Does anyone know if the Windows 7 firewall detects programs that have changed since they were allowed for outgoing connections? ZoneAlarm keeps a checksum for each allowed program, and prompts if the checksum has changed. This stops an allowed program being replaced by malware.I would check this myself, but my netbook with Windows 7 has been sent back for repair.Thanks.

A Zone Alarm suit includes anti-virus and firewall. The application checksums feature you mentioned can be provided by the ZoneAlarm anti-virus. Such function should be provided by an anti-virus software, but not firewall. Therefore you need to install an anti-virus and make it worked with Windows Firewall to protect system.Arthur Xie - MSFT

Thanks for the response. I think my post may have been unclear. I was not referring to any checksums used by an anti-virus program. The feature I am referring to is where a firewall keeps a list of programs that are allowed to make outgoing connections to the internet. In some firewalls (but not all), the firewall keeps a checksum for each allowed program, and if the program's checksum has changed, the program is blocked from internet access until the user OKs it.ZoneAlarm is one of the firewalls that has this feature. I currently use ZoneAlarm, but am concerned thatit may not have full Windows 7 support by October. So I wanted to know whether it's provided by the Windows 7 firewall itself. As far as I know, the Windows 7 firewall allows you to configure rules to control individual programs' internet access. The question is: If foo.exe has been allowed access, and then at some time in the future foo.exe is changed, does the Windows 7 firewall detect this, and refuse foo.exe internet access until the user says it's OK?

No Windows 7 will allow the process foo.exe access through the firewall even when the exe has changed. It will however refuse foo.exe when it is started from another location. AppLocker is the only functionality in Windows 7 I know of that can keep track of changes in a program to allow or blockitfrom running. Usually it will use the certificate in the program to identify its validity.Ray

Yes, I thought the Windows firewall probably didn't check for program changes. Thanks for confirming.