another Windows Firewall Control?

[mantra]

Quote:

Originally Posted by alexandrud

You can use "Export Policy" from WFC main interface. This will save all of your firewall rules, which can be imported back, by using "Import Policy". WFC is fully compatible with WFwAS firewall rules and works directly with them. When installing WFC, no firewall rules are deleted. Only, if at installation, the user choose to create recommended rules, WFC will add 8 new rules which can be easily deleted from Manage Rules window. If the user choose not to create recommended rules, no new rules will be added.

thanks
but for manually i mean not using wfc

[alexandrud]

Quote:

Originally Posted by mantra

thanks
but for manually i mean not using wfc

You can go to WFwAS by running "wf.msc". You will see there, on the right, a button named "Export Policy". Use that. The exported policy in this way can be later imported by using "Import Policy".

[Ring0]

Question, the last version has the same problem as previous if the DNS service is off ?
I mean, if the Windows DNS service is switched off WFC will not enter the learning mode ?
If it is? I must say that a strange approach used is, something should be changed.

[alexandrud]

Quote:

Originally Posted by Ring0

Question, the last version has the same problem as previous if the DNS service is off ?
I mean, if the Windows DNS service is switched off WFC will not enter the learning mode ?
If it is? I must say that a strange approach used is, something should be changed.

Thanks to Broadway, we find out that if DNS-Client service is disabled, the remote IP will be reported as the local router's IP, port 53 and UDP protocol. Also, in the Security logs these info are retrieved in this way. Even if this service is not required for DNS lookups, it seems that Windows Firewall uses this service to resolve remote lookups. The router will find all these informations for itself but will not pass them to Windows Firewall, and Windows Firewall will need to get these info by using DNS-Client service.

DNS-Client service resolves and caches DNS names, allowing the system to communicate with canonical names rather than strictly by IP address. DNS is the reason that you can, in a Web browser, type http://www.wilderssecurity.com rather than having to remember that http://xxx.xxx.xxx.xxx is the site’s IP address.

If you stop this service, you will disable your computer’s ability to resolve names to IP addresses, basically rendering Web browsing all but impossible. Unless you have every website you will ever visit in your hosts file or know the IP Address of every website off the top of your head or have it stored somehwere, there really wouldn't be a benefit to disable this Windows service.

All that being said, Learning Mode will work, but it will show your router's IP as remote address instead of the real destination remote address. This is a limitation of Windows Firewall, not of WFC.

[Ring0]

If you want stronger outbound protection/control you must have the ability to control DNS query. DNS Internet access via svchost.exe is like to stand with bare ass in the window.

If the DNS client service is disabled, only those applications and processes with an explicit DNS rule are allowed to query DNS.

Quote:

This is a limitation of Windows Firewall, not of WFC.

I certainly can not agree with you. Try the WFN (with DNS service disabled) and you will see that everything works as expected.

Shift the blame to others is the easiest thing, but not always correctly, I think that you should change WFC code.

[Broadway]

Alex, today, although I already have a "block any"-rule for
C:\windows\system32\devicedisplayobjectprovider.exe
WFC asked me again for this program.
After blocking again I had the same rule twice.

[alexandrud]

Quote:

Originally Posted by Ring0

I certainly can not agree with you. Try the WFN (with DNS service disabled) and you will see that everything works as expected.

Shift the blame to others is the easiest thing, but not always correctly, I think that you should change WFC code.

WFN reads the remote address from a different source than WFC. I didn't blame others. I only said that if the DNS service is disabled, the system events are logged with the remote address as the router. It is very correct. I will try to find a solution to this limitation and to read somehow different the remote address and port.

Quote:

Originally Posted by Broadway

Alex, today, although I already have a "block any"-rule for
C:\windows\system32\devicedisplayobjectprovider.exe
WFC asked me again for this program.
After blocking again I had the same rule twice.

It seems to be a little bug introduced in the latest version. It is already fixed and will be included in the next version which I plan to release in a few days.

The new improvements, next to bug fixing, are:
- Posibility to declare rules for all programs and to change the program path for a rule, in Properties window, when modifying a rule.
- Learning Mode was rewritten from scratch. Now, the latency between connection attempt and the notification was removed, due to the new tricks implemented in the code.
- Faster and improved validations for the user input data.
- And others, which I can't remember now....

The new version will be out in a few days.

[Broadway]

Sounds great, thanks :-)

[Gen]

I still can't use it on my LUA, anything to bypass this?

[alexandrud]

Quote:

Originally Posted by Gen

I still can't use it on my LUA, anything to bypass this?

Please be more specific. What is LUA and what problems do you have ?

[Ring0]

Quote:

The new version will be out in a few days.

Take more time you can not hurry anywhere.
Applications such as this should serve the customer, not to set conditions.

- shortcomings of existing, requirements:
1. NET Framework 4.0 update (bad, not everyone can or should do it)
2. pay (donate, to relieve all the functions, waiting for the surprise)

3. when you pay, discovers that you have purchased a bullcookie.
4. ask, DNS service need to switch on (ok, I do to try)
5. ask, NetBios service to switch on (the ends of my testing, deleted all, until the next version)

- see you

[Gen]

Quote:

Originally Posted by alexandrud

Please be more specific. What is LUA and what problems do you have ?

I can install it as admin but it doesn't run automatically unless I reopen the app every time I boot the laptop via admin.
Weird isn't it?

[alexandrud]

Quote:

Originally Posted by Ring0

Take more time you can not hurry anywhere.
Applications such as this should serve the customer, not to set conditions.

- shortcomings of existing, requirements:
1. NET Framework 4.0 update (bad, not everyone can or should do it)
2. pay (donate, to relieve all the functions, waiting for the surprise)

3. when you pay, discovers that you have purchased a bullcookie.
4. ask, DNS service need to switch on (ok, I do to try)
5. ask, NetBios service to switch on (the ends of my testing, deleted all, until the next version)

- see you

The system requirements are posted on the software page. The user can read them and if he agrees with them, he can choose to install and use WFC. If a user considers these to be too much, he will use another software, which can suit his requirements in a more appropriate way.
"Bullcookie" ? WFC does what is says. It is the user's duty to obtain information about software requirements.

System Requirements
√ Microsoft .NET Framework version 4.0
√ Compatible with all 32bit and 64bit versions of Windows 8 Consumer Preview, Windows 7 and Windows Vista.
√ The following Windows services are required to be enabled for Windows Firewall Control to run: "Windows Firewall", "TCP/IP NetBIOS Helper", "Workstation" and "DNS Client".

I don't see why you should be upset.

Here are enough motives why NET Framework 4 is better: http://msdn.microsoft.com/en-us/library/ms171868.aspx

The old version of WFC was build on NET Framework 2.0 which is an old technology, from 2005. We are now in 2012. We should move on with the technology, don't you think ?

[alexandrud]

Quote:

Originally Posted by Gen

I can install it as admin but it doesn't run automatically unless I reopen the app every time I boot the laptop via admin.
Weird isn't it?

What is LUA ? Which operating system do you use, version and edition. Which version of WFC do you use ? Please answer these questions in order to be able to help you. Did you disabled some windows services ?

WFC is fully compatible with standard user accounts, it requires administrative privileges only at installation.

[Bionic71]

I've just donated, It's a keeper at low expense.

- 3.3.0.3 confirmed duplicate entries

Thanks for looking into latency of notifications.

Got most core releases/patches installed, I'm not bothered by the requirements.
Although RAM usage seems bit over the top, pending between 120-220mb (win7 x64)

[hornet77e]

Hello Alex,

first of all Thank you for this great piece of software.
I found it in December last year, because i want to use the windows firewall.
(why invent the wheel new ? )

@all who think 10dollars are to much. Please show me one software for this price which has just a user friendly licence. I could use it on so many computers as i want.
This is a very big advantage in a world which i can have a lot of virtual machine on one hardware for testing, development and so on.

One problem i would report is, that sometimes the firewall ask me again for an program which i allowed before. The result is after few weeks i have 3 or four equal rules for one software.

The one think i found out is i had to mount truecryot volumes as removeable.
This is cause of the windows guid....

But also i have the problem form time to time with installed software like virtualbox, that it would ask me again.
Did anyone had this problem, too ? or a soluation for this ?

It is not a big problem, just want to report maybe anyone knows more.

But thank you again and of course i donate this software after one day testing

Have a nice day
hornet

[PhantomPhenix]

Quote:

Originally Posted by alexandrud

Here are enough motives why NET Framework 4 is better: http://msdn.microsoft.com/en-us/library/ms171868.aspx

Here are some motives not to use .Net.

As a developer you should never have your customers depend on 3rd party software - to use your software. If something buggy happens on .Net - poof firewall. Also if your software nuks .net now all apps dependent on .Net fail. Use a base language and have DLLs when you need extra functions. In this way the end user of your firewall do not need to install any type of framework. All they need are the DLLs that are required for that specific application.

[alexandrud]

Quote:

Originally Posted by hornet77e

One problem i would report is, that sometimes the firewall ask me again for an program which i allowed before. The result is after few weeks i have 3 or four equal rules for one software.

The one think i found out is i had to mount truecryot volumes as removeable.
This is cause of the windows guid....

But also i have the problem form time to time with installed software like virtualbox, that it would ask me again.
Did anyone had this problem, too ? or a soluation for this ?

About the same notifications, they appear again and again because there is a check for the new notification which checks the path to the executable file. Let's say, that you have a rule for "G:\test.exe" to allow it. But, G:\ drive is an encrypted drive or a read only drive. When you run test.exe from that drive, the path is not actually "G:\test.exe". It is "deviceGUID:\test.exe". "deviceGUID" can't be transformed to G:\ for this drive. So, the verification is made with "deviceGUID:\test.exe", but your rule is for "G:\test.exe". They are different and the a new notification is displayed, because it thinks they are two different programs. The path does not match.
The same problem is with BoxCryptor.

Quote:

Originally Posted by PhantomPhenix

Here are some motives not to use .Net.

As a developer you should never have your customers depend on 3rd party software - to use your software. If something buggy happens on .Net - poof firewall. Also if your software nuks .net now all apps dependent on .Net fail. Use a base language and have DLLs when you need extra functions. In this way the end user of your firewall do not need to install any type of framework. All they need are the DLLs that are required for that specific application.

I disagree with you.

1. NET Framework is not a 3rd party software. It is already included in the Windows operating systems since Windows Vista, 6 years ago. If a .NET application crashes, it does not affect the stability of your PC. If I had used C++ unmanaged code, in case of a software failure, the entire system could have been compromised, and the only thing you could had done is to use the reset button.
2. Many applications are written using NET Framework.
3. NET is used also for WPF, which can create richer and more user friendly GUI.
4. NET is used also for WCF for intercommunication of the processes.
5. Windows Firewall API has usage examples for C#, not C++.
6. C/C++ is for where you require precise control over memory allocation. If you don't, GC languages will be more concise, and hence require less programming time to do the same thing. With less ways of breaking things with pointers, the modern languages are far easier and better for most application development.

These are some of the motives, why I choosed to use the C#.

Also, the alternatives, TinyWall and WFN, are written in C# and use NET Framework.

[Tong]

Where is the "Don't alert me again" tickbox located these days? I read about it in the previous posts, but can't find it in my WFC or notifications.

[alexandrud]

Version 3.3.0.4 beta available
Exclusively for the users of this great community

What's new:

- New: "Learning Mode" was redesigned from scratch. The latency between a blocked connection and the user notification was reduced by 90%.
- Updated: Notification window contains now the time of the blocked connection. The tooltip for the application name was updated to contain the full application name.
- Updated: The validation rules were reworked from scratch. Also, the visual template, in case of user input contains errors.
- Updated: Added support for "Learning Mode" for Windows 8 Release Preview. Tested on x86 english version.
- New: "Properties" window was redesigned. Now, a user can create a rule for all programs or he can choose only a specific executable file.
- New: Multiple notifications are now cached and showed one by one. Until now, while the notification window was displayed, any blocked connection during this time was ignored completely. From now, notifications will wait until the user closes the current notification and the new notifications will be displayed one by one.
- And many more, which will be included in the final change log.

Download link:

http://binisoft.org/download/beta/wfc.exe

Installation notes:

The version of this was left intentionally 3.3.0.3. The final version will have the version 3.3.0.4. This beta version can't update the previous version. A clean install is recommended.

I have tested this version only on Windows 7 x86 Ultimate and Windows 8 x86 Release Preview. Both were in english.

Please install it, test it and write here your feedback. I am very curious how will Learning Mode will perform on different systems. Now, notifications should be displayed instantly.

I hope your feedback to be positive, but please report any problems. I will fix them.

Thank you all for your support,
Alexandru

[puff-m-d]

Hello,

I removed the old version and installed the beta. I then put it in medium filtering mode and turned on the learning mode. Learning mode does nothing on my machine. The only other security app I am running is WRSA Essentials and my OS is Vista Home Premium 64 bit. I had to manually redo my rules but luckily I had exported my policies not long before I installed the beta. I am running the beta now but learning mode is not doing anything, no pop-ups or dialog boxes, quite an annoyance but I do realize this is a beta. Also the event viewer shows no errors for WFC.

[alexandrud]

Quote:

Originally Posted by Tong

Where is the "Don't alert me again" tickbox located these days? I read about it in the previous posts, but can't find it in my WFC or notifications.

There is no need for it. To disable notifications for a program you can create a generic blocking rule for it and future notifications will be ignored for that program.

Quote:

Originally Posted by puff-m-d

Hello,

I removed the old version and installed the beta. I then put it in medium filtering mode and turned on the learning mode. Learning mode does nothing on my machine. The only other security app I am running is WRSA Essentials and my OS is Vista Home Premium 64 bit. I had to manually redo my rules but luckily I had exported my policies not long before I installed the beta. I am running the beta now but learning mode is not doing anything, no pop-ups or dialog boxes, quite an annoyance but I do realize this is a beta. Also the event viewer shows no errors for WFC.

I will install today Vista 64bit and I will make it work until the final version is released.

[Tong]

Quote:

Originally Posted by alexandrud

There is no need for it. To disable notifications for a program you can create a generic blocking rule for it and future notifications will be ignored for that program.

Thanks, WFC still kept notifying me, but removing the read only mode from my Program Files folder did the trick.

[alexandrud]

Version 3.3.0.4 beta 2 available
Ok, I fixed today the problems that were reported by multiple users.

What's new since the version from yesterday:

- Fix: Now the Learning Mode works again on Windows Vista. I forgot to uncomment a few lines of code.
- Fix: The program hangs on some computers when the user clicks to allow the program from the notification window, requiring to be ended from Task Manager. There were some synchronization problems between wfc.exe and wfcs.exe which could lead to hanging of the program. It is fixed now.
- New: If wfc.exe is not initialized correctly it will have a warning icon in the system tray and the tooltip "Failed to establish connection to Windows service". This means that wfcs.exe is not found or it is set to disabled.

Download link Remains the same, but contains the updated version:

http://binisoft.org/download/beta/wfc.exe

Installation notes:

Please uninstall the current version that you use and then install this one. To uninstall any version of WFC more faster than from Control Panel, you can run with the parameter -uninstall. For example: C:\Program Files\Windows Firewall Control\wfc.exe -uninstall

Things that you should know:

Due to process synchronization, multiple notification windows can appear for different applications in the same time. It seems that I can't keep them in a cacheand show them one after another. They will be overlapped, because they appear on the same position on the screen. The last one is placed above the older ones, but they can be easily moved around the screen by mouse. In this way, the user can see multiple notifications for different programs in the same time, allowing to edit multiple rules in the same time.

Another thing, the option "Block for now and ask me again later" blocks all future notifications for the same program for 1 minute. If you ever wondered yourself why after you selected that option, you don't receive again a new notification, this is why. You must wait 1 minute until the same notification to be possible again.

Please share your opinions here and any problems you may find.

Thank you very much for your support and your patience.
Alexandru

P.S.: Below is a screenshot which contains the new GUI modifications. You can see the new Properties dialog for editing a rule, the new notification, and an example of invalid user input.

[Broadway]

Thanks, Alex.
Does it run on 64bit Windows 7 now?
:-)