Windows Firewall Control (WFC) by BiniSoft.org

@alexandrud

Another great option would be make a pre defined mode for rules like when you click on "Customize this rule before creating it" so all the rules are created in a customize way with one click.

This mode will be less restrictive than "Customize this rule before creating it" (although you could manually delete the IP) so it won't save IP's in the rule, just ports, protocols and directions. With this we would avoid tons of duplicated rules/popups due to the IP's changing.

This mode will provide better security or at lest better control for those who like to have a more granular control of the firewall.

In order to avoid duplicates if the same program request to access to internet using a different port and we accept it, this rule will be merge with the existing one by adding the new port/s.

If you add this feature and the 2 above I think will make WFC one of the best option out there.

 

This seems to me just a marketing thing. It is not possible to implemented zones like this because WFC doesn't do any packet filtering. A similar functionality can be achieved in WFC/Windows Firewall if you ensure that only a limited set of rules (user's choice) are enabled for Public location when you computer is in a Public location.

Currently you can predefine the Direction and Location from the Rules tab. In the notification dialog, if you do not customize the rule a generic rule will be created for the program. If you choose to customize it you can change the details of it before creating the rule.

For better control you can customize the rule before creating it, with ports, IPs, protocols, location, direction, name. Customize of customize doesn't sound good to me.

Not possible to have an auto merge feature. Think about svchost.exe and how many system components are using it. Let's say you get a new notification for it on port 3125 ? On which rule WFC should merge this port ? There are tens of rules for svchost.exe. Just an example.

 

Hello, sorry if this has been asked before.
There came a report that Windows 10 sends tracking data to Microsoft servers despite disabling tracking options or installing anti-spying app.

http://www.techworm.net/2016/02/windows-10-spies-disabling-tracking-installing-anti-spying-app.html

Are there any instructions or possibility how to limit this Windows 10 behaviour with WFC, but of course so, that essential update services etc. work?

 

I know it can be done but it takes additional manual steps, everything it would be much easier with a predefined mode. On which every time a popup appears and you click "allow" instead of allowing everything (outbound, any port, ip, protocol...) it will create a customize rule but where IP's field will be "any", so with 1 click you can have customize rules for an app with port, direction and protocol.

I don't know if I understand well your example of svhost, the idea is if all the other fields of the rule are the same but 1, then use the existing rule and add the new need, a port, a direction, or a protocol, at the end is the same process, right? If still I don't get it I would be happy with the feature explained in the paragraph above.

 

At least for users with IPv6 native the following could be interesting ...

Instead to remove the IPv6 complete, it's also possible to deactivate tunneling mechanism (interface) as following:

In Administrator console (elevated prompt) ...

- deactivate Teredo:
netsh interface ipv6 set teredo disabled

Additionally I have also deactivated the following ...

- deactivate 6to4:
netsh interface ipv6 6to4 set state disabled

- deactivate isatap:
netsh interface ipv6 isatap set state disabled

 

1) Have you tried with WFC filter profile = Low?
2) Do you see this too, if you manually quit the WFC.exe (GUI, via Tray-Icon) and stop the wfcs.exe (WFC service (Service name = _wfcs)) (for testing purposes)?
resp. can you then install the teredo "thing"?
3) If you don't need Teredo you could deactivate it (see my other posting) ...

 

If you can: you could try to backup first your hole installation (image). Then make a CLEAN new installation with a clean W10 ISO and test it ...

 

It's even better to have the details first - and it's good to have to change it (if desired), than a (too) fast click with too wide open rule as result.

Please no change here!

 

You know, this has NOTHING to do with WFC - WFC is a GUI for Windows Firewall only. WFC does not block anything - Windows Firewall makes this job. For such rule things it would be probably better to ask in a Windows Firewall forum.
OF COURSE IF somebody knows something you can also post it here

 

Below is my minimal set of firewall rules that I use on my home computer which runs Windows 10:


This set of rules allows me to:
- browse the web with Firefox
- communicate on Skype with my family
- access my network computers
- print on my network printer

Note that the last rule is disabled. Once a week I enable it and manually check for Windows Updates and after they are installed I disable the rule again.

This set of rules does not allow any unwanted connections. If you use this set of firewall rules with Medium Filtering enabled (outbound filtering enabled in Windows Firewall) when you check the recently allowed connections from Connections Log, you should not see there any communications with Microsoft servers.

 

Thanks for the informative answer!

 

You don't get an open rule with my request, you get a rule with port, directions and protocols.
Right now you are get an open rule in WFC unless you customize it, the problem I see is that I requires additional clicks and lot of popups because you get one every time the IP changes, for example for steam you may have 20-50 rules to make it work, with my request you will have 1 or a few but these will be customize and not allowing to steam to connect to anything, using any port and any protocol

 

To avoid having 20-50 rules by default WFC will create an "open rule" which will allow all outbound connections for that program. Then the notifications for that program stops because you allowed or blocked it, entirely. If you want to customize a rule you can do this directly from the notification dialog or later from Manage Rules. You get a lot of popups only if you want to create granular rules which allows only specific ports, only one IP, etc.

Having granular rules instead of "open rules" (which I call "generic rules") does not improve the security with anything. The main purpose of the notification system is to inform the user when a new program gets blocked so that he can allow it or block it. From a user point of view it doesn't matter if a program wants to connect to X ip address or Y ip address. The main question is if I want to allow this program to connect or not ?

A small improvement that I can do, instead of the ANY protocol which is the default protocol for a generic rule I can use the protocol of the blocked connection.

I understand you point of view but I do not like the idea of defining a custom default ports and IPs for the generic rules.

 

@guest
I should test it before I answer! I was completely wrong here, SORRY!

@Alexandru
Yes, that with the protocol change would be good!

 

Windows Firewall Control v.4.6.1.0

Change log:
- New: New Security tab was added in the Main Panel which contains the Secure Boot and the new improved Secure Rules feature which automatically removes the rules that are added to a different Group than the defined list of authorized group names. This adds the possibility to the operating system to add required rules without being deleted anymore by WFC because Secure Rules was enabled. Also, unwanted firewall rules that may have been added before the start of WFC service can be detected this way.
- Updated: The internal logging mechanism was simplified and updated to offer more information about the events that are logged.
- Updated: A new rule created from the notification dialog without customizing it, is created for Any protocol. From now on it will be created for the protocol that appears in the notification. This change applies also for the rules created automatically for digitally signed programs when Low notification level is used.
- Fixed: The search from Connections Log works very slow compared to the search from Manage Rules.

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 2be66f926d6e6850dee08fc7659b8694eefd15ff

Have a great weekend.
Alexandru



Removed translation strings
306 = Secure rules
307 = Automatically delete unauthorized rules created by programs other than Windows Firewall Control.
319 = Secure boot
320 = Automatically set High Filtering profile on system shut down.

Added translation strings
450 = Security
451 = Specify below the security enhancements that will be enforced by Windows Firewall Control
452 = Secure boot
453 = Automatically set High Filtering profile at system shut down. At Windows start-up, the network connections will be blocked until the user manually changes the profile.
454 = Secure rules
455 = Automatically delete firewall rules which are not created in the authorized groups defined below.
456 = Authorized groups
457 = Add group
458 = Remove group
459 = Define below a new authorized group
Warning. Before enabling this feature all authorized groups must be defined otherwise the rules from unspecified groups will be deleted. Creating a backup copy of your rules is recommended. Are you sure you want to continue ?

Updated translation strings
207 = Automatically create outbound allow rules for digitally signed programs and display notifications only for unsigned programs. This applies for programs that do not have any rule defined for them.

 

Updated smoothly via internal updater

 

I'm determined to find out what is freezing the WFC tray button!...So I tried this new version and during install I get this message, I've tried run as admin and rebooting but it just won't get beyond throwing up the message...

 

Unable to connect to internet after upgrading to Windows Firewall Control v.4.6.1.0 (installed over)

Using Windows 10 64bit here, network troubleshooter detected "one or more Network Protocols are missing on this computer" & "Windows sockets registry entries required for network connectivity are missing".

I have tried network adapter repair, rebuild windows socket registry entries, but still unable to connect.

Go back to v4.6.0.0 (using backup restore), internet connection is working now.

 

Just upgraded to 4.6.1.0 from 4.6.0.0

Now I can not browse my local network. ie I can not see any other devices on my internal network. I can ping them but not access them.

Running Win7

Looking at Sharing options I see that Network Discovery is now turned off along with File & Printer Sharing.

If I set WFC to No Filtering I can change the Sharing options back to what they should be and can then see my network, but when I set WFC back to medium then the Sharing options are immediately switched off again losing my internal network.

Any ideas as to why this could be happening.as everything has been fine for weeks.

After 4.6.1.0 upgrade I have not been presented with any notification or changed any rules.

 

And another thing, when WFC filtering is on medium or low my works VPN (Openvpn client) no longer works and all packets are sent via my normal gateway.

Put WFC to No Filtering then the Openvpn routing starts working again. Switch WFC back to Medium and VPN goes down and unable to connect.

Bit of a bummer this.

 

Check my answer from post 1817 which is related to this error:
https://www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-73#post-2518820
Something from your computer prevents WFC from being executed.

I have updated WFC on my computers and this did not affect the connectivity on Windows 7, Windows 8.1 and Windows 10. With the new version, did you enable Secure Rules? Make sure it did not delete your rules from groups that were not defined as authorized. Nothing has changed in WFC code that will not allow network communications anymore.

Check your rules. Did you enable the new Secure Rules without defining authorized groups? It must be a reason why you have these connectivity problems, but it is not WFC who is blocking connections. Check Connections Log. Do you see there the blocked connections? Do you have the rules which should allow those blocked connections?

 

I am still having problems. Most time when I boot the computer the WFC icon is unresponsive. If I kill WFC with task manager and restart it it usually, but not always, works and once it starts working it all works fine. I have tried excluding it from the antivirus (Avast), turning off the anti virus, putting Appguard into install mode and this does not help. I have no other security software. I have tried making WFC start manually and not on login but that does not help.

No error messages are logged, the program just does not run. I am running WIndows 10 Professinal 64 bit. I had previously been running FWC for years with no problems.

 

Can you add wfc.exe and wfcs.exe in the white list of AppGuard and see the results ? This is a list of security programs (AppGuard, VoodooShield, Avast, KAV, Norton, MBAM, 360 Security) that have blocked at some point WFC. This list is based on the user reports. After they have added wfc.exe and wfcs.exe in the exceptions list (white list) of these security software, WFC started to work again correctly.

If the WFC log is clean and also the Windows Logs\Application log does not contain any error entries for wfc.exe or wfcs.exe then it is hard to tell why it is not working.

I assume the WFC tray has the profile icon but it does not respond to left click or right click. If you execute:

does the Main Panel show up ?

 

After update to 4.6.1.0, internet does not work in Medium filtering. Internet works only in Low filtering

 

Check your rules. WFC does not block or allow anything. Medium Filtering profile means that outbound filtering is enabled in Windows Firewall. This means Windows Firewall will block all programs that are not allowed by a rule.