Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Jack8

    Jack8 Registered Member

    Joined:
    Jan 5, 2015
    Posts:
    17
    Hi, i have the latest WFC installed. The Connection Log shows all the same entries for inbound and outbound blocked connections. When i choose 'Direction' Inbound, all the blocked outbound connections are shown, no inbounds. Actually it used to work, if there where no inbound blocked connections, nothing was shown.
     
  2. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @alexandrud

    [Bug] (v4.5.3.0): New ICMP Type problem

    We had a similar problem after copy ICMP rules with undesired change of ICMP-Type. This now, is a little bit different.

    Step to reproduce:

    CHANGE an exist ECHO rule (ICMP-Type "Echo Request" (make sure in Original Win FW GUI, that the Type is "Echo Request") PROTOCOL from ICMPv4 to ICMPv6 or vice versa and check it after in Original Win FW GUI.

    - The Original rule has ICMP-Type = "Echo Request".
    - The copied WFC rule has ICMP-Type = "Type 8, Code Beliebig" resp. "Type 128, Code Beliebig" (means in EN "Type 8, Code Any" resp. "Type 128, Code Any" (or similar), this is NOT correct and makes problem with the notification system (we had this discussed).

    Attention: you cannot see the effect in WFC directly, because there is always "Echo Request".

    Thank you and greetings
    Alpengreis
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    I can't reproduce this. Are you sure they are the same ? When you set the direction combo box to inbound, the Direction column of the results contains the word In or Out ?
    LATER EDIT

    After further investigations, it seems that the ICMP types can not be preserved when changing the protocol ICMPv4 to ICMPv6 or vice versa, because the same ICMP code means something for ICMPv4 and another thing for ICMPv6. Even in WFwAS, when you switch between these two protocols, the ICMP types get messed. The only solution to this problem, is to manually check these kind of rules in WFwAS when you swhich between these two protocols. I can't fix this in WFC.

    However, I have found that the ICMPv4 types were not displayed correctly for ICMPv4 protocol, which I already fixed.

    What I can do in code, is to reset this property to "All ICMP Types" when changing the protocol between these two.
     
    Last edited: Sep 4, 2015
  4. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    65
    Regarding the notification's extended search/jump-to abilities --

    For "Open Task Manager" function, would it be possible to have Task Manager highlight the specific process/PID row when it opens?
     
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Not possible. Task Manager does not support parameters, so it can't retrieve a process ID, then switch to the Processes tab and select the process based on the pid.
     
  6. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Ahh, ok, logical.

    That's good! Are you sure, that only IPv4 was incorrect (see below because REAL values)?

    Yes, that would be good in such a case then. And please make a FAQ entry for this.

    So or so, WFC should display ALWAYS the REAL values, this is actual NOT the case. I know, with your fix "Reset to All ICMP Types", WFC (should) show "All ICMP Types". Nevertheless other (manually defined Types or even through further bugs) are not displayed correctly. It seems, some known Types (like "Type 3, Code 4") are correct, but others not. If we would have ALWAYS the REAL value, it would be no more necessary to change to Orig Win FW GUI to check (for example after a duplicate of such rule).

    Defined REAL value and actual situation example ...

    - ICMPv4/6 "Echo Request"
    Orig. Win FW GUI shows: "Echo Request"
    WFC shows: "Echo Request"


    - ICMPv4 "Type 8, Code Beliebig"
    Orig. Win FW GUI shows: "Type 8, Code Beliebig"
    WFC shows: "Echo Request"
    --> This is a problem, because the User cannot see the REALITY within WFC. This can lead to problem with notification system.

    - ICMPv6 "Type 8, Code Beliebig"
    Orig. Win FW GUI shows: "Type 128, Code Beliebig"
    WFC shows: "Echo Request"
    --> This is a problem, because the User cannot see the REALITY within WFC. This can lead to problem with notification system.


    I hope, you can ensure, that ALWAYS the REAL value is displayed, then - with your already implemented fix, it would be really good.

    And - last but not least - I know, probably not many users use so detailled ICMP settings, but IF, those rules are also important, even to ensure, that the notification system always works right.

    Have a nice weekend!
    Alpengreis
     
  7. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    65
    *Is there any kind of date-created property for firewall rules, or at least some way to determine when a rule was created?

    *Besides rules starting with "WFC...", how can we know which rules were automatically created by WFC? I see svchost.exe in blocked connections on port 161 (SNMP) -- a rule created for this specific scenario, from local ip to local ip (my local printer), however, I don't remember creating a rule for that.
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Type 8, Code Any = 8:* = Echo Request for ICMPv4
    Type 128, Code Any = 128:* = Echo Request for ICMPv6
    To check both of these, try to add manually the same ICMP code and WFwAS will give a message that this code is already in the list. Not really a bug.
    No, unfortunately there is no creation date property. You can manually update the description of your rules and write there this info, even if I don't see how this is useful.
    Rules created from WFC have the Group set to "Windows Firewall Control". 99% when a rule is added from WFwAS or another application (installer) the group is not set. Besides the recommended rules which are prefixed with "WFC - ", WFC does not create any rule. Also, these recommended rules are created at user request not forced by WFC.
     
    Last edited: Sep 5, 2015
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Windows Firewall Control v.4.5.4.0 - New version

    What's new:
    - New: A new read only check box column named "Extended properties" was added in Manage Rules window. It indicates if a rule contains extra properties which are not displayed in WFC.
    - Improved: The search functionality from Manage Rules was improved by adding a 0.5 seconds delay between the text update event and the actual start of the search. This removes the intermediate results which were triggered between characters typing. The search is now more smooth.
    - Fixed: WFC service fails to start on computers where WMI is not available. The code was updated and a warning is logged instead of crashing the service.
    - Fixed: The loading of the firewall rules in Manage Rules is executed twice on the opening of the window. The duplicate call was removed and the rules should load faster.
    - Fixed: When launching "wfc -rp", there is no active view and the rules are missing.
    - Fixed: ICMP Types are not displayed correctly for rules defined for protocol ICMPv4.
    - Fixed: ICMP Types are not correctly set when switching the protocol from ICMPv4 to ICMPv6 or vice versa.
    - Fixed: All locations check boxes are unchecked when opening in Properties dialog a rule defined for an application package in Windows 10.
    - Fixed: The WFC service (4.5.3.0) can't be stopped from services.msc. The service must be killed from Task Manager.

    New translation strings
    050 = Extended properties
    051 = This rule contains extra properties which are configurable only from WFwAS


    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: d4d9e8614315a42efc0cc0c33191996285d44a59

    Have a great weekend,
    Alexandru

    Thank you for your feedback.
     
  10. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    @alexandrud
    Impressive awesome job! Thanks a lot. Have a nice weekend you too!
     
  11. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Understood. Thanks for explanation.

    Yeah, indeed! So fast fixed again!

    Thank you VERY much for your work, Alexandru!
     
  12. Distman

    Distman Registered Member

    Joined:
    May 7, 2013
    Posts:
    12
    ...

    Thank you. For the installer I have one suggestion. Can you add a page to select the "language files" to the installer. The system language is preselected. Maybe all language files from the date when the installer is createed are included or during installation the installer download the latest one from your webpage and extract it directly to the destination directory. This would save the user an additional download, extract, elevate the user rights to write in programs folder...

    Best regards
    Distman
     
  13. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @alexandrud

    Some feedback ...

    Works - and it should be clear enough now!

    Works, very good!

    Works, good workaround. But please add it to the FAQs yet AND/OR make an extra warning (popup) for ICMP rules, because the "normal" cannot know this effect!

    Works now!

    PS: DE-Translation is ready soon ...
    PPS: DE-Translation is sent to Binisoft.org ...
     
    Last edited: Sep 5, 2015
  14. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Cheers for thew new release!
     
  15. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi Alexandru

    All well installed here and running very nicely. Good job, my friend.

    Regards, Baldrick
     
  16. backwards_sdrawrof

    backwards_sdrawrof Registered Member

    Joined:
    Jul 12, 2015
    Posts:
    4
    I just dropped in to say THANKS Alexandrud!

    Your software is one of the few reasons I even bother with Windows anymore,
    alongside Shadowdefender, Sandboxie. I donated some time ago, and it was my pleasure.

    Also, I appreciate, your implantation of easier group handling. Today the rules on a basic
    Windows system... are ever-growing.

    Once again, thanks.
     
    Last edited: Sep 6, 2015
  17. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Just curious... this has probably been touched on before, but hmm... 76 pages for one small question...

    What if one was to stop using WFC, how would they go about taking control of the rules again so "all" details could be manipulated, rather than some?
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    I will think about this. Probably a good idea is to have this in Main Panel, instead of the installer, so that a user will be able to get an updated translation file without going through the installer.
    In WFC you see the same rules that you see in WFwAS when you execute WF.msc. If you uninstall WFC you can use WFwAS to do modify the rules. However, from WFwAS you can't modify rules with a group set while from WFC this is possible.
     
  19. Distman

    Distman Registered Member

    Joined:
    May 7, 2013
    Posts:
    12
    With the new version I have some problems. First, the notification window show up nearly in the middle of the screen and not in the right bottom area. But the main problem is, that it notify me about some outgoing connections, for which I have some blocked rules. My blocking rules block only in public networks. Now I'm in a public network, but receive this notifications. With the old version I didn't get them.
    One example, I block explorer.exe to connect when I'm in a public network. Till now, this did not generate a notification window, just a entry in the log window.
    When I change my block rule to "all networks", then I not get the notification.

    Looks like the notification window not check the actual network and the defined rule network. Did someone else also have this?

    WFC run under Windows 10 Pro 64 Bit
     
  20. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    65
    Out of curiosity, how was this discovered? Is it something that anyone could discover through debugging, or only by Alex (i.e., by having the source)?

    If it's something observable by anyone (without the source), how do you do it? Again, purely just curious for improving my general Windows debugging ability.
     
  21. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    And you cannot move it to another place?

    I had this too (at least similar) (in earlier version) and Win 7, but it was a side-effect from an incorrect ICMP rule (not right setting for Echo Request). If you have such rules, check in WFwAS GUI, if the ICMP-Type is "Echo Request" and NOT "Type 8, Any" (ICMPv4) and/or "Type 128, Any" (ICMPv6).
    However, If I have enough time (not at the moment), I will make some checks with the Locations ... probably Alexandru is faster with an answer ...
     
  22. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    65
    Is there a way to "close out" of "Show invalid rules" function, besides refreshing or changing the display? Perhaps adding the ability of pressing the Search box's "X" to go back to main rules, or perhaps clicking "Show invalid rules" again to reset the view may be helpful. Just a minor UX thing, not a big deal.
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    The notification dialog is saving the position on closing and on the next reopening, it will use the last coordinates. Regarding the second problem, I can't reproduce it. Please send me your entire set of rules and a screenshot with the blocked connections for which you do not expect a new notification. Do you have the default advanced notification settings enabled ?
    I discovered it while debugging another problem. It was observable only in code.
    No, you have to refresh the rules list. The search changes the source of the view, does not hide the other entries. For this reason, a refresh is required. The solutions that you propose will do the same thing as pressing on the Refresh button or changing the filters. Nothing to update here, from my point of view.
     
  24. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Woah, been a long while since I visited this thread (since page 49, now we're on 77). Development sure has been really progressing and I've been quietly enjoying the updates all along. Back again with a few bug reports and suggestions for improvement:

    First off, the Bug: Still Getting Notification for File/Windows Explorer Even When There's a Defined Rule
    - I'm connected to a public network (back to school for some technical training for my job :))
    - I have the following rule defined to allow File/Windows Explorer connections on public network locations
    Outbound Rule for File Explorer on Public Network Defined, Still get Notificiation.jpg Outbound Rule for File Explorer on Public Network Defined, Still get Notificiation (2).jpg
    - However, I still get this irritating non-stop alert of blocked outgoing File/Windows Explorer connections
    Outbound Rule for File Explorer on Public Network Defined, Still get Notificiation (3).jpg
    Any ideas on what could be wrong? Perhaps 'cause the rule was created from a partial policy I re-formatted and imported from an older version of WFC? That brings me to my suggestion.​

    Suggestion: Add Built-in Code for Backwards Compatibility with Previous WFC Partial Policy File Formats
    I brought this suggestion up a while ago when the formatting changed, and I was told not to worry, it won't be changing again. However, due to the awesome continuous development of the program, it has yet again changed, and I believe it's bound to happen countless times in the future. Just recently, when looking to import a partial policy (which itself took precious time to create and thus was backed up), part of which included the above File/Windows Explorer rule, it showed me the error message of being corrupt, meanwhile nothing had happened to the file.

    Had to fiddle around creating temporary partial policies of blocked/allowed, domain+private, public, and Any/TCP Protocol rules. Then went through the process of analyzing and comparing the old and new partial policy file formatting (which are just text files with a custom extension) in Notepad, adjusting the format of the old one entry-by-entry and appending the new entries (ApplicationPackage="" AuthorizedComputers="" AuthorizedUsers="" LocalUserOwner="" SecureFlags="0").

    This process is time consuming (took almost half an hour to re-format all the rules in the partial policy) and could have easily been avoided (especially for even longer partial policies) if WFC had proper backwards-compatibility code. The code would be checking the entries of the partial policy file when the user selects it for import and automatically adjusting them for seamless import into newer versions of WFC.

    Thanks in advance.
     
  25. Jack8

    Jack8 Registered Member

    Joined:
    Jan 5, 2015
    Posts:
    17
    This strange behaviour on my system (Windows 8.1, WFC newest version fresh installed) persists. I have now attached a screenshot of both logs. They are exactly the same, Inbound Log just shows the Outbound Log entries.
     

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.