Troubleshooting Windows defender trip.exe added and admin powershell

[AddictArts]

This looks really interesting. thanks. Windows 10 latest PowerShell.

I am executing

trip github.com crates.io

Nothing appears. Maybe I am missing something. Do I need to reboot, start and stop the firewall?

[fujiapple852]

@AddictArts you will need to allow incoming and outgoing icmp traffic in Windows defender and add trip.exe to the defender whitelist. You can verify that this is the only issue by (temporarily) disabling Windows defender.

[AddictArts]

@AddictArts you will need to allow incoming and outgoing icmp traffic in Windows defender and add trip.exe to the defender whitelist. You can verify that this is the only issue by (temporarily) disabling Windows defender.

Thank you. I added trip.exe to the allow an app list. Chacked the inbound and outbound settings. All good. It just says Trippy awaiting data...

I installed via cargo install trippy if that makes a difference, not chocolaty or snoop etc. Do you need PCAP or NCAP installed?

I also turned the firewall off for public and private networks and still nothing. Should I see something other than awaiting data... I went to a browser did a google search. I did a git fetch from a github project. I did rustup update.

[fujiapple852]

@AddictArts your installation method is fine and there is no need for PCAP or NCAP.

When Trippy shows “Awaiting data” it means that it has received zero responses for the probes sent in a trace. This typically indicates that probes are not being sent or, more likely, responses are not being received.

Assuming no external firewall issues in your network (I trust a regular Windows traceroute works?) then the issue will certainly be that Windows is choosing not to deliver received icmp packets to the trip.exe process.

My next diagnostic step would be to run Wireshark whilst trip.exe is running to verify that icmp echo requests and responses are flowing in and out, and therefore confirming the issue is that the responses are not being delivered to trip.exe by the OS.

Personally, I only use Windows as a VM (Windows 10 image in VirtualBox), and I use admin PowerShell with defender disabled.

@zarkdav is our resident Windows expert, do you have any words of wisdom here to help?

[fujiapple852]

@AddictArts if you can confirm your Windows version and share your defender configuration for icmp that would be helpful. Could you perhaps have any other security products running besides defender that may be blocking the traffic?

[fujiapple852]

@AddictArts I just:

• Spun up a fresh Window VM (Windows 10) in VirtualBox
• Installed Rust
• Ran cargo install trippy
• Ran trip google.com from an admin PowerShell

For the first run Trippy shows "Awaiting data" as you saw.

I then added an ICMP exception to Windows Defender as follows:

After doing so, Trippy then works as usual:

[fujiapple852]

@AddictArts were you able to resolve this? Is there anything further we can do to help? From the test I ran above it appears everything is working as expected on Windows when Defender is configured correctly, so I'm working on the assumption this is an issue with your setup and so will close this.