Windows Defender pop-up
-
Hi
Brand new user here. First day use of Vivaldi. Fully updated Windows 11.
Having sorted out one or two initial problems (importing passwords and bookmarks), I have an oddity with Windows Defender.
After a slight struggle, I managed to get my bookmarks imported from Firefox and tested some of them. While checking out Vivaldi, I suddenly got a Windows Defender pop-up when I clicked on a bookmark. The pop-up seems to not be related to the actual link as it opened quite normally, and, subsequently opened without the pop-up.
The pop-up seemed to be a standard Defender one asking for permission to allow Vivaldi.exe to access my network. The question is: why, after about 5 hours use does Vivaldi suddenly decide to have some private contact with somewhere else? Which 'features' of Vivaldi are trying to access somewhere? Why, does the installation process not register all 'features' with Defender without 'secretly' trying to communicate elsewhere? What information is Vivaldi sharing during this type of communication?
-
@LesAHay , there are several things why Vivali use the network every x time, among others searching of updates, sync and statistic data, same as every browser do. All of this you can whitelist in the Defender.
welcome to the community
>Laptop ACER, AMD Ryzen, GPU AMD Radeon RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
-
Hi
Thanks for your reply.
I realize that I can whitelist the connection, but I can not understand why Vivaldi did not do so at instal time (as other applications do)? It is because of this that I become suspicious. Vivaldi knows all the connections needed, why suddenly start asking the user to approve (an unknown purpose)?
I am not paranoid, but when I get such requests, I want to know why/where/what is behind them before blindly allowing. There are very very few times that Windows Defender has requested direct consent (over the last several years), and ALL of those have been recognised and expected - not this one however.
On this occasion I refused the permission: I would imagine that Vivaldi will try again at some point? I will need to wait and see any results from having denied access - it would have been better if the installation process had taken care of all that - even asking the user- with a stated reason - to agree to whatever unusual connections are needed. -
Aloha Vivaldi!
"You cannot know the meaning of your life until you are connected to the power that created you" · Shri Mataji Nirmala Devi
-
@Zalex108 said in Windows Defender pop-up:
Aloha Vivaldi!
................. and this is supposed to be a helpful post is it? Are you really a Moderator?
-
Hi,
It could be some joking on the topics.Being you are ready to aquire data check out the next links and the Tip.
--
Also,
Some useful links:
ForumsCommunity 
Official Tutorials Official Help Forum Categories Modding Vivaldi Vivaldi Features Vivaldi Help Forum Markdown Panels | 
EnginesVivaldi Tutorials Issues 
Feature Requests ¿? Menus | Guides | FAQ Vivaldi How To Bug Reports
--
"Off Topic Tip"
Follow the Signature's Backup | Reset link.
Take the opportunity to start a Backup plan and even create a Template Profile.
Windows 7 (x64)
Vivaldi Backup | Reset + Extra Steps"You cannot know the meaning of your life until you are connected to the power that created you" · Shri Mataji Nirmala Devi
-
-
@LesAHay Without knowing more details about these connections it's impossible to know what it might've been.
- Checking for updated extensions
- Checking for updated components
- Checking for update of the browser
- Vivaldi Sync connection (if enabled)
- Mail/Calendar/RSS feeds
- Etc...
I know Vivaldi Sync for instance uses a non-standard port (not 80/443) so that might be the reason for the Firewall to trigger.
As usual Defender gives zero details needed to figure things out, like the host and port attempted.
I suggest going into the Firewall application and either looking at the logs (if they exist - I have no idea about Defender), or removing any explicit blocks and waiting for it to happen again. Then when it does check what allow rules have been added, specifically what outbound host/ports are allowed.
Only then can the "why" be explained.
🎻Volunteer helper · Forum moderator · Sopranos tester 🛠️Troubleshooting 🐛Report a bug 📜Markdown help
🦆"With a rubber duck, one's never alone" -Douglas Adams🦆 -
@Pathduck said in Windows Defender pop-up:
@LesAHay Without knowing more details about these connections it's impossible to know what it might've been.
- Checking for updated extensions
- Checking for updated components
- Checking for update of the browser
- Vivaldi Sync connection (if enabled)
- Mail/Calendar/RSS feeds
- Etc...
I know Vivaldi Sync for instance uses a non-standard port (not 80/443) so that might be the reason for the Firewall to trigger.
As usual Defender gives zero details needed to figure things out, like the host and port attempted.
I suggest going into the Firewall application and either looking at the logs (if they exist - I have no idea about Defender), or removing any explicit blocks and waiting for it to happen again. Then when it does check what allow rules have been added, specifically what outbound host/ports are allowed.
Only then can the "why" be explained.
Hi
Thanks for your reply.
You have listed exactly why Vivaldi needs to not leave it up to the user to approve. Every one of those should be 'allowed' explicitly by Vivaldi at installation, and probably are - I know that the sync connection must be as that has already happened without issue.
Maybe I am being super critical, but as you point out, Defender keeps details hidden - again, a reason to have Vivaldi taking care of all the permissions.
I have never delved into Windows Defender logs etc, and, I do not intend to start. If it happens again, or, if it becomes apparent what aspect of Vivaldi is blocked, then I might investigate further. -
@LesAHay , Windows Defender is certainly one of the best current AV, although sometimes it is somewhat hysterical in its reactions. I use Windows 10, Defender is the same, but it has never given me any problems with Vivaldi and it wasn't reported by any other user either AFAIK, at least not with Defender (in the past there were some false positives with Symantec and Kaspersky AVs but solved later).
For this reason I think that these alarms may be due to some extension that you are using. To rule it out, test if the Defender also gives you the notice with Vivaldi in a guest profile.
This puts Vivaldi in its default configuration and without extensions.>Laptop ACER, AMD Ryzen, GPU AMD Radeon RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
-
Thanks for your reply.
I will bear that in mind. If the alert happens again I will give that a try.
I do have Dark Reader extension installed as I can not do without a means to reduce the glare from usual white background web sites. -
@LesAHay , DarkReader isn't a problem, it can't be the cause, this extension is used by a lot of Vivaldi users,
I've used it in the past, but at the moment I prefer to use Dark Mode in flags, which gives me dark themes even in the Chrome Store and web panels (none of the extension do this). I hate white backgrounds, they dazzle me.>Laptop ACER, AMD Ryzen, GPU AMD Radeon RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
-
@Catweazle said in Windows Defender pop-up:
@LesAHay , DarkReader isn't a problem, it can't be the cause, this extension is used by a lot of Vivaldi users,
I've used it in the past, but at the moment I prefer to use Dark Mode in flags, which gives me dark themes even in the Chrome Store and web panels (none of the extension do this). I hate white backgrounds, they dazzle me.Hi
Thanks for your reply.
Tell me more .................... I am as yet unfamiliar with the flags stuff. Can you tell me which flag(s) need to be searched/changed?EDIT: never mind, I found the switch 'Auto Dark Mode for Web Contents' - didn't even need a search, now all I need to do is to try all those options in the drop down.
-
@LesAHay . it's easy, simply put in the adressbar
vivaldi://flags/#enable-force-darkEnter
With this you'll see the flags page (Experiments) and Auto Dark Mode for Web Content, in the pull-down select Enabled with selective inversion of non-image elements
Restart Vivaldi and you have dark theme almost everywhere (like in the extensions, there are (very) few pages where it don't work so good, but in this case you can compensate it by using the Invert Filter in the Page Actions Menu (<>)).
The downside to an extension is only that a flag change requires a Vivaldi restart to take effect.Tip: For faster access you can put the flags page to the web panel.
>Laptop ACER, AMD Ryzen, GPU AMD Radeon RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
-
@Catweazle
Hi
Thanks for your reply.
The command didn't work from the address bar and just gave me a search - but the Dark Mode was at the top of the list anyway.
I already had the Flags as a speed Dial entry so that works fine - I am yet to be convinced that I need to use Panels, but I will eventually try them out. -
New user of Vivaldi here! I just experienced the same issue, although it occurred about 10 minutes after installation.
Before accepting or denying anything, I did a search and came across this post! Being a curious software QA Engineer, I took a look in the Event Viewer and saw two Vivaldi-related events in the Defender Firewall logs at around the time of installation which had the "Action" listed as "Block". These rules were to allow inbound connections on all TCP and UDP ports.
On the Windows Defender Firewall popup window, I then selected to "allow" connections, and immediately six new events were added to the Event Viewer. Three dedicated to UDP with the "Action: Allow" status, and three dedicated to TCP with the same "Action: Allow" status.
The Windows event log is not the best for extracting data, so I tried to make something readable from the events in the log. Hopefully this will be of some use to somebody. I suspect that most users just click "allow" and go about their business and that's why nobody at Vivaldi is really aware of any "issue". That's what I would have done had I not had a bit of time on my hands!
Events from time of installation:
Log Name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall Source: Windows Firewall With Advanced Security Logged: 02/10/2023 10:45:19 EventID: 2097 Task Category: None Level: Information Keywords: (2199023255552) User: LOCAL SERVICE Computer: <REDACTED> OpCode: Info --- A rule has been added to the Windows Defender Firewall exception list. Added Rule: Rule ID: TCP Query User{<REDACTED>}C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Rule Name: vivaldi.exe Origin: Local Active: Yes Direction: Inbound Profiles: Private Action: Block Application Path: C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Service Name: Protocol: TCP Security Options: None Edge Traversal: None Modifying User: NT SERVICE\mpssvc Modifying Application: C:\WINDOWS\System32\svchost.exe A rule has been added to the Windows Defender Firewall exception list. Added Rule: Rule ID: UDP Query User{<REDACTED>}C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Rule Name: vivaldi.exe Origin: Local Active: Yes Direction: Inbound Profiles: Private Action: Block Application Path: C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Service Name: Protocol: UDP Security Options: None Edge Traversal: None Modifying User: NT SERVICE\mpssvc Modifying Application: C:\WINDOWS\System32\svchost.exeEvents following the selection of "allow" in the Defender Firewall popup:
Log Name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall Source: Windows Firewall With Advanced Security Logged: 02/10/2023 10:54:35 EventID: 2099 Task Category: None Level: Information Keywords: (2199023255552) User: LOCAL SERVICE Computer: <REDACTED> OpCode: Info --- A rule has been modified in the Windows Defender Firewall exception list. Modified Rule: Rule ID: UDP Query User{<REDACTED>}C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Rule Name: vivaldi.exe Origin: Local Active: Yes Direction: Inbound Profiles: Private Action: Allow Application Path: C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Service Name: Protocol: UDP Security Options: None Edge Traversal: None Modifying User: <HOST_REDACTED>\<USER_REDACTED> A rule has been modified in the Windows Defender Firewall exception list. Modified Rule: Rule ID: UDP Query User{<REDACTED>}C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Rule Name: vivaldi.exe Origin: Local Active: Yes Direction: Inbound Profiles: Private Action: Allow Application Path: C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Service Name: Protocol: UDP Security Options: None Edge Traversal: None Modifying User: <HOST_REDACTED>\<USER_REDACTED> A rule has been modified in the Windows Defender Firewall exception list. Modified Rule: Rule ID: UDP Query User{<REDACTED>}C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Rule Name: vivaldi.exe Origin: Local Active: Yes Direction: Inbound Profiles: Private Action: Allow Application Path: C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Service Name: Protocol: UDP Security Options: None Edge Traversal: Defer to user Modifying User: <HOST_REDACTED>\<USER_REDACTED> A rule has been modified in the Windows Defender Firewall exception list. Modified Rule: Rule ID: TCP Query User{<REDACTED>}C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Rule Name: vivaldi.exe Origin: Local Active: Yes Direction: Inbound Profiles: Private Action: Allow Application Path: C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Service Name: Protocol: TCP Security Options: None Edge Traversal: None Modifying User: <HOST_REDACTED>\<USER_REDACTED> Modifying Application: C:\Windows\System32\dllhost.exe A rule has been modified in the Windows Defender Firewall exception list. Modified Rule: Rule ID: TCP Query User{<REDACTED>}C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Rule Name: vivaldi.exe Origin: Local Active: Yes Direction: Inbound Profiles: Private Action: Allow Application Path: C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Service Name: Protocol: TCP Security Options: None Edge Traversal: None Modifying User: <HOST_REDACTED>\<USER_REDACTED> A rule has been modified in the Windows Defender Firewall exception list. Modified Rule: Rule ID: TCP Query User{<REDACTED>}C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Rule Name: vivaldi.exe Origin: Local Active: Yes Direction: Inbound Profiles: Private Action: Allow Application Path: C:\users\<REDACTED>\appdata\local\vivaldi\application\vivaldi.exe Service Name: Protocol: TCP Security Options: None Edge Traversal: Defer to user Modifying User: <HOST_REDACTED>\<USER_REDACTED>
