Windows Firewall Control (WFC) by BiniSoft.org

I understand what WFC is, what i'm saying is when I use other firewall's or just windows default I never get notifications regarding notepad and windows explorer wanting internet access. I'm assuming it's not a big deal cause I just re-installed windows a few days ago so I know it's nothing malicious.
The ip address is from Missouri

General IP Information

IP: 72.249.47.77
Decimal: 1224290125
Hostname: ns1.inputsafe.com
ISP: Colo4, LLC
Organization: Colo4, LLC
Services: None detected
Type: Corporate
Assignment: Static IP
Blacklist:
Geolocation Information

Country: United States us flag
State/Region: Missouri
City: Saint Louis
Latitude: 38.6143 (38° 36′ 51.48″ N)
Longitude: -90.4444 (90° 26′ 39.84″ W)
Area Code: 314
Postal Code: 63131


http://whatismyipaddress.com/ip/72.249.47.77

 

It was mentioned that there was less memory usage so I went ahead and installed WFC4. After installation, Windows Firewall Control was using 279.8 MB of memory and Windows Firewall Control Service was using 271.5 MB of memory.

I then messaged a member to ask about the memory used and found it was much less than mine.

After trial and error, I found that uninstalling Webroot allows the memory to drop below 20 MB each. I tried this because Webroot (with Windows 8.1) also causes Windows explorer to use around 250 MB of memory.

Just wanted to let you know this in case someone else sees this same high memory use. I am now going to donate where I wasn't before.

I'm using Windows 8.1 x64.

 

I turned off notifications and put WFC on low filtering then opened notepad and windows explorer and then checked rules and none were created and then I put it back to medium on both as recommended and opened notepad and windows explorer again and I get the alert almost immediately which is weird as crap!
I will just block it for now cause it makes no sense to me

 

Thank you for sharing this info with us.

It is normal to see blocked connections for explorer.exe. For notepad.exe, it is strange because it should not connect to the Internet in any circumstances. WFC reads the Windows Firewall logs and displays the notifications based on the existing rules and what the logs are saying. If the connections were blocked by Windows Firewall it means that these connections were real, they are not invented by WFC.

When you switch to Low Filtering which is the default state of Windows Firewall, there are no notifications because nothing is blocked. If nothing is blocked, then nothing to display. All programs can connect if they are not blocked by a rule.

When you switch to Medium Filtering, all programs that want to connect and don't have a rule to allow them, are blocked. This generates new entries in the Windows Firewall logs and WFC reads them and decides if a new notification should be displayed to the user. Based on the existing rules.

So, if you see a notification for explorer.exe you have 3 choices:
1. Allow it and you will never see notifications for it because it is allowed and nothing new will appear in the logs for this executable file.
2. Block it and you will never see notifications for it because it is already blocked and duplicate notifications will not be displayed.
3. Choose Ask me later, and you will see again similar notifications because no rule is created.

What is strange in what I have described ? This is the normal behavior.

 

Alexandru, many thanks for your tireless efforts
Is there any chance you can implement 'non logging' of specific set block rules.
I have a few block rules that i really don't need logs for

 

I think you should use the firewall different if pop ups appear all the time.When you are not installing or setting connectivity for any program ,just turn off notifications and use the Medium filtering alias Block Most.

Alexandru could add the Notifications item to the Profiles so it would mimic somehow the Rules Wizard from Outpost.

Easy fix

When you are normally using the PC it s in the Medium Filtering ,when you are installing stuff or troubleshooting set to Notifications.

 

Hey guys I have to apologize, I finally figured out why i'm getting those alerts from explorer and notepad...the ip address come from keyscrambler

 

No, it is not possible. The logging is done by Windows Firewall. WFC just reads what Windows Firewall does and takes actions.

 

I would like to do the translation how could I submit the lng files?

 

Send your translation file to support@binisoft.org and it will be added on the website.

 

Thanks for swift reply

 

Alexandru ,i have some suggestions to increase the usability of the program.

What about adding the Recently Blocked and New Rules Wizard items in the right click menu ,under Profiles ,in the task bar.

To be fair until watching your youtube video about WFC 4.0 on the web ,i have not even observed this 2 in the Manage Rules section ,did not payed attention to the right panel to much maybe ,i just focused on the rules.
Anyway those 2 shortcuts would be handy.

 

That would be a very handy shortcut Although, a better implementation would be to make the current "Manage Rules" link into a sub-menu, containing the following links in the following order:
"Main Window"
"Recently Blocked"
"New Rules Wizard"

Or even better, if possible, like in Microsoft office applications, make the current "Manages Rules" link work both as a link AND a sub-menu, containing the just the latter 2 links above. So, the user can pause on it for a certain amount of time to see the sub-menu or just click it like they currently can.

 

I would add to this suggestions some more :

- a Notifications item (similar to Rules Wizard) in the Profiles shortcut ,to switch around the profiles as needed

-an Allowed Connections button ,or why not a Loging one that shows all blocked and allowed connections as per Windows firewall log ,it s nice to see which exe makes connections ,as in the Windows firewall log you never know what makes connections (blocked or allowed).

A Rules Wizard for generic rules ,non exe related ,would be another interesting item.

But he should already call it WFC 5.0 with all this included.

LE: He could also add a block list.I used generic rules in the default firewall to make custom blacklists.So adding a distinct wizard for generic rules or a blocklist item could be done.
With all this it could be a almost complete firewall interface.

 

Thanks for a very innovative tool, Alexandrud

Question for you: Have you considered implementing any time-based functionality? I'm very interested in being able to set applications that are only allowed at a particular time (or blocked at a particular time)

Regards,

-ASB:

 

Sounds like what you want is a shortcut for quickly switching between notification levels. We discussed this before; it would be a useless, grayed-out menu to non-registered users as they can't use the notification function. So, unless there's a way to implement it such that it appears only when the user is registered, I doubt it would be implemented.

We discussed something similar; having an "Recently Allowed" section in the Manage Rules window. Based on alexandrud's thought of such section, sounds like you're asking for a shortcut to "Resource Monitor" in Windows...which you could just place in your start-menu. Personally, I think Resource Monitor does a good job of showing recently allowed connections, however, implementing rules to block those connections takes a while; this is where I think a "Recently Allowed" connections section could come in handy in WFC.

@alexandrud Currently with Resource Monitor, to create a rule to block the recently allowed connections it shows:
- You'll first have to memorize the name of and determine the directory of the .exe Resource Monitor shows, through Task Manager perhaps, 'cause you can't display a "Directory" column in Resource Monitor. With Task Manager, you'll have to find the process name > Right-click > Select "Properties" > Select and copy the "Location:" (or memorize it)
- Next, open WFC Manage Rules > Click "Browse to block" > Paste/type-in the directory you copied/memorized > Browse for and select the executable (who's name you had to memorize)
- Finally, if you didn't want to create a generic block-all rule for the executable, you'll have to open it's properties and edit them to correspond to the specific connection you're seeing in Resource Monitor, or probably saw in Resource Monitor, 'cause by the time you go through all these steps to block the executable, it could have completed whatever internet-required task it was connecting for.

I'm suggesting a "Recently Allowed" section that (like the "Recently Blocked" section) calls the Windows Firewall API to read the log for recently allowed connections when the user clicks the "Refresh" button, then it displays those recent allowed connections in the log (like the "Recently Blocked" section). From that list of recently allowed connections, the user could right-click one of them and (again like the "Recently Blocked" section) a context menu pops-up containing links to "Allow this program", "Block this program" and "Customize and block...". This would be yet another big time save in Windows Firewall Control.

To meet Sm3K3R's suggestion, another shortcut link could be added to the Manage Rules sub-menu as follows:
"Main Window"
"Recently Blocked"
"Recently Allowed"
"New Rules Wizard"

That could be a "New Generic Rule" link shown under the "Create new rule" side-bar tab at the "Manage Rules" section of the manage rules window. Also, it could be under the "Options" side-bar tab at the "New Rules Wizard" section (having it in both sections would be logical and awesome ).

Now that would be yet another extraordinary feature And seems like it's just an extension of the current temporary rules feature. That could work similarly by having the "Group" name be the schedule and instead of deleting it after a given time, WFC could just toggle it to be blocked OR allowed

Personally, haven't come across such situation where the current temporary rules weren't enough. However, this could be very handy if say you're baby sitting some kid (or yourself ); so, you want them (or yourself) to be able to browse the internet only on certain days of the week, hence you create a scheduled rule for your browsers (be it Chrome, Firefox, or simply Internet Explorer). Like Family Safety in Windows schedules days/times of the week the user can use the entire PC, in this situation, this feature schedules days/times of the week you can browse the internet...

 

Versions 2 and 3 of WFC were full of context menu items and this is not intuitive because when you click something, the context menu closes. The current direction is to use very few context menu items for the WFC icon in the system tray.

There was a view with "Active Network Connections" in WFC but it was removed in version 3.1.0.0 due to the slow performance. Resource Monitor, from Windows performs better regarding this matter. A view with "Recently Allowed Connections" is now implemented and I will release a new version very soon.

Searching folders for dll files (for example) and displaying them into a datagrid is not very useful. The aim of "New Rules Wizard" is to quickly identify executable files within a folder. This is not a file browser. Anyway, 99% of the rules are created for exe files, because they connect. This will not be implemented. I don't see the point in this.

Generic rules can be created very easily by duplicating any rule and modifying it to apply to All programs. To create generic rules, there is always WFwAS which has a very long wizard when it comes to create a new rule. The aim of WFC is do simplify things. Actually, I started to develop WFC a few years ago exactly for this reason. If I wanted to create a rule in Windows Firewall, I had to use that long wizard from WFwAS, which takes a lot of time. No wizard in WFC.

Because WFC does not filter any packet data, I have no control over the connections that are made and I can not define something like this. WFC is just a front end, it does not block or allow connections. This kind of rules can not be implemented at WFC level.

Already done.

This will require a new timer that will read all the rules once in a while, find all rules with a special formatted group name and then toggle them. The problem is that this code will be executed very often and will consume resources. This needs a different approach.

Until the new version is out, this is how it looks now:

 

Windows Firewall Control v.4.0.6.0 - New Version

What's new:
- New: Added the possibility to view "Recently Allowed Connections". The old "Recently Blocked" was changed to include the new view and a new ComboBox was added to select what to display.
- New: The "Manage Rules" menu item from the system tray context menu was renamed to "Rules Panel" which has now 3 submenus: Manage Rules, Connections Log, New Rules Wizard.
- New: Added support to "Customize and block..." in Connections Log.

Installation notes: Just use the updater to update to the new version. That's all. There following translation string were changed or renumbered:

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 56bc9a0e3904094107f70ab22744659ca18714fc

Thank you for your support and your feedback.
Alexandru

Have great weekend and Happy New Year !

 

@alexandrud

alexandrud, thank you very much for this really great software!

This software is definitely worth the money!

These makes my work really easier - without is impossible!

You were always quick in responding of questions and suggestions - so it makes fun.

I wish you Merry Christmas and a Happy New Year!

Alpengreis

 

Alex, thank you so much for improving WFC more and more.
Whenever I think "no more improvement possible" you deliver an update with thrilling new features.

Thank you again!

Have a nice Christmas and a Happy New Year!

Broadway

 

Awesome, fast update I think the new notification-area context menu is an even better and more intuitive implementation of Sm3K3R's shortcut suggestion! Regarding the time-based functionality, instead of having it checking every once in a while, couldn't you make use of Windows task scheduler to be sending a signal on schedule? Or perhaps a similar process like the one you used in disabling the ability of other programs adding new firewall rules?

This software and customer service is so extraordinary that I had to make a second donation Consider it as a new-years gift Hope you have a great weekend and happy new year!

 

Thanks, Alexandrud. New update works great!

Happy Holidays to all,
Robert

 

@alexandrud It appears the new "Recently Allowed" connections feature is not working yet on my Windows 8.0 machine (Surface Pro). When I switch to that view and click the refresh button, nothing appears; it's like no outbound or inbound allowed connections are being logged, blocked connections are being logged. I have tried an uninstall and re-install but still not working.

Any idea what's going on? Only security software I have running is Peerblock and Windows Defender in the background. Not sure if it helps, but when configured to show allowed connections, Peerblock's screen is continuously scrolling with new allowed entries as I browse with Chrome (which makes sense).

 

@MrElectrifyer I just installed this update today and got the same results on Win7. Then I rebooted and the list was populated, but only since the reboot. Assuming that either some logging feature for "allowed" has to be turned on in Windows firewall or WFC is creating a custom log.

 

I seem to be having yet another problem, this time, seems like Windows API is missing some blocked connection log somewhere

I just recently got a HP All-in-one + Fax + Web printer ($99 ), one of it's features is the ability to wirelessly scan to my documents folder with appropriate software installed (HP Scan to Computer in this case).

When I tried using this feature of my printer, in the medium filtering profile with notifications enabled, I kept getting the following error message about a firewall program blocking it.


And the only blocked connections I was seeing in the recently blocked log were these connections to svchost.exe; I have the DHCP Server on my router configured to reserve the 192.168.0.180 IP to my printer.


So, I created the following four generic Windows Firewall rules that matched HP's recommended configurations for AVG firewall.

View attachment 240823 View attachment 240824

Still getting the same error message above with the medium filtering profile selected With the low filtering profile, everything works, but then all connections get allowed and can't keep track of the executable that connects when the recently allowed connections feature isn't working. Anyone have any suggestions for this strange firewall problem?

Ps. No notifications were shown in this time period even with high notifications, which implies it's only incoming connections that are blocked (as indicated in the recently blocked log).