Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. hgfriend3

    hgfriend3 Registered Member

    Joined:
    May 12, 2006
    Posts:
    2
    Location:
    Big Apple
    Need help. I have a VPN software installed which has no internet when using Medium Filtering Profile but works with Low Filtering profile. How can I track this? Is there a log of the activities that I can use to troubleshoot the problem? Thanks.
     
  2. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Why this program skips WFC and pops up this WF message at startup?

    WFC.png

    It shows up before WFC tray icon appears. I should mention that program is not allowed.
     
  3. MikeMT

    MikeMT Registered Member

    Joined:
    Feb 7, 2015
    Posts:
    63
    Location:
    Malta
    Would you be using Private Internet Access or another OPEN VPN based app that run a Ruby Interpreter Service?

    If so the RIS service can constantly launch in multi folders of User profile Appdata Temp dir.It even advised to mod the service behavior when using a registered version of WFC running in medium profile mode to avoid constant pop up requests & allow a connection. With the free version of WFC you would have to look in the blocked outbound connection GUI. or windows firewall log.
     
  4. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Would be good to get a reply from @hgfriend3 on this...
    I also use a VPN, but set it up to work in High Filtering mode so I can kill the net but keep the VPN going...
     
  5. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    Are you sure you have an incoming block rule for that app?
     
  6. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Thank you as soon as I block rule in WFC, all good. Thanks.
    Although I still have some doubts. Isn't WFC when "Secure rules" is on, to forbid creation of rules? Even from WF itself?
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Use the Connections Log and see which components are blocked when the VPN is blocked. You just need a proper rule(s).
    That security alert is from Windows Firewall itself which is displayed when a program (other that Microsoft) tries to listen for inbound connections. WFC notifications are displayed for outbound blocked connections. We have two different things here.
    Secure Rules feature monitors when a new rule is added and if it is not added from WFC, then it deletes it automatically. WFC can't prevent the creation of the rule, but it can delete it after less than 0.5 seconds.
     
  8. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    65
    I would LOVE the ability to inspect a connection's contents WHILE it's still being held/paused in notification-holding. Would this be possible? (obviously using third-party tools, not as a WFC feature)

    For example--

    A WFC notification pops, saying Example.exe is attempting to connect to server.com:8080. Rather than decide right then whether to allow or deny it, I pull up an inspection tool like Wireshark or Fiddler to see what exactly is contained inside this connection's packets/contents.

    Would this be possible?

    I'm unsure of the exact particulars on how WFC holds connections, particularly how far along the network stack/chain they are by that point, and thus, whether inspection tools would still have the opportunity to capture/inspect the connection by that point, or whether the packets have already passed the checkpoint.

    Anyone know? Anyone have any experience or recommendations for doing this?
     
  9. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Yes, got it. Thank you very much :thumb:
     
  10. hjlbx

    hjlbx Guest

    @alexandrud

    There is a long delay when entering or deleting characters in the Search field of the Manage Rules pane.

    I have reported this issue repeatedly before - on W8\8.1 and W10 systems - and - both AMD and Intel units.

    I installed WFC on a unit that is brand new - just took it out of the box today. I was surprised to find that this issue still persists after 6 months of my initial reports.

    Once again, the problem causes WFC to AppHang for about 15 seconds all the way up to a complete freeze.

    Disappointing... will have to uninstall WFC once again.

    If you wish, we can do Skype or Teamviewer remote session; I prefer this over making a video.

    Anyhow, it's unfortunate...

    Best Regards,

    HJLBX
     
  11. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    @hjlbx
    For me is fine on Win8.1 although I have to admit I don't like that small delay caused by typing a character in the search field. Obviously this is by design and I would be more than happy if the search function was redesigned to allow to type the whole word without searching till you hit enter key.
     
  12. hjlbx

    hjlbx Guest

    @Mister X

    Is it by design or a limitation of NET Frame ? It's a problem on every system I have installed WFC. Sometimes it is just not smooth user experience. Other times it causes serious AppHangs...

    Thanks mate,

    HJLBX
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    You can read below how the notifications work and why this is not possible:
    http://www.binisoft.org/faq2.php#notifications
    There is no paused connection.
    The problem comes from the WPF (.NET Framework), not from WFC. On my i7 and i5 machines with latest graphics drivers that delay is very small (max 1 second). On my tablet (Asus T100) it works also slow. There is nothing that I can improve regarding this, as this problem should be fixed by Microsoft. The data grid control should be optimized. Unless I change the behavior to perform the search only when the user presses the Enter key. If more people will vote for this change, then I will update this behavior. Anyway, I do not consider this to be a motive to uninstall WFC. The search in the Rules Panel is not the "top" feature of WFC, as you can easily identify your rules without the search functionality.
     
  14. hjlbx

    hjlbx Guest

    @alexandrud

    Now I understand... not an WFC issue but a MS\NET Framework one. Issue that MS should fix.

    Even on my i7 w\SSD, this issue causes intermittent complete AppHangs... so I have to uninstall.

    The issue is not the Search feature but the fact that it causes AppHangs - sometimes quite problematic on the systems I have used. Any how, you are correct, I can just not use the Search feature - but I find that tedious.

    Why not just remove the Search feature since it is never going to work correctly until such time that Microsoft addresses NET Framework ?

    Perhaps instead just use CTRL + F - similar to searching in a word document, PDF or browser.

    WFC is fine product... I was not "bashing."

    Best Regards,

    HJLBX
     
  15. hjlbx

    hjlbx Guest

    What is the default alert time ?

    Is there a way for the user to adjust the time that alerts remain on the desktop ?

    Thanks,

    HJLBX
     
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Go to Main Panel > Notifications > Notifications options
    There you will find two time settings
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Set the notification timeout to 0 (zero) to disable the timeout.
     
  18. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Then, then the better way IMHO is to make a related info in the FAQs. So, the people with the problem can avoid this function, all other can use it already (in my case, I have only a short delay) ... except, see below ...

    Okay, Alexandru could eventually implement an alternate Search-Function (other technique), then he could assign Ctrl+f (which is actually used for the "problem" search function) to the new solution ...

    I don't really understand, why you have to uninstall. Even the original Win FW has no Search function - so why you don't just ignore the search function?

    Greetings,
    Alpengreis
     
  19. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    357
    Location:
    Canada
    Just FYI for anyone interested... shutting down both VoodooShield GUI & stopping VoodooShield Service allow WFC to be installed/updated. I neglected to stop VoodooShield Service previously.
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    I do not use anti executable programs, but doesn't VoodooShield have a white list where you can add an exception for WFC ?
     
  21. guest

    guest Guest

    Why WFC is blocking some svhost.exe connections although this application is allowed?
    I see it in the the blocked connections log
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    WFC is not blocking anything. Windows Firewall does. Check your existing rules and the blocked connections that you see in Connections Log:

    1. Either you have some enabled block rules for svchost.exe and the blocked connections match these rules.
    or
    2. The enabled allow rules for svchost.exe allow just some connections (specific service, port, etc), not all connections. In this case, all other connections (not matching a rule) of this process are blocked and they are logged.

    Do you have an allow rule for svchost.exe that allows all connections for it ?
     
  23. Sid.D

    Sid.D Registered Member

    Joined:
    Jan 8, 2006
    Posts:
    17
    Getting log error on windows restart. Windows 10.

    Source
    Windows Firewall Control Service

    Summary
    Stopped working

    Date
    ‎9/‎1/‎2015 8:38 AM

    Status
    Report sent

    Description
    Faulting Application Path: C:\Program Files (x86)\Utilities\Firewall Control\wfcs.exe

    Problem signature
    Problem Event Name: CLR20r3
    Problem Signature 01: wfcs.exe
    Problem Signature 02: 4.5.3.0
    Problem Signature 03: 55d8841b
    Problem Signature 04: System.Management
    Problem Signature 05: 4.6.79.0
    Problem Signature 06: 556bc616
    Problem Signature 07: 8c
    Problem Signature 08: 3f
    Problem Signature 09: System.Management.Management
    OS Version: 10.0.10240.2.0.0.256.48
    Locale ID: 1033
    Additional Information 1: 8bee
    Additional Information 2: 8bee58efc4124d486b658a407fc84f07
    Additional Information 3: e913
    Additional Information 4: e9136300c47a707123cf6055d6d88e8b

    Extra information about the problem
    Bucket ID: 7e8534475ae5503f1c7e0ad8c0f7b506 (128898545462)

    THANKS SD
     
  24. guest

    guest Guest

    It might be because of these rules, I guess these are added by default by WFC


    <Rule Name="WFC - VeriSign Global Registry Services" Group="Windows Firewall Control" Program="C:\Windows\system32\svchost.exe" Description="Block Windows to connect to VeriSign Global Registry Services. This rule is intended for privacy purposes. It can be removed if it causes connectivity problems with associated Microsoft services." Location="2147483647" Enabled="Yes" Action="Block" Direction="Out" LocalAddresses="" LocalPorts="" RemoteAddresses="199.7.48.0-199.7.63.255,199.16.80.0-199.16.95.255" RemotePorts="" Protocol="256" ServiceName="" EdgeTraversal="" Icmp="" InterfaceTypes="All" ApplicationPackage="" AuthorizedComputers="" AuthorizedUsers="" LocalUserOwner="" SecureFlags="0" />
    <Rule Name="WFC - Microsoft Limited" Group="Windows Firewall Control" Program="C:\Windows\system32\svchost.exe" Description="Block Windows to connect to Microsoft Limited. This rule is intended for privacy purposes. It can be removed if it causes connectivity problems with associated Microsoft services." Location="2147483647" Enabled="Yes" Action="Block" Direction="Out" LocalAddresses="" LocalPorts="" RemoteAddresses="94.245.64.0-94.245.127.255" RemotePorts="" Protocol="256" ServiceName="" EdgeTraversal="" Icmp="" InterfaceTypes="All" ApplicationPackage="" AuthorizedComputers="" AuthorizedUsers="" LocalUserOwner="" SecureFlags="0" />
    <Rule Name="WFC - Microsoft Internet Data Center" Group="Windows Firewall Control" Program="C:\Windows\system32\svchost.exe" Description="Block Windows to connect to Microsoft Internet Data Center. This rule is intended for privacy purposes. It can be removed if it causes connectivity problems with associated Microsoft services." Location="2147483647" Enabled="Yes" Action="Block" Direction="Out" LocalAddresses="" LocalPorts="" RemoteAddresses="213.199.160.0-213.199.191.255" RemotePorts="" Protocol="256" ServiceName="" EdgeTraversal="" Icmp="" InterfaceTypes="All" ApplicationPackage="" AuthorizedComputers="" AuthorizedUsers="" LocalUserOwner="" SecureFlags="0" />
    <Rule Name="WFC - Akamai Technologies" Group="Windows Firewall Control" Program="C:\Windows\system32\svchost.exe" Description="Block Windows to connect to Akamai Technologies. This rule is intended for privacy purposes. It can be removed if it causes connectivity problems with associated Microsoft services." Location="2147483647" Enabled="Yes" Action="Block" Direction="Out" LocalAddresses="" LocalPorts="" RemoteAddresses="92.122.212.0-92.122.219.255,92.123.96.0-92.123.111.255,95.100.0.0-95.100.15.255,23.32.0.0-23.67.255.255" RemotePorts="" Protocol="256" ServiceName="" EdgeTraversal="" Icmp="" InterfaceTypes="All" ApplicationPackage="" AuthorizedComputers="" AuthorizedUsers="" LocalUserOwner="" SecureFlags="0" />
     
  25. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    357
    Location:
    Canada
    yes & I did add an exception for WFC + excluded the folders that the installers are in, but something was still blocking WFC... the VS developer says this should be fixed with the next release so i'll let you know how the next WFC update goes.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.