Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Can you provide a sample of a large hosts file ? I can test then and provide a solution to the problem.
     
  2. atguardlover

    atguardlover Registered Member

    Joined:
    Jun 25, 2014
    Posts:
    4
    Hey alexandrud,

    try http://www.abelhadigital.com/hostsman and create a hostsfile with all updates from all sources.
    You end up with (in my case) 18 MB and almost 700.000 entries. Thats way too much caching for the Windows DNS Service. Thats the reason it should be switched off. (and for example replaced with Hosts Server which also shows you nicely which trash is effectively blocked ;)
    Guess WFC respective .NET somehow interacts with that service and then hangs due to the sheer amount of data.
    But as even Windows cannot deal with it properly its not your problem. Just wanted to mention it if anybody should run into similar problems.
    Guess for WFC a MsgBox "Custom Hosts.Plz switch off DNS" would be enough.
     
  3. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Thanks. I found explorer.exe "Listening" and got curious. It wasn't there, in Tcpview, a month or so ago, just something new to think about :)
     
  4. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
  5. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    New Feature-Suggestion:

    More Filter OR Search possibilites ...

    Variant 1)

    In Rule Manager, the possibility to filtering "by Enabled" or "disabled" is good.

    Even better would be to have more possibilities here.

    I know, it's possible to SORT by Location (for ex.) but then, I can not sort within this choice by names etc - because this behaviour, more filter would be really senseful IMHO ...

    Suggestion: if a column is enable, show a filter choice for this, for ex:

    I I have the column Location enabled, show filter "by Location Private", "by Location Public" and "by Location Domain" (maybe with combinations (logical AND)) - so after this choice it's easy to sort by names.

    This is of course NOT necessary for Columns as Group: here it's possible to enter a group name in search filed - and then for ex a sorting by names.

    This variant is interesting for columns such as Location, Action, Direction, Protocol and Interface types.


    Variant 2)

    Enhance the search function, so it's possible to search for IPs (for ex.) - then of course a further sorting is easy.

    This variant is interesting for columns such as Local addresses, Remote addresses, Local ports, Remote ports, Service and Description.


    Greetings and a nice week!

    Alpengreis
     
    Last edited: Jun 29, 2014
  6. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Bug-Report

    [IPHTTPS] The rules (in- and outbound) with Local resp Remote Port IPHTTPS are invalid in WFC!

    If you edit such rules within WFC, IPHTTPS Port is DELETED after saving (is set to ANY!)


    [Enter] The Enter-Key opens the fals rule.


    If you select a rule and press Enter within Rule Manager, the wrong rule is open - always one below.

    Greetings

    Alpengreis
     
  7. aaa839

    aaa839 Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    253
    Location:
    Hong Kong
    Bug report
    if I config the wfc force to using the .net 4.5.2 CLR it wilL get some error messages when it open from tray icon
    or sometime it will got blank windows
    However using 4.X CLR has much faster performance than using 2.x CLR
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Already fixed (both) and I am working now on the other problems too. A new release will be out soon.
    How is this a bug ? You try to force the application through an .config file to use some assemblies that it was not designed to use. WFC uses .NET Framework 4.0. Some methods are probably deprecated in .NET 4.5.2 and will prevent the program run correctly. Also, using .NET 2.0 will not work because some methods that are used in WFC were not implemented in the framework at that time.

    PS: Nobody said something about the new merging feature. Does it work, is it useful ?
     
    Last edited: Jul 1, 2014
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Windows Firewall Control v.4.1.0.1

    What's new:

    - New: Added support to define custom URLs for checking purposes. Check the Options tab from Main Panel for the new options.
    - Fixed: Pressing the Enter key in Rules Manager changes the selection to the next row and opens for editing the next rule instead of the current selected one.
    - Fixed: The validations for local ports and remote ports that contain IPHTTPS, Teredo, RPC and RPC-EPMap don't work properly in Properties dialog of a rule. This allows invalid input and no change occurs when the Apply button is used.
    - Fixed: Can not duplicate or modify an existing rule if the local port or the remote port is set to IPHTTPS. (as a note, this was the hardest validation ever)
    - Fixed: The status of toggle buttons (Allow, Block, Enable, Disable) is not updated until the user changes the selection in the Manage Rules data grid.
    - Fixed: The Properties dialog opens if the user wants to export a full or a partial policy and then he confirms the action with the Enter key.
    - Fixed: IPv4 ranges are not properly recognized in Properties dialog. The override validation check boxes were removed as the new validation rules should cover all scenarios.

    Installation notes: Just use the updater to upgrade to this new version.

    The following translation strings are new and 789 is not used anymore:
    Code:
    314 = Define below the URLs used for various tasks. Use {0} as a substitute for the variable that will be automatically replaced.
    315 = URL to check an IP address reputation
    316 = URL to check a file based on the SHA256 hash of the file
    317 = URL to start a WHOIS query
    318 = URL to read more about a specific port
    
    789 = Override this validation
    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: c4b41d86260648127c32341106ad8e907fa4ab91

    Thank you for your support and your feedback. Please let me know if you like the new features or if they still have to be tuned. :)

    Have a great day,
    Alexandru
     
  10. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    Yet another great update :thumb:
    Thankyou
     
  11. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @alexandrud

    THANK YOU VERY MUCH for this great update and your fantastic work!!

    Not yet tested but looks very cool!

    All points above are fixed (tested)! A special thank you fot the IP-HTTPS and Enter things!

    NOT YET fixed! The following is invalid:

    224.0.0.0/255.255.255.0 resp direct 224.0.0.0/24

    the WFwAs changes 224.0.0.0/255.255.255.0 to CIDR notation 224.0.0.0/24 but the WFC leaves 224.0.0.0/255.255.255.0. And this is invalid within WFC.

    Of course I could take 224.0.0.0-224.0.0.255 - but this isn't the point here.

    Greetings,
    Alpengreis

    PS: I can't say something to the merge function, I don't use this at the moment (yet) ...
     
    Last edited: Jul 1, 2014
  12. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Bug Report & Feature suggestion

    [Bug: Edge Traversal Rules - Duplicates of such rules (Inbound only is possible) are not a real duplicates]

    Such rules are always duplicated as "Edge Traversal = Block edge traversal", regardless how Edge Traversal is set.

    This means exactly:

    Rules with "Edge Traversal = Block edge traversal" are duplicated as "Edge Traversal = Block edge traversal"
    Rules with "Edge Traversal = Allow edge traversal" are duplicated as "Edge Traversal = Block edge traversal"
    Rules with "Edge Traversal = Defer to user" are duplicated as "Edge Traversal = Block edge traversal"
    Rules with "Edge Traversal = Defer to application" are duplicated as "Edge Traversal = Block edge traversal"

    It exist some standard rules (Win 7) with "special" Edge Traversal settings - and they can be important. So, AFAIK is IPv6 NOT possible with some ICMPv6 rules defined at least as "Edge = Block edge traversal" - and this can the case now with duplicates through WFC.

    This should be fixed. But please only with the possibility to display such columns (see Suggestion below) in WFC - else we could have undesired rules (edge allowed, but not wished) - and this could be dangerous.


    [Bug: ICMP Rules with defined Types - Duplicates of such rules are not a real duplicates]

    Also such rules are not real duplicates. A duplicate is set to "All Types". This is indeed not good and undesires. Also here exist standard rules (Win 7) with defined types.


    [Bug also with the rest of not in WFC integrated colums and duplicates? Maybe this is also the case for the rest of other Colums in WFwAs (not tested (yet))]?


    [Feature-Suggestion: Add more (configurable) colums]

    It's not easy to handle such Edge Traversal or other (special) rules (with other colums for we have no access through WFC), because these columns can not displayed/configured within WFC.

    It would be really better AND EASIER to have the POSSIBILITY at least to display such colums in WFC too ... even better also with the possibility to configure ...

    Greetings,
    Alpengreis
     
    Last edited: Jul 1, 2014
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    I forgot to make a call for that scenario. Will be fixed in the next version.
    These settings are available only for some specific inbound rules and these columns are by default hidden in WFwAS. Mostly, 99% of the users will not even configure these. This is not a priority.
     
  14. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    The reason for the Edge Traversal and ICMPv6 rule changing here was:

    I use IPv6 in my private Network only. In other (public/domain) environments (I must have the possibility to use also at least public WLANs with my notebook), I do not use IPv6 in public areas (it's too unsure for me there - because I don't know their router-settings etc).

    However, I maked the decision to avoid IPv6 for non-private network and so, I had also to change the related rules from "All" to "Private". I had duplicated such rules to have single settings for the three Locations. So I can handle such rules seperately (maybe I will make a test in a public area, so I can make an easy Enable the "Public" one.

    But then, unfortunately, the duplicated were not really duplicated!

    Please look, eventuelly for IPv4 only users, this is not super very important. But for IPv6 users (our Country here (Switzerland) was on the first place globally at least in May 2013 (reported by Swiss IPv6 Council)) with Win Firewall - it maybe not only related to 1 % ...

    So, why not at least a possibility to DISPLAY such columns (you could leave hidden per default)?

    Sorry, alexandrud, for my persistence! This is not even so much about me - I know this behaviour now and I can handle this. It is the principle that that should be taken to ensure that duplicates are duplicates! Or at least the "column-display-workaround" so it's "detectable" for users.

    Many greetings,
    Alpengreis
     
  15. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Bug Report

    [Bug: Search (for Groupnames) is buggy]

    I have a group with name VPNsec - if I type this in the search field, the search is succesful until "VPN" - after the following "s" (String = VPNs), the search is no more successful.
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    I created several rules and modified different ones to VPNsec as a Group name and then I have used the search function and all these rules were included in the search result. Can you reproduce it ?
     
  17. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Awesome updates! Liking the idea behind the new merge feature. Haven't ran into a practical situation to test it yet, but based on a minor test of duplicating a rule, editing one of them, then merging them, it appears to be working as expected :thumb: It sure would have come in handy during my process of creating custom generic rules for my network printer.

    Speaking of creating custom generic rules, I just noticed there doesn't appear to be any way to begin creating a blank new rule from the manage rules UI :p Mind adding a "New blank rule" link to the side panel of the "Manage Rules" view?

    Also, regarding my earlier suggestion for a method of implementing the "High Filtering (External Only)" profile, would you happen to have any other concerns with it?
     
  18. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    I have updated yesterday to the new version, but this morning the Appguard rules where created again.

    Will check again tmrw and yes the "Disable the ...." is checked.
     
  19. 2muchtime

    2muchtime Registered Member

    Joined:
    Apr 8, 2014
    Posts:
    23
    Not happening here finally (keeping fingers crossed).
    Using 4.1.41.2 AG beta.
    Also I removed AG from the "Allow Programs to communicate through Windows firewall" window before installing WFC, in fact I removed all of the programs that I know I don't want to communicate, that Windows firewall seemed to think I should allow. With the AG beta it seems to work. Did this with AG Version 4 and it would reappear after re-booting. Maybe the AG beta has fixed this. Still don't trust WFC to "disable the ability of other programs to add firewall rules"
    Because that option (checked) did allow AG to create rules!!! If a complex program like AG can create rules, why couldn't a piece of malware?
     
    Last edited: Jul 4, 2014
  20. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    Are inbound connections blocked at Medium and Low filtering, as the descriptive text makes no mention of inbound filtering ?

    Also, the High Filtering option should be renamed to "Block All" to make it obvious that everything is blocked (Medium Filtering could then be renamed to High Filtering).

    I would also like to see the tray icon Profiles sub-menu items moved up to the first level (ie. replace the Profiles menu).
     
  21. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    65
    Two minor suggestions, if possible:

    • Ctrl-Shift-Tab reverses direction between panes -- I find that I mostly use switch between the Rules + Log panes, and would be able to switch faster using Ctrl-tab/Ctrl-shift-tab, much like I do with a browser. Any chance? :)

    • Ability to use * as wildcard for defining URLs -- Not sure if there's a reason against this, but it would be great if we could use this wildcard in defining URLs, rather than having to number dash between full IP's (e.g., 74.56.*.152 or 192.168.1.*.100-150 vs. 128.43.79.152-128.46.79.152)

    • Refresh Log when first jumping to the Log pane -- so we don't have to manually refresh the blank pane when first jumping to it.

    • Option for "live" refresh of Log pane -- like an option to refresh the Log every 2/5/10/20 seconds.

    Thanks for all the brilliant updates! I'm loving the new custom URLs option.
     
    Last edited: Jul 4, 2014
  22. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Inbound connections are always blocked by Windows Firewall unless you have an allow rule.

    @alexandrud I suggest you add a line of text in the main panel > profiles tab, stating "NOTE: Windows Firewall blocks all inbound connections except those with allow rules" and change the text under the High Filter profile to "All outbound and inbound connections are blocked, regardless of firewall rules. This profile blocks all attempts to connect to and from your computer." for the sake of clarification.

    I think the descriptions in the main panel already make it obvious enough for knowing what each profile does. Also IMO, the way they're named seems more refined than what you're suggesting.

    IMO, that would make the main menu too cluttered. Also, kindly correct me if I'm wrong, the only benefit would be that it saves you from taking a split second to move your mouse in another direction; that is, you'll just move your mouse diagonally up/down (with the cluttered menu) vs diagonally up/down then diagonally down/up (with the non-cluttered menu).
     
  23. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    Thanks.

    Agreed.

    The current naming fits in nicely with the way the others are named (ie. all are "<level> Filtering"), but High Filtering does not make it immediately obvious that all inbound/outbound communication is blocked, wheras "Block All" does IMO.

    It would only add another three items (hardly making it cluttered), and they would all be above the other items. I find it quicker to move up and click, than to have to move up to the Profiles parent and either a) wait (for sub-menu to appear), move right then up/down, click OR b) click (to avoid wait), move right then up/down, click.

    It's a small thing but it's little usability touches like this that make a big difference.
     
  24. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    Yes there was a Post by Barb_C in the Appguard section (I also posted that here) which said that it was a Bug in the old 4.x version.

    I checked this morning and there was again a Public Appguard In Rule (I am not in the Beta Program)
     
  25. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Yes, always!

    I will look deeper into ...

    New Tests ...

    Groupname = apnse
    Search-String = apn = NO result!
    Search-String = nse = NO result!

    Here is definitive something not good ...

    Edit: Ahh, I have it! It doesn't works, if the program field is blank!

    Another question: if I type a # char in the search field (this is <AltGr>+3 here with de-CH keyboard), then the New Rules Wizard opens.
    But only CTRL+TAB or CTRL+{1,2,3} should have this function.
    So I cannot write this char without copy and paste ;-)
     
    Last edited: Jul 5, 2014
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.