Windows Firewall Control (WFC) by BiniSoft.org

Yeah, really. After all the requests..... he better start sending in some hefty donations.

 

Sounds like he better sell his house to cover all the work that's been done. All this crap is causing a kickass program that was originally designed to be just an interface into feature-ware ...not like most of 'em are worth waking up for.... oh my goodness, keyboard shortcuts!... ffs. Oh yeah, we loveeeeeeeee W7FwAS, but nah... don't wanna' use it to create/manipulate rules... much rather do it through an interface. AN INTERFACE!

Oh no, group names, who gives a toss if there are 5-10 entries for the one application... looks like ya' prefer convenience over security. Really, using a donation application to govern an operating sytem firewall instead of doing all the work ON the actual firewall application? Why not just call up the NSA and tell 'em when you are going to start downloading torrents...

 

Totally agree...Seems like some are ripping their hair out just to nikpik over features the vast majority neither care about or need

 

Can you add a right-click option to the WFC rules list to convert normal rules into WFC rules. This would be useful when an app creates it's own rules as part of installation, but you don't want to permanantly allow other apps to create rules. Before installation you would disable this option in WFC, perform the installation, open up the WFC rules list and select these new rules, right-click to convert into WFC rules, then re-enable the WFC option to remove non-WFC rules.

 

@marzametal
@henryg
@clubhouse1

Hey, what's wrong with you?

I had found already some bugs and I had helped to solve/fix! Some were really important to fix IMHO ... regardless, If MUCH people need this, bugs are bugs!

Even Alexandru, the developer asks for (more) feature suggestions!

Also shortcuts are NOT new, this would only be extended through a new one. Note: Port-Info exist already with a Mouse-Shortcut for Source-Port!

It's not a MUST to help here. I make this even for Alexandru, a great developer and for his project AND for other users too!

So, don't talk stupid nonsense here, the forum - and program of course - is too good for such ****!

Alpengreis

PS: It's not a MUST to use a new feature, it's a possibility!

 

Now, now... No need to get so uptight.... How is it by simply suggesting to send some extra donations for the developer's hard work is "stupid nonsense"?

 

This - of course isn't nonsense, that's true!

See, my intention is to HELP the developer/program, not to be against he/it.

I had spent - let me say carfully - not too little time, to "debug" some problems with WFC or to improve some things (IMHO senseful things). Even to find some behaviour was not really an easy thing - and the developer had it then easier to fix it, resp. it would be even now on unfixed state yet (sometimes he couldn't reproduce it).

Of course, it's a GUI "only", but why we should not have a really good and easy to handle GUI. Else feel free to use the WFWas GUI ...

 

Awesome update @alexandrud ! Really liking the new search enhancements

@marzametal
@henryg
@clubhouse1

You guys aren't helping anyone by complaining about a user who's suggesting loads of functionality improvements, pointing out bugs that need fixing in order to make such extraordinary software more extraordinary, and last but not least, attending to potential/current customer concerns when the dev isn't available. The new features he suggests barely change the way the program was made to be used from the start, and they're there when you choose to use them, if you ever choose to. If you have a problem with what he's suggesting, simply give a constructive criticism on why you don't like such suggestion.

 

Thanks for the update.

I had some problems just installing over the top of mr existing version. But when I uninstalled my old version and did a fresh install it worked. I had to export my user defined settings to a partial profile first then imported them into the new version.

 

I wonder how many people have upgraded to the latest version...

 

Alexandru has tens of thousands users over the world (as he had posted in Nov 2013) ...

 

I think any feature request is as good as any bug report. Having a brainstorm and an a free forum to change our ideas is a very good thing. Please continue share your thoughts regarding the software not regarding the forum members.

 

Bug Report: Windows Store App Updates are Being Blocked by "WFC - Akamai Technologies" Recommended Rule

- Noticed at my Start Screen that the Windows Store app was indicating there's an update available for my one of my apps, so, I opened the Windows Store and went to the update screen.

- Attempted installing the app update (Bing Food and Drink) and it showed the following error code:


- I cleared my Windows Firewall log and reattempted the above procedure, it still showed the error code, and the following blocked outbound connection attempts were logged:

No inbound connection attempt was blocked during this period.

- Right-clicked on one of them, selected "Jump to rules" and looked for the block rule whose IP range contains the 23.62.97.82, turns out it falls in the "WFC - Akamai Technologies" recommended rule range "92.122.212.0-92.122.219.255,92.123.96.0-92.123.111.255,95.100.0.0-95.100.15.255,23.32.0.0-23.67.255.255"​

For now, I'm just using this IP range as a temporary fix and apps appear to be updating...for now:

92.122.212.0-92.122.219.255,92.123.96.0-92.123.111.255,95.100.0.0-95.100.15.255,23.32.0.0-23.62.97.65,23.62.97.67-23.62.97.81,23.62.97.83-23.67.255.255.​

 

@alexandrud

I just want to say that Windows Firewall Control is done/developed quite well.

You are a very talented developer, that has given us a beautifully made product.

Thank you for all your hard work, as well as any hard work for the future to come.

Keep it up, you're doing a great job

Signing off,

One happy customer

 

Idea / new approach related to Service Names

Hi all/Alexandru,

we had a discussion already for a possibility to show the service-names last year ...

An example: if you share your media files, ev. the service "WMPNetworkSvc" is in use.

With such service-names it is possible to create more restrictive (exact) rules. It exist also different predefined Windows Firewall rules with such service-names.

Not only I was very interested to have a possibility to display such names in the notify window. One had defined it to a "killer"-criterium for WFC resp. to use it ...

Unfortunately, it was to difficult or work-intensive to realize resp. integrate this in WFC ...

But in the last few weeks, I found the program "Current Ports" from Nirsoft Utilities:

http://www.nirsoft.net/utils/cports.html

... there you can see such service-names, related to a process.

One minus point is, in some processes exist more than one service-names. Nevertheless, if you known these names, it's ev. possible for the user to determine the right one.

However: it COULD be a new idea/approach, HOW such services-names could be displayed/integrated within WFC. If not, at least I have tried it.

Sidenote: (for the "purists" in this thread): It's a POSSIBILITY, SUGGESTION, IDEA ... AND NOT A COMMAND ;-)

If someone against it, of course it can be discussed here - also critical - but please with REAL arguments not with personal "attacks", then it's absolute no problem for me!

Last but not least: if it's too hard/work-intensive for Alexandrud - or even, if he don't want it, HE'S THE DEVELOPER, HE MAKES THE DECISION AND HE WILL WRITE IT HERE - and it's absolute no problem for me personally!

In this sense ...

Alpengreis

 

Suggestion: Ability to Copy Certain Details From Connection Log Entries (and Perhaps Manage Rule entries too)
As of now, the only way to copy details (like local/remote IP address/port) from a connection log entry, without creating the rule, is through the "Customize and allow/block" context-menu command. This is sufficient and already time saving, especially with the built-in "merge" function. However, I think it could be made even more time saving by implementing the following context menu:

Copy... <- This will be the main menu entry (to minimize clutter in main menu),
the others are sub-menu entries and are exactly the same as the available
columns at the connection logs screen, with addition of the "ALL" entry

ALL
Time generated
Process ID
Name
Program
Direction
Local address(es)
Local port(s)
Remote address(es)
Remote port(s)
Protocol​

* The "ALL" option would copy the details of 1 rule as a string (separated by " | "), sorted in the same order as the user has sorted the columns. For simplicity, this option will be greyed out when the user selects multiple connection log entries.

EXAMPLE:
07/27/2014 08:00:10 | 3676 | Windows Explorer | C:\windows\explorer.exe | Out | 192.168.0.199 | 55704 | 207.228.83.17 | 80 | TCP​

* The ones highlighted in blue will be greyed out when the user selects multiple connection log entries

* The ones highlighted in green could take advantage of the same "Multiple selection" feature you created for customizing a merged rule before creating a new rule. That is, when you select multiple connection entries (not necessarily for the same program), those options will copy the combined entries. At this moment, I'm not sure how the "Protocol" entry works during a merging process...does it set the protocol to ALL when merging say a UDP and TCP rule? Or it's not possible to merge those two?
​

When the user selects one of the options, the corresponding info is copied to the clipboard, living the user to do as they will with the copied info. Like use it in updating a present rule, pasting it to a document, sharing it on forum or simply overwriting it with something else while in the clipboard

 

Heads up Notice: Windows 8 Bing Weather App (and Other Internet Connected Apps) no Longer Showing Live Tile due to the "WFC - Windows Explorer Local Network" Recommended Rule I Suggested
So, while setting up my Surface Pro 2, I noticed that right after I connected to the internet, all Windows Store apps began showing live tiles. I then restored my firewall rules from my old Laptop (which was running Windows Ei8ht too), and I noticed that the bing Weather app no longer showed the life tile; just the default blue background with white sun logo.

Setting the firewall to low filtering level and notification level to high seemed to fix it without any notifications. So, I figured there was an allow rule that didn't permit the bing Weather app to connect to a certain IP for updating the live tile.

Using WFC's Connection Log screen, I was able to pinpoint the program file that was getting blocked whenever the live tile attempted updating; turns out it was the explorer.exe file Also, I noticed that it was only two IP addresses which kept getting blocked; 207.228.83.16 and 207.228.83.17. According to the linked IP whois, it appears those IPs belong to my Internet Service Provider (ISP), Telus

Not sure why explorer.exe would be trying to connect to my ISP's servers, but sadly, live tile updating relies on the explorer.exe connecting to those IPs. So, I added those two IPs to the "WFC - Windows Explorer Local Network" rule and now live tiles of ALL internet connected metro app work as expected.

Presuming that in other people's cases the explorer.exe file will be trying to connect to their ISP's servers, I would suggest doing as follows to determine the specific IP address of your ISP to which explorer.exe needs to connect in order to update live tile info:

1.) Connect to private network and set filtering profile to medium

2.) Open WFC's connection log screen and clear the log

3.) Open the bing Weather app, add and switch to a different location for the app to display weather details

4.) Wait for it to finish loading then press the Windows key on your keyboard to go to the Start screen; you shouldn't notice the weather app's live tile update at-all, if it does, you don't need this process

5.) Go back to WFC's connection log screen and refresh the Recently Blocked - Outbound log; you should notice new entries for the explorer.exe program repeatedly attempting to connect to 1 or 2 (or more, depending on your ISP)

6.) Select all entries for the explorer.exe program, right-click and select "Customize and allow..." from the context menu

7.) Scroll down to the "Local and remote IP addresses" section and copy the "Remote addresses" entry (e.g. 207.228.83.16,207.228.83.17)

8.) Cancel the rule creation, right-click one of the "explorer.exe" entries and select "Jump to rules" from the context menu; rules for the "explorer.exe" program should be listed, one of which should be the "WFC -Windows Explorer Local Network" recommended rule

9.) Double-click the "WFC - Windows Explorer Local Network" rule, scroll down to the "Local and remote IP addresses" section and append the "Remote addresses" entry you copied in step 7.) above to the current "LocalSubnet" entry (e.g. LocalSubnet,207.228.83.16,207.228.83.17)

10.) Click "Apply" and press your Windows key

11.) Vuala, ALL your internet connected live tiles should now be working as expected, including the bing Weather app live tile...​

 

...

In particular for longer IP or Port fields - and of course Program field too, that would be a quite useful thing!

So I give a clear +1

Alpengreis

 

Bug Report: Blocked Windows Store App (in this case, the YouTube Now app) Results in Endless Notification, Even After Creating Allow/Block Rule (After the Endless Notification Began) OR Even After App is Uninstalled

This has occurred with multiple other Windows store apps, just decided to report it after it occurred with this particular app. When this occurs, the WFC notification window shows app's executable attempting to connecting to the same remote IP through different local ports; the local port endlessly increments. Regardless if I block or allow the connection via the notification dialog, the notification dialog pops up again.

This occurred with WFC set to the Medium Profile with Medium Notification.​

 

Not only Windows Store Apps are affected with this endless behaviour, as I had reported already. It seems, that this is the case with all programs, if those make "endless" tries (at least with "endless" local port change) to connect ...

 

I will update the ranges for the recommended rules in the next version, but I am thinking of removing the recommended block rules because I receive many questions about them, why they are there, why are not working some feature from Windows 8. Then, every user can block whatever he wishes.

Finding the service name will do any help only for svchost.exe connections. There is a lot of work to implement such thing in WFC and this will not be done.

I will think about it.

From what I saw, explorer.exe should be allowed on all remote addresses because many things are related to it. Blocking explorer.exe may break some functionality from the OS.

I will check this. I don't understand this: "Even After App is Uninstalled". You still get notifications for it after you uninstall it ? Is it really uninstalled ?

 

I am also for the remove these recommended block-rules. I also had some uncertainties with those. Anyway, it's difficult with predefined rules with public IPs - IPs may change. You could leave these as optional rules with corresponding explanation/warning, but no more as recommended rules.

All right, I can understand.

 

Alrighty, I personally like the idea of blocking privacy intruders, so, I'll keep a Partial Policy of those recommended block rules and adjust them as needed.

I kind of agree and disagree. I added these IP range, 23.62.97.0-23.62.97.255,23.67.60.0-23.67.60.255,204.191.12.0-204.191.12.255, to the "WFC - Windows Explorer Local Network" recommended rule, and as far as I know, everything is working as I like them, but suspicious connections to certain Microsoft servers (like 157.56.141.103) and Amazon servers (like 176.32.98.166) remain blocked until I figure out why they're being made and if they should be allowed.

Hmm, that might be due to the way Windows handles metro app uninstallations. When I right-clicked the metro app icon, and selected "Uninstall", the icon disappeared from the Start Screen and All Apps sections, but I kept getting WFC notifications for the app. So, maybe the app was still being uninstalled in the background and Windows just removed the icons to make it appear like it uninstalled fast.

 

Let the rules be optional. I've not experiences any problems with them on Win 7 or Win 8.1, but every OS configuration is different.

I have a question/request. Is the date of rule creation available for the rules panel? It would be a nice colunm addition.

 

Unfortunately, not. The last rules added are on top of the list but the firewall rules don't have a time stamp. Such a column is not possible.