registry a few milliseconds before the miner software is launched.
I didn't test extensively but I'm guessing #1 has something to do with defaults, for #2 my guess is some firewall api limitation or maybe it is not the cause of the issue.
Hopefully you can take another look at it, otherwise I'll just create a script that runs now and then and modifies the rules as needed.
Even that my lan is relatively secure and have trustworthy people connecting to it, I don't want to leave my mining software open.

Thanks again.