Windows Firewall Control (WFC) by BiniSoft.org

Like so many others, thanks for your work Alexandru.
But sooner or later you're going to have to issue a Pro Version with all the work you do on this.
Peace. Alan

 

Two reasons:
1. Many support emails why the Windows Update rule is disabled.
2. Endless support emails with the following topic: "I installed your firewall and Windows Update does not work. Please fix this bug.".

I confirm these too, so that we can make them official now.

 

@alexandrud
Thanks for explanation

 

Warmup for the "old" wish (from others) to have a "Find duplicate rules" function

My suggestion for this is to take the following fields to compare:

All but "Name", "Description", "Group" and "Enabled"

So all other fields must have (after converting/sorting (see below)) the exact same string to be valid as duplicate!

For fields as "Remote ports" you could initiate a sorting first, before you compares, so ...
Rule A with ports 80,443 would be in result identical to Rule B with ports 443,80

For fields as "Remote IPs" you could make internally a converting first for CIDR-Range or compressed IP(-Range) to uncompressed IP(-Range) (if you can do this within .NET), then a sorting before you compares, so ...
Rule A with CIDR 2001::/32 would be in result identical to Rule B with uncompressed IP-Range 2001:0000:0000:0000:0000:0000:0000:0000-2001:0000:ffff:ffff:ffff:ffff:ffff:ffff
or ...
Rule A with compressed IP-Range 2001::-2001:0:ffff:ffff:ffff:ffff:ffff:ffff would be in result identical to Rule B with uncompressed IP-Range 2001:0000:0000:0000:0000:0000:0000:0000-2001:0000:ffff:ffff:ffff:ffff:ffff:ffff
or ...
Rule A with compressed IP 2001:: would be in result identical to Rule B with uncompressed IP 2001:0000:0000:0000:0000:0000:0000:0000

Maybe similar methods before comparing would be necessary for other fields too.

Would be a nice-to-have feature ...

Regards!
Alpengreis

 

I am not a fan of implementing this but I will think about it. I do not promise anything.

 

Sure, no problem, thank you!

 

Windows Firewall Control v.4.8.3.0

Change log:
- New: Finally, a user manual was added to the program. It can be launched by pressing the F1 key or from the new button available in the Main Panel.
- New: The desktop the Start menu shortcuts which are created at program installation contain now the -mp parameter which will launch the Main Panel when they are executed.

Note that the installer size was increased because the .chm file is also packed into the installer.

New translation string:
029 = User manual

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 08b0f079ca8de803e1647cea6005681e
SHA256: 68ea69d10c87fccd3d6ccdeed8656edd0f5c967afdb4362a1c06560d7e440018

This is the first version of the user manual after 6 years of development. If you spot problems in the user manual please let me know and I will fix them. Also, if you have in mind topics which were not covered please let me know so that I can update the manual. Thank you for your support.

Best regards,
Alexandru

 

Wow, with manual now - great! I will test it out for sure!

EDIT: except the one-off error of a missing arrow (right) after first "initiated" help start and manually start at the same time through me, it looks very good!

PS: DE-translation "in work" ;-)

 

Nicely done. Bravo!
Thank you Alexandru.
Peace. Alan

 

Thanks very much for the manual
Working in Spanish translation

 

Found a small bug with the new help:

if I start WFC manually and press then F1 (within main menu), the help opens two times the first time only ...

Question: where is the new string (029) in use?

 

The manual does not open multiple times for me but it opens multiple times if I press F1 multiple times. I will find a way to open it only once and focus it on the other open attempts. Thank you for your feedback.

 

Exactly, same behavior here.

 

All right! I SEE NOW the icon - it MUST be the heat, REALLY ;-)

PS: the double opening is only after a NEW start of WFC tray (open from tray is not enough).

PPS: DE-translation which include the new string is available on binisoft.org

 

Is there a reason I'd get the following blocks with these 2 rules in place?

rules...

blocks...

I've turned notifications off cause I wasn't paying close enough attention and keep making duplicate rules for softs being blocked that already have an allow rule...
So I've experimented a bit - using dashost.exe as a guinea pig

 

The first rule that you have does not apply to the blocked connections since the IP addresses are outside of LocalSubnet range. The second rule should allow the blocked connections. Are you sure you are connected to Private location instead of Public ? Please read the user manual regarding the duplicate notifications.

 

I have such problems too - for example if the pc wakes up from sleep. It seems the system is not ready then quick enough to see your location private. Because this - EVEN if you ARE in private location, for some things it seems necessary to give Location = All in your allow rule ... if you cannot (because security reasons for ex.) you will have to live with the annoying notifications.

 

This seems not sooo an easy thing, see also my post above please ...

Because outside LocalSubnet:

239.255.255.250 is a "Organization-Local Scope Multicast Address"
ff02::c is a "Link-Local Scope Multicast Address"

So I'm not sure if these addresses are really integrated in the "LocalSubnet" implementation from Microsoft, nevertheless both are not outside the real Local Subnet per definition AFAIK.

 

@alexandrud
Could you please automate a bit more the update process?
If there is an update and I click proceed, it should automatically download the update, install it and run the program again, just 1 click. Now requires 3 If I remember well, I guess it should be easy to do.

 

i'm definitely on a private network. ok - I had originally assumed since these were local IPs they would be covered by the LocalSubnet, but they obviously weren't so i added the second rule

right - i had thought this was just an issue at boot & wake up, but i think i'm also seeing some cases long after the pc is booted where a process gets blocked a few times before the allow rule kicks in - i believe this was what happened with the example i posted above. I haven't tracked this properly yet to see how much of an issue it is, but it was enough that i turned notifications off for now.

good tip - thanks for that info. Yah - I know a lot of people just block stuff like dashost, background task host, etc.., but I don't have enough information to be comfortable doing this (even the Win10 privacy apps like Win10Privacy - state that they don't really know what the process does) so I figured I'll just allow them on my home network and block everywhere else so I've limited a lot to private

 

Can anyone shed some light on why I'm getting blocked inbound connections for qBittorent despite having it allowed any In/Out activity on Public/Private/Domain location? Remote addresses are mostly 2001:0(...), no addresses in ipv4 format. I know very little about networking, so it's probably something obvious...

 

I will think about it.

Inbound rules don't work for ANY protocol. Create two inbound rules, one for UDP protocol and one for TCP protocol.

 

Changing the inbound rules to separate TCP/UDP allow rules didn't fix the issue, I'm still getting blocked connections listed in the Conections log. It's peculiar that only IPv6 addresses are blocked for qB, no IPv4 IPs.
qBittorrent is functioning normally, no speed/connectivity issues.

 

Please don't, all my downloads are directed to a folder with LOW priority which prevents auto-execution/updating.
I choose to have to manually copy the file to a second folder that has HIGH priority in order to run an install file. That way there's nothing 'sneaking in' and installing without my knowledge.
Clicking to download the file is OK, just not the automatic install & run steps.

Thanks,

J

 

Sent to binisoft.org User Manual Spanish
Regards