Windows Firewall Control (WFC) by BiniSoft.org

Thank you, alexandrud, for WFC. Have just installed and activated it earlier today (4.0.8.6), and while overall I really like it, there are two things I would appreciate help with...

Windows 7 64bit; using WFC on 'medium filtering' profile with notifications set to 'medium', plus the checkbox for disabling other programs from setting firewall rules is selected. Have a 'public' wireless network set up plus a private homegroup via ethernet connection to another computer. Using AVG-free; no other antivirus or firewall products, other than to manually run MBAM-free once a week.

1. When WFC was first installed all was well with the Homegroup, however after rebooting my computer I lost access to the homegroup network. The Windows 7 firewall homegroup and network discovery inbound and outbound rules for the private network were unchanged (all were still there as before and set to allow, and I did not mess with them). Turning the WFC profile down to No Filtering gave me access to the homegroup again - and fortunately the homegroup stayed available when I changed the profile to low Filtering, so I moved it back to Medium Filtering and it was fine ... but not permanently; I have lost it several times since, and have had to bump the profile down to No Filtering to get it back. Interestingly, if I go up the profiles one-by-one (No to Low to Medium) the homegroup stays accessible, but if I jump from No Filtering to Medium, it doesn't. Homegroup access was never a problem before, and with all the rules in Windows Firewall seeming unchanged, I am confused as to why this is happening. Any insights?

2. The connections log (manage rules : view connections log) is empty. I refresh, but there are no entries for both outbound and inbound / allowed and blocked. Is there a setting elsewhere I need to change in order to see entries in the WFC connections log? Event Viewer logs an event under WFC each time I have tried to view the connections log: "The communication channel with the service was unexpectedly closed. Trying to reconnect... The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error. (etc)"

Thanks in advance.

 

Hi Alexandrud,

thank you VERY much for the GREAT update!

A little thing to report:

The bug from post ...

https://www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-22#post-2338822

point 1 - is not yet fixed (or is back). However, sometimes no protocol is enabled.

Thank you for your work and have a nice week!

Alpengreis

 

Do you have the rules from the group named "HomeGroup" enabled on both computers ? Apparently, this makes no sense. If you run the HomeGroup troubleshooter what does it say ? WFC does not block or allow anything. To solve this connectivity problem, use the Connections Log. See below.

If the Connections Log is empty, use the "Clear Log" button to clear the log. Sometimes, there are some records in it with invalid data, making impossible for WFC to retrieve properly the data from the Security log. After you clear the log, the log should fill again with new entries, especially when you use Medium Filtering profile.

Thank you for reporting this. I was able to reproduce it, but not always. I will look into it.

 

Great update, thanks. I have one problem with the new install mode though, it is reverting to medium filtering from high filtering which is not what I expected from an install mode. I use high for extended periods to "lock down" my computer for whatever reason, and I do not wish it to revert to medium if the install mode is checked. I use low to do some installs and this is what I expected to see revert to medium in install mode as it is easy to forget that you are in low filtering whereas it is impossible not to notice that you are in high filtering as nothing will connect. I suppose that I could only check the install mode when doing an install but this would seem to cause the same sort of problem if one were to forget to uncheck it after an install and then unexpectedly got moved out of high filtering. I have unchecked install mode for now and will await further opinions and developments on this.

 

Hi - thanks very much for the reply. Cleared the log, and it's working fine now.

I agree, the problem with Homegroup access is baffling. We checked, and the rules in Windows Firewall for Homegroup In/Out and Homegroup PNRP In/Out are the same on both computers, and are unchanged from what they were prior to installing WFC. And yet, we intermittently lose access and have to turn the firewall off to get it back. Once back, we can incrementally raise the profile settings to medium and retain access (for a while). The troubleshooter is unhelpful.

We do understand that WFC doesn't block anything. The only thing we can see that might be different, is that prior to using WFC the setting for WinFirewall was its default (which ? is equivalent t the WFC low filtering setting - is that right?) and now, through WFC, we are using the medium profile. We assume the problem is with Windows Firewall and are wondering if, where the Homegroup is concerned, Windows Firewall for some reason just doesn't like / is a bit flakey on the higher setting? We notice that someone commented on an ealier page in the forum that they had difficulty being able to see their private network computers when WFC was set to medium filtering ... it'd be interesting to hear if anyone else is having similar problems.

Thanks again.

 

Take a look again at that option. You can set to which profile to revert after a period of time. There is a combo box. You can set "High Filtering" in that combo box. That check box activates a timer every time you switch the profile while it is checked. So, you use High Filtering, you enable the Install Mode check box and set High Filtering also in that combo box. When you wish to install a new software, you just switch to Low Filtering or No Filtering, it does not matter. When you switch the profile, a timer start. When the timer is off, the profile from that combo box is switched automatically back. You don't have to remember to switch back to your old profile.

 

I guess I wasn't clear. I like the install mode switching from low filtering (install) back to medium (normal setting) after xx minutes. I do not want WFC to change high filtering (security) down to medium (normal setting), this should be manual process.

edit - let me add this: Install mode (in my thinking) should only move from weaker security to stronger not from stronger to weaker.

 

When does this happen ? If you set "High Filtering" profile and then activate the Install Mode check box and set "High Filtering" also in the combo box it will be exactly what you want. In this way it will never switch to a "weaker" profile.

 

If I have the install mode combo box set to medium filtering and I set high filtering on, the filtering mode will shift down to medium after the time set for install mode. My idea of an "install mode" is that you move to a weaker protection to allow installation to proceed without interruption, then after the preset time it will revert to a higher lever of protection without intervention. I want to use the WFC medium filtering for my normal internet activities. When I set high filtering, I may leave it on for hours, working offline and I do not want it lowering back to medium after the preset install mode timer. What you have right now will not work for me, if it works for others ok, I can deal with installations as I have in the past.

 

Then, a better approach would be to have only "Medium Filtering" and "High Filtering" in that combo box. If the user switches to "Low Filtering" or "No Filtering", the profile will be reverted to one of the profiles from the combo box. If the user uses "High Filtering" and the combo box is set to "Medium Filtering", then nothing happens. Now it is more clear. The next version will include these changes.

 

Erm, I see the options and timer for install, how does the 'install' option work, does WFC detect that a programs installing, I don't see an option in the right click menu other than the usual, allow or do not allow?

 

With install mode enabled (box checked), the profile you pick for the install-mode setting is the profile that will get automatically chosen after X minutes. So if you choose "Medium filtering after 5 minutes" for install-mode, that means anytime going forward, if you switch WFC's overall profile to something different, like "No filtering", for example -- 5 minutes later, WFC will automatically set itself to "Medium".

Likewise, if you later switch WFC's main profile setting to "High" filtering -- 5 minutes later, WFC will automatically change it back to "Medium" filtering (...currently -- it appears this example will be slightly altered in the next version).

 

This sounds ideal. Thanks.

 

The install mode solution now have ONE problem:

Some installation routines requires a reboot - in such cases, the profiles stays in install mode.

The default profile should be set after each start (reboot and after shutdown)!

Greetings,
Alpengreis

 

Good point. I forgot about this scenario. Will be updated in the next version.

 

The applications is still unable to block Steam from making it s own inbound rules even with 4.0.9
At every application start up/login Steam makes it s own inbound rules ,not only when it updates.
There must be a way to get this stuborn application under control.

The install mode is kinda strange ,maybe the install mode should be in the task bar right click menu by itself (to be chosen) ,with a policy chosen in it's settings by the user and a policy it should return back to after some time (as it is now).At least this is how i see it.

 

And AppGuard is creating rules at startup.

 

I have seen AppGuard create two inbound rules also, but only when the box "Disable the ability of other programs to add firewall rules" is not checked. I'm running WFC on Medium-Medium settings at boot with W7x64. AppGuard does need one outbound rule to check license I believe. So on my system this checkbox is working correctly for AppGuard.

 

It seems that I can't benefit from Medium Filtering at all !!

If I choose it , notification about avp.exe (related to KAV 2014) popup , and if I enable it ... no way I can then block chrome , firefox , ccleaner updater , or any program outbound connection , although I made blocking rules for chrome and firefox as a test !!

any help here ?

PS: already activated Windows Firewall Control .

 

The problem is here !

It seems that KAV watch ports .. and at every request , WFC see avp.exe only , and once you allow avp.exe in WFC , all traffic from all watched application ports will be allowed !!

I test it and removed port 80 from KAV monitored ports , then I tried to open website with port :80 at the end , WFC gave me notification with the real name of the application , in my case it was chrome

So , what I can do ?

Disable port monitoring in KAV ?

Is that recommended ? any danger from that ?

Problem seems to be exist with KAV , see this :

http://forum.kaspersky.com/index.php?showtopic=295876

They said in KIS/KAV forums : "Web pages won't be scanned if you disable port 80 monitoring" !! but someone mentioned there that Comodo Firewall Free is doing well with KAV ..

Any possible fix for this issue ?

And is this problem is urgent as KAV local proxy can bypass firewalls and maybe malwares can do it the same way ? I really don't know ..


KAV monitoring settings shown below :

 

Loving the new Install Mode feature Works exactly as expected, however, it's current implementation is not fully intuitive for new users. Naming it "Install Mode" is sort of confusing, 'cause as Sm3K3R implied, when a program names something a "mode", you'd expect to find an option to enable/Disable it, e.g. "Enable Install Mode". I'd suggest renaming it to "Automatic Profile Setter" and giving it a description like:

"Automatic profile setter will revert to the specified profile after a given period of time when the profile is switched to a lower filtering level than the specified profile"​

Speaking of profiles, what do you think about my implementation of the earlier suggestion for separate "High Filtering (External Only)" and "High Filtering (Global)" profiles?

The problem is indeed KAV. Windows Firewall is incompatible with software proxies, like Avast! Web Shield and Avira WebGuard. Learn more here. KAV's port monitoring software works similar to those programs as it routes and filters network traffic through it's software before Windows Firewall sees the traffic.

From to looks of your situation, I'd suggest waiting till your KAV subscription is over (unless you have some way of getting a refund) before you start using Windows Firewall. Once it's over (or if you don't mind throwing it away):

- Uninstall KAV completely

- Install Malwarebytes Anti-Malware Pro

- Disable it's real-time file system scanner compoent, living just it's website-filtering component enabled. This is a replacement for KAV's port monitoring, except it's behind Windows Firewall, so WFC will work as expected.

- Enable Windows Defender (if you're on Windows Ei8ht) or install Microsoft Security Essentials (if you're on Windows Se7en or older), and configure it. This is a lifetime AV program from Microsoft. It's not the most secure AV, however, if you follow common sense practices while surfing the internet and don't click on every "Download"/"Ok"/"Play" button/link you see on the internet (consider using an AdBlocker extensiong for your web browser), it's more than sufficient enough with the added bonus of it never getting in the way of your system performance. Besides, no AV software can detect the PEBCAK malware.

- Enable Windows Firewall

- Install WFC​

 

Thanks for your reply MrElectrifyer,

Do you have any alternatives for KAV port monitoring feature so I can disable it and continue using KAV without risk ?

BTW, what's the risk of disabling this feature in KAV? I read something like other related protection layers still work even when this feature is disabled,

 

No thank you. Leave it called "Install Mode". This is much simpler and makes the most sense for its purpose in the first place.

I'm afraid implementing features like this would add more complexity and ruin its simplicity by design nature. The primary reasons I chose to support this product with my money is for this brilliant simplicity and utilization of the native Windows Firewall. Thank you.

 

Although, I do admit the current implementation of Install Mode is a bit confusing. I understand you set the desired profile yourself to allow installing of apps, but then enable "install mode" to revert to a different profile after a set time limit. I don't have a good answer for a different design at the moment. I only mention this because perhaps as a new-comer to the product would be confused about how to "active" install mode. Good work, though!

 

I'd say disable KAV port monitoring since you should use one software firewall at a time anyway.