Windows Firewall Control (WFC) by BiniSoft.org

@alexandrud

Two little things ...

1) Shortcuts broken after Update

For WFC Update I close WFC first. After the update WFC starts automatically.

But now the Shortcuts for Main Panel and Manage Rules are always empty and broken until another restart of WFC.

2) Profile was changed after Update (we had this before)

After the last Update (to v4.0.7.2) my Profile was changed from Medium to Low.

Alpengreis

 

I will think about a solution for this.

I have edited the original post with the update. I missed it. Anyway, the MD5 was on the website and as long you download the file from our website, don't worry, it is the right one.

There is no need to close WFC first to perform an update. Just run the new installer and it will know how to do with the old running version. Regarding the shortcuts, do you mean the global hotkeys ? I will check this.

I will check this too. It shouldn't happen. At update only the assemblies are updated, not the settings.

 

Okay!

Next time I update without closing previously. And I mean the global hotkeys, yes.

Thanks, no big deal, but I thought you should know it.

Alpengreis

 

Hi alexandrud,

once again a little thing:

After "Customize this rule before creating it" this text should be changed to "Back" "Back to main" "Back to rule data/message/status" "Done" "Return" or something like this ...

Now, we have always "Customize ..." and this is false.



Greetings,
Alpengreis

 

Windows Firewall Control v.4.0.8.0 - New Version

What's new:
- New: The program icons were changed with more appropriate new icons.
- New: When the program is in locked state, a different icon will be displayed in the system tray to inform the user about the active locked state.
- New: The installer can detect if a 3rd party firewall is installed and will inform the user about this at installation time.
- New: A new submenu was added in the context menu of Manage Rules window which can be used to import/export/restore firewall rules. These are the same actions possible from the Rules tab in Main Panel.
- New: From the notification dialog, the user can now click on the Source address to display additional info about the local port that is used. The default browser will open and will display the corresponding page from the Port Authority Database from grc.com.
- Improved: The text with "Customize this rule..." from the notification dialog will change now when the rule is in editing mode.
- Fixed: Rules Panel context menu item from the system tray icon remains disabled after the user unlocks the program.

Installation notes: Just use the updater to update to the new version. That's all. The following translation strings were added in this version:

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: cd80666e38ae72bfc711e509dd2785cf3490d964

Below is the backlog with features that are not yet implemented:
- Auto lock after closing the Main Panel window or at program restart.
- Auto enable the last profile used after a specified amount of time.

The list is open to new suggestions.

Thank you for your support and your feedback.
Have a great weekend,
Alexandru

 

Hey Alexandrud. I cannot lock WFC. Both accounts (Admin and Standard user).

Description:
Locking the application failed.
System.UnauthorizedAccessException: Access to the path is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.InternalMove(String sourceFileName, String destFileName, Boolean checkHost)
at WindowsFirewallControl.Proxy.ProxyServer.SetLockMode(String password, Boolean value)

Keep up the good work,
Robert

 

Sorry. AppGuard in 'LockDown Mode' will not allow changes. No problems.

Robert

 

Thanks for the Awesome, fast update alexandrud This app is really going beyond the ordinary, calling it extra-ordinary is now starting to feel like an understatement

 

Hi alexandrud,

first thank you VERY much for the update!

I have now tried to install without closing previously. It failed - the setup hangs. I now know why: I use WFC as restricted user.

If the WFC setup run, however, this is done as admin (it's clear) and the ongoing wfc.exe (restricted) is not closed.

If I close the wfc.exe (restricted) and the newly launched wfc.exe (started through setup) as admin), the setup continues!

This is also the reason why the Global Hotkey "lost". After setup, WFC is automatically started as admin, where I have does not define hotkeys. After close WFC and start it again, WFC is restarted properly as a restricted user and the hotkeys are naturally present again!

Regards,
Alpengreis

 

Thank you again for an awesome update.
No issues here.

 

Hi Alexandru!

You are doing great job!

I have only one, absolutely negligible, cosmetic, notice about localization (again . You have used "Policies..." item for a cascade context submenu. I think, there shouldn't be a 3 dots suffix. It use to be used for menu items, which doesn't perform any action immediately, rather it brings some dialog, where another user's decision is required, usually. However it doesn't use to be used for submenus.

But maybe you have some special reason for it

Have a nice day.

 

Many Windows Filtering Platform security log entries

I am getting a flood (1,000's per hour) of 5156 events Windows Filtering Platform as permitted a connection Port 1900.

I have the biniSoft Windows Firewall Control 4.0.8.0 installed.

I think (not positive) that if I choose the option to "Disable the ability of other program to add firewall rules" the logging quites down.

The process id is just the inscrutable svchost running under wininit.exe\services.exe which doesn't lead me to the program causing the problem. My guess is something is scanning all the files and will log the 100 of thousands of file.

My machine perform is poor but the CPU isn't dramatic. Windows Search service is disabled. MalwareBytes short scan didn't find anything. Windows Essential Security running.

Any ideas on how and get figure out what is going on? If it is benign I'll just dial back the options on WFC and let it finish.

Thanks in advance!

 

@BobH_SLO

Port 1900 (TCP and/or UDP) is SSDP (Simple Service Discovery Protocol) which is the basis of the discovery protocol of UPnP (Universal Plug and Play).

Read more under URL: http://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol

Maybe it helps you.

Greetings,
Alpengreis

 

Re: Many Windows Filtering Platform security log entries

It is normal to have these connections. There is no hacker activity, this is how it works. When you connect to the network you generate outbound connections. When the computers from the network try to connect to you they generate inbound connections on your machine. It is normal. Svchost.exe is a connection bridge between all Windows services and the network, so again, it is normal to see thousands of svchost.exe connections because all Windows services communicate through it. Disabling or enabling the ability of other programs to add firewall rules has nothing to do with this.

 

Re: Many Windows Filtering Platform security log entries

As long as those services that use ports 1900 are closed traffic should stop from your own PC to out.Just turn off unused network services to limit penetration risk.Logging can be turned off.
svchost needs remote port 53 UDP out for DNS and TCP remote 80 and 443 out for Windows Update plus the 123 UDP in and out for time sinc ,anything else is not needed on a normal stand alone PC.The rest of the ports should be closed/not specifically alowed.

 

I've been using this for a few days on a laptop. I must say it does just what I really want it to do - just be a firewall without bells, whistles and clangy things. Setting firewall rules is a snap, whether allowing or blocking. I like the context menu controls when right clicking on a shortcut or on the actual application file. I've got it set to medium filtering and just went to each shortcut to set the rule and, for those apps that had update or other additional application files that needed internet access from time to time, I just went to the folder and right clicked on the app. It just seemed easier than waiting until I launched something. And it's even got the manage rules area at the bottom of the main window if you want to use that. It couldn't be easier.

I've been a longtime user of Outpost Pro. I've wanted to switch to Win 7 firewall for a while to use the native application without additional 3rd party drivers. But it just didn't have that easy level of outbound control. WFC gives me that kind of easy control. We've got three desktops and five laptops in my family, two of which are Win 8.1 and the rest Win 7. I think I will slowly convert all of them to WCF based on my experience so far.

You can definitely expect a donation from me tomorrow. $10.00, eh? It doesn't seem like nearly enough. Great work.

 

Re: Many Windows Filtering Platform security log entries

If the logging will be turned off then no new notifications will be displayed in WFC because the notifications system is based on those events and also the Connections Log will be empty because nothing is logged anymore. Anyway, Windows Firewall logging is enabled on profile change in WFC if it is not yet enabled.

 

Re: Many Windows Filtering Platform security log entries

4.0.8.0 is detected by Dr Web as some trojan gen in virustotal.The latest changes got that antivirus upset

 

Re: Many Windows Filtering Platform security log entries

It is a false positive. The installer is detected this way, not the program itself. The installer did not change since the version 4 came out many months ago. Probably they will fix this in a future definition database.

 

A general tip regarding VT and false positives:
Give herdprotect (.com) a try. It scans with 68 AV's and claims it can rule out FP's:

WFC 4.0.8.0 status = Clean, 0/68
And DrWeb is actually one of these 68 Go to the Knowledge Base and search for the SHA1

 

Yes, that's right, the result is 0/68. Good tip with herdProtect, I knew not yet - thank you!

 

When a notification appears what is the intended behavior for the "Block for now and ask me later" button?

I was thinking that clicking it would close the notification and if the application that was trying to make a connection were to try again then the notification would appear again. Or if the same application was restarted and tried to make a connection again then it would appear again. But what seems to happen is that if I click that button then I never see a notification for that application/connection again until I restart the windows firewall control service.

So I guess what I am asking is how long is "Later" in this case?

 

That button just closes the notification dialog and adds that software in an internal list of recently blocked programs. A new notification for a dismissed notification can appear for the same program in the interval of 30 - 60 seconds after you close the first notification if it still tries to connect. That list is updated every 30 seconds and the entries older than 30 seconds are automatically removed, allowing the same program to generate a new notification again. The reason why it works like this is because some programs try to reconnect tens of times in a short period of time and without this delay, if you close the notification dialog then there is a high chance to receive instantly a new notification for the same program.

To test this, delete the rule for your browser and then try to connect. A new notification dialog will appear. Close it and wait 30 seconds. Now, hit the refresh button on your browser. You should see a new notification.

There is no need to restart the service. Leave it to do it's job. When you restart it that list is empty again and this is why it works again, but this is not how it should be used.

 

@alexandrud

1) Have you already "analyzed" my post #584?

2) In rule manager window: "Browse to allow" (maybe the others too) create an outbound rule even if INBOUND is selected.

3) I have tried to create (from a duplicated rule) the following rule with no success:



After a refresh, the values change back to the duplicated. With WFWas-GUI itself it's no problem.

Greetings,
Alpengreis

 

1) There is no simple solution to run an under privileged process (wfc.exe after installation) from an admin process (the setup). The solution is not to launch the program after installation/update and let the user launch it manually from the desktop shortcut.

2) Tried this and can't reproduce it. If you select INBOUND only in the Main Panel, when you browse a file in Manage Rules window, the rule will be created for inbound connections. Is this the same scenario that you have ?

3) I am able to create this rule properly.

Are you able to reproduce the scenarios 2) and 3) over and over or this was an isolated case ?