Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Big Mike

    Big Mike Registered Member

    Joined:
    Apr 18, 2015
    Posts:
    17
    Hi, I'd like to second, that suppressing alerts for all applications located in a windows subfolder causes many problems.
    While I hadn't had problems with silently suppressing alerts for svchost.exe and system (and therefore preferred medium alerting level), it's unusable now.
    Since the default windows setting is to allow all outgoing connections, even most built in windows applications won't work without creating any firewall alert at the recommended medium filtering level. Also many third party applications are still installed into the windows folder and therefore usually won't work if they rely on a network connection.
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    This works based on the events generated by the operating system. WFC knows instantly when this happens, there is no period of time. One thing here that will not work: WFC can't know if the user changed the profile from WF from Control Panel or a malware did it. In this case, the profile will always be reverted. But I gues,, this will not be a problem.

    1. For executable files under C:\Windows\*.* you must use High notification level.
    2. OneDrive is not a program used by all Windows users, so the user will have to create a rule for this manually or by enabling the correct notification level.
    We can't say that e_tarnh3e.exe is a common program. Anyway, after seeing so many reporst about the new notifications system I am thinking to switch it back to the way it was in the past. However, I will add a special section with advanced settings which may be used by advanced users to work by their needs.

    So, regarding the notifications system, please have patience. I work on a new version. Your feedback was heard. :)

    Have a great day. Alexandru.
     
  3. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    679
    I agree with you here. As it is now, it can break functionality without users knowing the cause.
     
  4. bubblebobble

    bubblebobble Registered Member

    Joined:
    Mar 25, 2015
    Posts:
    2
    Hi guys, Alex from Italy.... sorry for my english :)

    I have some beginner questions (maybe more about general firewall usage, than exclusively related to WFC)...:

    1) looking at profiles tab in WFC: "Medium filtering" profile (recommended) says that Outbound connections without rules are blocked... What about Inbound connections?

    2) do blocking rules always predominate over allowing rules? Eg what if I block a software for TCP-out ports range 0-1023, and then I create an allow rule TCP-out for port 80? should I set ranges like block 0-79,81-1023 etc?

    3a) why there are some "read only" rules?
    3b) Is there a way to delete/modify them (also not using WFC or with some "workarounds")?
    3c) Eg if emule's read only rules are set to "Allow TCP-in" & "Allow UDP-in", what happens if I create 2 rules like "Block TCP-in" & "Block UDP-in"?

    thank you in advance!
     
  5. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Load www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-28#post-2366317 and search for inbound. So, if the default inbound Windows Firewall setting is active on your system, the princip is: All is blocked except it's allowed through rules. Also: the WFC filtering level does not influence the Windows Firewall inbound setting (because it's for outgoing only).

    Block rules have higher priority than allow rules (in- and outbound)! Block ranges as in your example should be not necessary, except you do not use the WFC secure rules function and your software creates automatically rules with such unwanted ports (attention: software(installations) CAN also automatically deleting block rules - hint: then you could create block rules within GPedit.msc (Group Policy Editor) (not available on all Windows system).

    See www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-58#post-2474715 and search for "read-only" ... Of course you can handle such rules within Windows Firewall itself!

    If you create new block rules with WFC, then the Edge setting should be "Edge = Block edge traversal", so it should be not a problem to block such connections. So or so, if you need another edge setting, you can create such rules within Windows Firewall itself of course!

    Alpengreis

    PS: Please use next time the search function for this thread too (I had maked this now for you ...)
     
  6. bubblebobble

    bubblebobble Registered Member

    Joined:
    Mar 25, 2015
    Posts:
    2
    thnx a lot!

    is there a place where I may post specific program's rules so that I can discuss them with other users? eg rules for skype, rules for emule, rules for firefox, etc.

    or is it OK to post them here?
     
  7. krawhitham

    krawhitham Registered Member

    Joined:
    Apr 20, 2015
    Posts:
    4
    Just registered

    I'm using windows 10 preview. Notifications are not popping up when a program is blocked to ask for permission to access the internet. I have tried high, medium, & low. I also tried with and without display notifications on top of other windows
     
  8. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    I would say: from time to time have a question about a rule is okay - for general discussions about firewall rules, this is most probably the wrong place. I don't know a good place for this, maybe another user can help you - or you use google or something like that to search ...
     
  9. krawhitham

    krawhitham Registered Member

    Joined:
    Apr 20, 2015
    Posts:
    4
    So what does one have to do it get Notifications working?
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    1. What other security programs do you use on this machine ? Do you have any web filtering module, software proxy, etc ?
    2. Which profile do you use in WFC ? Medium Filtering profile ?
    3. Do you see the blocked connections in Connections Log ?
    4. If you manually create a rule for a program, is that program able to connect ?
    5. If you check the WFC log, do you see any errors ? Launch Event Viewer from the Tools tab and you will open the WFC log.
     
  11. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    I just got two WFC log entries as follows:
    There's no other information to describe the rule or why it was considered Unauthorized. o_O

    (although about 5 minutes earlier I'd updated to FF V 37.0.2)
     
  12. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    If you have the WFC Secure Rules function activated and Firefox had created these rules while installation-process - and NOT WFC, then it's clear, why.
     
    Last edited: Apr 22, 2015
  13. Piterplus

    Piterplus Registered Member

    Joined:
    Apr 23, 2015
    Posts:
    3
    @alexandrud
    May I propose to add button (and functionality, of course) "Allow once" to the popup notification window, along with existing "Block once".
    Sometimes it would be handy to allow some programs to go to the internet without creating firewall's rule (installation packets, testing programs etc)
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    In the notification dialog, press on the "T" button from the right to create a temporary rule. It will be deleted after 1 minute, 5 minutes, etc. You can't allow something without creating a rule because WFC doesn't do any packet filtering.
     
  15. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    OK, thanks, J
     
  16. Piterplus

    Piterplus Registered Member

    Joined:
    Apr 23, 2015
    Posts:
    3
    Thats pretty cool feature, even better than just "Allow once", thanks.
    How come that I didn't noticed it before...
     
  17. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    That makes two of us.... lmao
     
  18. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    611
    Location:
    Wallachia
    It would be nice to have a field in the manage rules windows to show the local adress as well.
    Sometimes if the rule is made with a specific local LAN IP, that gets changed, some programs give problems connecting as the local IP is different.To fix this you need to lose time checking all rules to find what's wrong.
    Having that column with the local adress could be usefull.
     
  19. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    There is... just right click any of the menu names and you will see Local Addresses
     
  20. vvardja

    vvardja Registered Member

    Joined:
    Apr 27, 2015
    Posts:
    2
    I am running the Windows 10 Technical Preview. After updating to the latest build (10061), WFC is no longer able to see connections occurring. There is no popup (notification level Medium) and the Connections Log view is completely empty, even though I have enabled logging for both allowed and blocked connections. Reinstalling WFC does not help. I'm guessing something must have changed in the way Windows exposes firewall events to WFC. Is the problem known and is there perhaps a fix or a workaround?

    Thanks!
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    I will install this build on a VHD these days and check this. The current WFC version was compiled and tested on W10 build 9926.
     
  22. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    611
    Location:
    Wallachia
    My bad, indeed there is a menu i ve never spotted :)
    Maybe those hidden options should be more visible in the menu :)

    Alexandru, can you add those options to select the columns shown, on the right of the page, under the other options, ?!
     
  23. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    This would be redundant. Why don't you just right-click on the title-bar in the manage-rules window?
    Then you can select and deselect the information you like or don't like, including Local Adresses.

    HTH :)
     
  24. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Maybe A HINT such as "Press right mouse key on a column title to configure colums" or easier "'Icon for right mouse key' + the related text" or something like that could be make sense (on the right side) for Connection Protocol & Rule Manager (not possible for the Rule Assistent) ...
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Windows Firewall Control v.4.4.4.0 - New version

    What's new:
    - New: A new section for configuring the advanced notifications settings was added in the Notifications tab. The new settings can be used to tweak the notifications system regarding the notifications that should be displayed or not.
    - Updated: The notifications levels were changed back. In Medium notification level the notifications will be displayed no matter of the folder, and the notifications for System and svchost.exe will be skipped. The notifications for System and svchost.exe are displayed only on High notification level.
    - Updated: The inbound rules with edge traversal set to 'Defer to user' are not set as read only anymore in WFC. Even if the update on them may not work in all cases, the user has at least the ability to change the Group of the rule so that the rule becomes editable in WFwAS.
    - Fixed: Duplicating a rule with the port set to keywords as IPHTTPS or Ply2Disc does not have the Duplicate word in the rule name. Also, these kind of rules can't be edited because IPHTTPS or Ply2Disc keywords are not recognized by WFC.
    - Fixed: In Windows 10, rules with local ports that use keywords are retrieved with an extra ',' making the rules invalid when trying to edit them.

    New translation strings
    221 = Advanced notifications settings
    222 = Reset default advanced settings
    223 = Use allow rules when searching for matching rules. Recommended for compatibility with other security programs if duplicate notifications are displayed.
    224 = Use generic block rules when searching for matching rules. If a block rule that apply to all programs matches the blocked connection, the notifications will not be displayed.
    225 = Use disabled rules when searching for matching rules. If a matching disabled rule is found the notifications will not be displayed.

    Updated translation strings
    203 = Display notifications for all blocked outbound connections, including the system ones, generated by the connection attempts of svchost.exe and System.
    205 = Display notifications for all blocked outbound connections, but ignore and do not display the notifications generated by svchost.exe and System.

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 4b0e7adddf524b2f4e24fc977f74f799e16638a7

    Thank you for your feedback.
    Alexandru
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.