Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    I love your choice, there's no chance of confusing those colors (unless you're colorblind in which case letters, or numbers instead of tick marks would help)
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    I will update the icons to be more colorful.
    I will try to find a solution for this. The default sorting from .NET does not take into consideration the string length.
     
  3. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @alexandrud

    [Bug? Undesired Auto-Switch from High to Medium]

    After wake-up the computer from sleep (not hibernation just standby), I had "immediately" switched the Filtering Profile from Medium to High to check something with the Secure-Boot rules ...

    After - I BELIEVE (not 100 % sure about the time) - no more than 5 mins, the Profile had switched automatically back to Medium (probably after a reload in the Rule Manager (if this info is relevant anyway))!

    How is this possible?

    1. My time for auto-switch to Medium is set to 10 mins.
    2. I thought this should be not the case, if the filtering profile is High!

    I could not reproduce it until now. However: I thought, you should know it already (maybe it's something with a timer function after wake-up or other "unfinished" timer (after manually switch from Low to Medium) or so.

    Thanks!

    Alpengreis
     
    Last edited: Jul 3, 2015
  4. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Last edited: Jul 5, 2015
  5. hjlbx

    hjlbx Guest

    What is the data file that contains all WFC rules?

    What is its directory?

    I want to retain any WFC rules I create while using Shadow Defender's Shadow Mode.

    All I need to do is to exclude the WFC file to which rules are written.

    Thanks,

    HJLBX
     
  6. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    The WFC folder in Program Files contains all the files pertaining to installer module. WFC does not hold any active data files for current ruleset (it does hold one restore file, to restore rules to default). It merely represents what is currently contained in W7FwAS. I do not think what you are after is possible.

    WFC can import/export rules to/from a file, but I believe it is not tasked with holding the active data file. That is W7F's job. The last time I checked (also think some posts in this thread have mentioned it... not sure mate!), firewall rules are stored in the Registry, so there isn't really an active file until the user decides to create one.

    So for your situation, you would have to import your rules from a file that you exported prior to each and every shut down/boot up sequence you initiate. I remember doing this for a while, then I cracked the s**ts... hah!

    Also, hold off till Developer confirms, but I think I got it right... *not crossing fingers* hahaha
     
  7. hjlbx

    hjlbx Guest

    @marzametal

    I suspected as much, but wasn't absolutely sure. Waiting for @alexandrud.
     
  8. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Firewall rules are in the registry:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
     
  9. coolstorybro

    coolstorybro Registered Member

    Joined:
    Jul 7, 2015
    Posts:
    2
    Hello,

    how can I manage the connections while having a VPN tunnel?

    Following problem:
    If I use my VPN, Windows Firewall Control is just asking to allow OpenVPN. After that everything is allowed and has internet access.

    If I disable my VPN it's back to normal and I have to allow the programs I want to allow internet access.

    Is it possible to create a new profile which is used only if I'm connected to my VPN and then having the normal whitelist again?
     
  10. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Since W7FwAS doesn't allow multiple profiles, I doubt WFC will either. Your best bet is to create rules to facilitate silence during ISP IP and noise during VPN IP. This will serve as another version of a VPN killswitch... unless you still want to use apps without a VPN?
     
  11. coolstorybro

    coolstorybro Registered Member

    Joined:
    Jul 7, 2015
    Posts:
    2
    That would be fine for me.

    How do I tell WFC that only VPN traffic should be whitelisted?
    Like I said, right now it just asks for OpenVPN and everything is ignored then.

    I'd also prefer that there is no traffic when there is no connection to my VPN.
     
  12. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @coolstorybro

    - Use LAN and VPN in different locations
    Example: LAN is private location, VPN is public location. Now you could handle the traffic with related location rules.

    - Optional: Use special VPN rule-set
    Examle: Create a special rule set with own GROUP NAME for VPN. You could activate this ruleset through a batch or so (hint "netsh"). Also, some VPN programs have possibilities to execute commands/batches - for example BEFORE CONNECT, AFTER CONNECT and AFTER DISCONNECT.

    - Make the configuration right of ALL your components, not only Firewall:
    Ensure, that the technical things are right configured. Ev. you have to configure, that while VPN ALL your traffic to the internet goes via VPN. Important: ensure, that NOT all programs are allowed to go out while VPN, unless it's really your desire. For ex. my standard rule for my Browser is valid even for VPN too (even with Location = Any) - means: if I deactivate this rule, the browser has no outgoing access to the Internet. Etc. etc. ...

    - Additionally:
    Attention: if you have IPv6 via NON-VPN Provider and your VPN does not support IPv6, you have to "block" IPv6 while VPN. Else, IPv6 connections work further over your NON-VPN Provider. To prevent this, you could block IPv6 with special ruleset AND/OR unbind the IPv6 adapter(s) before you start VPN and rebind it after - hint "nvspbind".

    - Security tip: (not especially related to your question, but it can be very interesting): if you will avoid DNS-Leaks, you have to make further steps ... hint "DNS Fix from www.dnsleaktest.com".

    However: if you make your solution good and serious, it should be even possible to avoid "external" Kill Switches (I do not use such things, because they have to "react" to the changed situation first (at least for the versions I had studied was this so), which means they work not IMMEDIATELY (I know, the delay can be short, but nevertheless ...) (for example when the VPN disconnect) - and you can prevent (hopefully any) Leaks.

    Regards
    Alpengreis

    PS: This is only a little help to your situation, not a complete manual - means: maybe I have forget some important things :)
     
    Last edited: Jul 8, 2015
  13. Alamei

    Alamei Registered Member

    Joined:
    Jul 5, 2015
    Posts:
    7
    Even after following all the suggestions in this thread, I still have issues with Microsoft Office programs prompting me to allow/block connections, no matter how many different ways I try to allow them. Right now, I have a manually created rule for each of the Office programs in the following style: "C:\program files (x86)\microsoft office\office15\excel.exe". However, when I open the programs, WFC still prompts me to allow/block them, and the WFC connection log shows a blocked record for "C:\program files (x86)\micros~1\office15\excel.exe" (for example) for each request. I tried switching the rule to allow the path with "~1" in it, but that had no effect, nor did having both rules in place. It seems like the truncated path in the connection request just flat out stops WFC from running a proper comparison against existing rules.

    WFC seems to work well with all my other software, but having those messages constantly pop up for MS Office applications is starting to drive me crazy. Normally I would just move the software to a path with fewer characters to workaround the whole truncation issue, but Microsoft has brilliantly decided that users shouldn't be allowed to choose where to install Office applications. Does anyone have another workaround, or is there a some resolution to this issue that I'm missing? I'm running on Windows 7 Pro x64.
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    Windows Firewall does not support DOS short names when you define a new rule, so you must provide the full path. When you create a new rule from WFC, it accepts also the short DOS format path but WFC converts it to the full path when before calling Windows Firewall API. However, the DOS short format is wrongfully detected by the operating system and Windows Firewall uses this path when it writes to Security Log.

    The problem is Windows Firewall, which for some unknown reason, detects randomly the old DOS format paths. This is not related to Office. On my computers, the path for Office files are correctly detected in the full format. I have received other complaints about outlook.exe and mbam.exe with the same behavior. Unfortunately, I do not have a solution at WFC level for this problem. I will try to see if I can find a workaround for it.
     
  15. Alamei

    Alamei Registered Member

    Joined:
    Jul 5, 2015
    Posts:
    7
    Yeah, that's why I created those manual rules with the full paths for each of the Office programs. I assumed it might be Office-related because, while other programs on my computer had the issue of WFC wanting to create a DOS 8.3 style truncated path on a rule, I was always able to work around the issue by creating a rule for the correct path manually in the Windows Firewall control panel app. The Office applications are the only ones that I've had the experience of refusing to go through based on a correct rule.

    I totally get that it's Microsoft's problem with the foolish paths being logged (and seriously, the fact that DOS 8.3 character paths still play any factor in modern computing boggles my mind), so I figured that any solution would have to be of the workaround variety. Would it be possible to add a power-user option to just disable all prompts for DOS-style formatted paths? It certainly shouldn't be the default, since it could result in some requests being denied without any user feedback, but it would work well for users like me that aren't worried about troubleshooting the occasional connectivity issue (I used TinyWall in the past, which requires you to manually create all entries), and just don't want to be bothered with unlimited message prompts.
     
    Last edited: Jul 10, 2015
  16. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    Have you tried shutting down the 8.3 format?

    in W7 the key is:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\NtfsDisable8dot3NameCreation
    set it to 1 or 2 (mine is set at 2)
     
  17. Alamei

    Alamei Registered Member

    Joined:
    Jul 5, 2015
    Posts:
    7
    Given all the support and maintenance work I do in registry hives, I can't believe I never knew this reg key existed! I just toggled it to from 2 (per-drive 8.3 name creation) to 1 (fully disabled) in HKLM/System/CurrentControlSet, and it seems to have promptly resolved the issue. I have yet to see whether the missing 8.3 names upsets any other applications, but for now, it looks like a nice, clean solution (at least on my end).

    Thank you so much for bringing it to my attention.
     
  18. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    You're welcome, and this should save Alexandru a bit of coding/testing time...:)
     
  19. Alamei

    Alamei Registered Member

    Joined:
    Jul 5, 2015
    Posts:
    7
    It certainly doesn't need to be a priority, but it may still be worth putting some consideration into trying to develop a WFC-based workaround for the issue, since some users may be uncomfortable modifying registry trees. (Then again, perhaps the type of user that would install custom firewall management software is likely to be comfortable working with the registry.)
     
  20. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
  21. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    It's very easy, run regedit.exe from the Start button and Find "NtfsDisable8dot3NameCreation" without the quotes. On my system it was in 3 places, I just changed them all to a "1". No problems so far.
     
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
  23. 7hohPAyXMd

    7hohPAyXMd Registered Member

    Joined:
    Mar 7, 2014
    Posts:
    11
    Is it open source?

    If not, could anyone please recommend and open source alternative to this?
     
  24. backwards_sdrawrof

    backwards_sdrawrof Registered Member

    Joined:
    Jul 12, 2015
    Posts:
    4
    SUGGESTIONS:
    Windows Firewall Control - Manage Rules > Groups > Drop-down list (rewriting groups are cumbersome)
    Windows Firewall Control - Manage Rules > Groups > Assign color codes (faster overview/sorting)
    Windows Firewall Control
    - Manage Rules > Groups > Multi-selection > Drop-down list
    (select multiple entries, and add them to specified groups)



    Windows Firewall Control - Manage Rules > add "Reset Sorting" to right side "Actions" menu.


    @hjlbx
     
  25. KaptainBug

    KaptainBug Registered Member

    Joined:
    Dec 26, 2013
    Posts:
    484
    Windows Firewall Control is not open source. I believe Windows Firewall Notifier is
    https://wfn.codeplex.com/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.