Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Awesome new update, liking the less cluttered context menu :thumb:

    This is great idea for users not aware of options available out there, which is probably majority of WFC users. However, there are some of use who know what's available out there and have a preference, like me. In my case, I prefer the following URL to start a WHOIS query: http://www.ip-adress.com/whois/{0} as it seems to be easier (than who.is) for me to understand the results.

    I would suggest having a "Custom..." entry in the drop-down menus, which makes a text box appear for such cases.

    According to the description of this new option, we would have to manually set the firewall profile back to medium on next startup. Is that the case? I thought that on next startup it would automatically set it back to the profile it initially was prior to shut down...

    That methodology isn't really practical, especially when I have 8+ essential columns of information. For example, in the case of the following blocked explorer.exe log entry, if I wanted to copy just the Remote Address entry, that would require 16+ clicks first to hide the other columns, then I click to select that rule, press Ctrl+C to copy that single detail, then go through another 16+ clicks for revealing all the essential columns.

    Essential Connection Log Columns.png

    Attempting to customize and create that new rule first then copying the details is way faster (3 clicks, then Ctrl+C, then 1 click to cancel rule creation), but not as convenient as having such copy menu entry as suggested (2 clicks).
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    1. I have added a new provider in the WhoIs combo box. It will be selectable in the next version.
    2. The usage of the new feature is that the network connections are denied until the user intervention allows them again. This does not prevent rules from being created before starting WFC service, but it ensures that even if they are created at boot time, they are not effective. Again, if the service wfcs.exe is started, then "Disable the ability...." does what it says. But if there are services that start before wfcs.exe they can register a new rule in Windows Firewall because WFC is not started and can't provide this protection. Remember that this is a WFC thing not something enabled in Windows Firewall. Unfortunately, I can't set an order to start Windows services, so that I can say, ok, start wfcs.exe first. So, this is somehow an improvement for those users that experience such rules creation at boot time.
    3. I already implemented the Copy context menu item as you have suggested before. It will be available in the next release. It also supports copy from multiple items at once.
     
  3. peter_brown_usa

    peter_brown_usa Registered Member

    Joined:
    Aug 20, 2014
    Posts:
    26
    I seemed to have blocked the dnscache on my PC somehow. At least I think it has.
    I keep getting timeouts of the DNScache and Microsoft Forums point it towards a Firewall issue.


    1) How can I unblock the dnscache as I expect it's a svchost.

    2) If I delete ALL rules, how do I get the default rules to be installed so I don't have to keep clicking block/allow every few mins.

    Thanks Peter
     
  4. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    That works for me :) Just not future proof for others...

    Understood. It's best to wait for user intervention 'cause if the rules are created, then changing the profile back to say Medium wouldn't be effective; the rules would still remain there.

    Although I don't experience these rules being created on start up (so I don't use this feature), I can imagine this being kind of a pain for those who use it. 'Cause they'll be doing the following on every start-up:

    - First they have to open the manage rules window
    - Delete the automatically created rules
    - Close the manage rules window
    - Finally, set the firewall profile to say Medium​

    I think this can be made painless as follows:

    - On shutdown, WFC automatically creates a backup of the current firewall rules; stores it in say it's "C:\Program Files\Windows Firewall Control" directory as say "LastSession.wfw"
    - Then it sets the firewall profile to High
    - On start-up, WFC restores the "LastSession.wfw" firewall rules (overwriting everything else)
    - Then it sets the firewall profile to Medium​

    Awesome looking forward to the new version :thumb:

    1.) That I'm not sure of

    2.) You can restore the default rules from either the Main Panel > Rules > Restore Windows Firewall default set of rules (as shown below):

    Restore Default Rules from Main Panel.png
    OR, the Rules Panel Context Menu > Policies > Restore default rules (as shown below):

    Restore Default Rules from Rules Panel Context Menu.png
     
  5. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    This new option implements half of my feature request and, like MrElectrifyer, I would like it to restore the original profile on startup (ie. store profile on shutdown, then set profile to High. On startup set profile to stored original profile).

    If you want to keep the current behaviour, can you at least add another checkbox option, "Save/Restore profile on shutdown/startup", to get the above behaviour ?
     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    Ok, I will try to make it this way:
    1. I will store the file and then set High Filtering profile.
    2. On Windows start-up, High Filtering is active and when WFC starts, it restores the rules from last shutdown. EDITED.
    3. If the file is missing, then High Filtering profile stays in place. If the file exists, then it is reimported automatically and then deleted. A new one will be saved on the next shutdown.
    I hope that I will be able to export the policy on shut down event. I will give it a try.

    If this will work, then the existing feature will have to be renamed to a different meaning because it will do something different.
     
    Last edited: Sep 3, 2014
  7. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    Thanks. I assume the last bit should be "...before setting the saved filtering level/profile".
     
  8. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    Usually I like to leave the option "Disable the ability of other programs to add firewall rules" enabled, but occasionally I need to disable this option for the session (eg. until reboot).

    Similar to how "Installer mode" for AV's/firewall's work (which offer the ability to change a setting for a limited period of time), can you add an option/context menu item to disable this option until next reboot (ie. context menu item like "Allow other programs to add firewall rules until next reboot", or, probably better, option "Always disable othe programs from adding firewall rules on startup").

    BTW, still hoping the "Profiles" menu items will be raised to the first level (ie. so you will see all filtering levels on initial context menu, instead of on a sub-menu). After all, it would only add three items to an already small context menu. Aside from adding new rules, changing the level is one of the things I do most, so making it quicker wouldn be a benefit (plus it wouldn't affect anyone else in that all the filtering levels would be placed above any other menu item).
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    The answer is no. Placing such a big string in the context menu is not a good idea. The context menu will remain as it is today.
     
  10. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    If your only concern is about having such bizarre names in a context menu (I too think it's not good practice), then I have suggestion that might come in handy as a marketing buzzword for WFC.

    Suggestion: Rename the "Disable the ability of other programs to add firewall rules" option to "FireLock" and append the previous name to the description
    That is, the bold option name becomes
    FireLock
    and the description becomes
    Disables the ability of other programs to add firewall rules. Unauthorized rules are deleted automatically. Only the rules created through Windows Firewall Control are accepted.
    FireLock.png

    Then you'll be able to implement the following context menu entry for the notification area icon:
    FireLock <- Main context menu entry. The following are sub-menu options
    Disable Until Restart
    Disable for 1 hour
    Disable for 5 minutes
    Disable for 1 minute
    ------------------- <- Menu divider
    Permanently Disable
    Permanently Enabe​

    I personally don't like this idea of putting all options on the main context menu, I like to keep menu clutter to minimum...however, if it can be made into an option, it would be more adaptable a wider variety of customers...
     
  11. listeruk

    listeruk Registered Member

    Joined:
    Apr 30, 2005
    Posts:
    5
    If I set Windows Firewall Control 4's (donated) filtering level to medium, then I cannot access domain shared folders, nor can I connect to MS exchange and MS Outlook constantly asks for access.

    At the moment it only works on low level filtering which is as good as not having it installed at all.

    I thought this may be a simpler alternative to comodo, but the memory usage is double that of Comodo and, as yet, it doesn't work.

    Any advice? Thanks
     
  12. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Ensure you have the "Medium (recommended)" notification level selected (not the same as the filtering level) at Main Panel > Notifications. It will show you notifications of blocked outgoing connection attempts as indicated in the description:
    WFC Medium Notification Level.PNG
     
  13. listeruk

    listeruk Registered Member

    Joined:
    Apr 30, 2005
    Posts:
    5
    Yes, it's set as medium already.
     
  14. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Sounds like those domain/exchange programs are using some Windows system services instead of their own program files. Open the Rules Panel > Connections Log, refresh and take a screenshot of the blocked outbopund rules...
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    This is something different than the current implementation. In the Main Panel it is not possible to define all of these choices. I think this solution makes a very simple feature (enabled/disabled) very complex. What would make a difference is to automatically disable it when Low Filtering or No Filtering is used. When the Install mode is enabled, this feature should be disabled too, because anyway, all programs can connect. When Medium Filtering is restored (after 10 minutes, etc), then this feature should be enabled again.
    Windows Firewall Control does not block or allow anything. It is just a front-end for Windows Firewall which does the allow/block based on the rules it has.

    Did you enable File and Printer sharing on your computers like explained here ?

    http://windows.microsoft.com/en-us/windows-vista/enable-file-and-printer-sharing

    If this does not solve the connectivity problems, please consult the Connections Log and see which are the components that are blocked when you know that something should have been able to connect. If you enable the notifications you will be prompted about outbound connections that are blocked. If not, then the Connections Log is your best friend. It may be possible to require an inbound rule too. Check also the inbound blocked connections.

    You mentioned that MS Exchange and MS Outlook constantly asks for access. Do you see notifications for them or you saw this in the Connections Log ?

    What other security products do you use ? Do you have a software proxy on your computer, do you use a NDIS driver ?
     
  16. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    I agree the long context menu text would be a bad idea, but would instead prefer my other choice of a child checkbox option (ie. immediately below "Disable the ability of other programs to add firewall rules" and indented) called "Always disable other programs from adding firewall rules on startup" or "Always enable above option on startup".

    This keeps it simple, shows the new option is related to the option above, and means that if I disable the "Disable the ability of other programs to add firewall rules" option, I can clearly see what will happen (ie. if child option disabled, this option will stay disabled, but if child option is enabled, it will be automatically re-enabled on startup).
     
  17. Noobody

    Noobody Registered Member

    Joined:
    Sep 12, 2014
    Posts:
    1
    I'm having the same problem regarding Outlook, and other Microsoft Office programs (Word, Powerpoint). Whether I click Allow or Block in the notification, the connection is refused, and I'm prompted again minutes later. I use Avast, no proxy, and not sure about the NDIS driver. Thank you. You can disregard the email I sent on this issue.

    http://s12.postimg.org/8ufemo3p9/Outbound.jpg
    http://s21.postimg.org/5jaopg547/Inbound.jpg
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    The problem is the path "C:\progra~1\micros~2\office15\outlook.exe". This is not a valid path for a rule. It seems that it is logged incorrectly by the Windows Firewall because that path is read by WFC from the Security log. Please modify manually one of your rules and set the full path like this: "C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE". Delete the duplicate rules and it will not prompt you again.
     
  19. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    What are the default settings for "Log Connections" in the Connections Log Window?
    "Allowed connections" and "Blocked connections" both marked?
    Thank you!
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    Both marked at installation or update. Because there is no direct way to determine the state of them, WFC installer/updater will always enable both.
     
  21. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
    I can see WFC in High Filtering mode after every cold-boot of the PC,even though i have set WFC to Medium Filtering and Medium Notifications,using WFC v4.1.2.0 on Windows 7 Ultimate SP1 x64.
     
    Last edited: Sep 14, 2014
  22. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Go to Options tab, and make sure "Automatically set High Filtering profile on system shut down" is not ticked...
     
  23. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
    Thank you,i have now deselected that option :D
     
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    Windows Firewall Control v.4.1.4.0

    What's new:
    - New: The installer requires elevated privileges only when the installation is actually done. It can be executed with normal user account privileges.
    - New: "Secure boot" was added in the Options tab. It saves the current firewall rules at system shut down, sets High Filtering profile and restores the firewall rules at WFC start-up. When this feature is enabled, at system start-up the network connections are blocked until WFC starts too.
    - New: Added a new Copy... submenu in the context menu of the Connections Log window.
    - Updated: Added new URL providers: ip-adress.com and tcpiputils.com
    - Updated: "Disable the ability of other programs to add firewall rules" was renamed to "Secure rules".
    - Updated: Recommended block rules are available again. If they are not needed they can be easily deleted.
    - Fixed: The color sliders don't not reflect the current color after reopening the Main Panel window. They show always black color in the Options tab even if the color is different.

    Updated strings:
    Code:
    306 = Secure rules
    307 = Automatically delete unauthorized rules created by programs other than Windows Firewall Control.
    319 = Secure boot
    320 = Save firewall rules at system shut down, set High Filtering profile and restore the rules when Windows Firewall Control starts again.
    
    New strings:
    Code:
    520 = Copy...
    521 = All
    
    Installation notes: Just use the updater to update to this new version.

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 032f5b8a22e96db96b2b239b692c8e180b0da5bf

    Thank you for your support and your feedback. Feel free to share your opinions about the new version and what else you would like to see in Windows Firewall Control.

    Have a great weekend,
    Alexandru
     
  25. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    How do I install this?
    screenshot.1.png
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.