Windows Firewall Control (WFC) by BiniSoft.org

Anyone else having multiple wfcs.exe crashes in Windows Reliability Monitor ?

Since the latest version, I have had crashes every day... The days where there is no critical events is after I uninstalled WFC. When I reinstall, the wfcs.exe crashes reappear....

 

I get a wfcs.exe dump every time I shutdown. These are about 166MB, zipped (only) 60MB.
At the same time I get an AppCrash in the WER folder, 125MB in total, zipped (only) 66MB.
I haven't worried about them, I just delete them each morning.

 

I'm having the same issues, I believe it occurs when I reboot my system..

Edit:
Rebooted and checked the timestamp of the wer file, It is created on the shutdown portion of the reboot.

SD

 

[Bug (v4.5.4.2)] Notification System is broken in Win 10 (maybe Win Version > 7)

Bug 1:
Steps to reproduce ...
1) The easiest way is to use a clean Windows (10) rule set +WFC Standard rules (with no other user rules).
2) Set Notification Level to High.
3) Disable all Advanced notification options.
4) Use a Windows 10 system and deactivate the default WFC outbound allow rule "WFC - Windows Update".
5) Initiate Windows Update search.
Result: No notification is generated (in the connection log appears the blocked connection)!
Note: under Windows 7, this is probably not a problem - under Win 8/8.1 not sure (have no such OS available).

Bug 2:
Steps to reproduce ...
1) The easiest way is to use a clean Windows (10) rule set +WFC Standard rules (with no other user rules).
2) Set Notification Level to High.
3) Disable all Advanced notification options.
4) Create the following outbound allow rule ...

Program = System
Location = All (you can also take Private, if you are in private location)
Remote IPs = ff02::16
Protocol = ICMPv6
ICMP Types = Any
"The rest" = Any​

5) Deactivate the default Windows (10) rule "Core Network - Teredo (ICMPv6 outgoing)".
6) Try a ICMPv6 ping to an external Host (for example take an IPv6 address from Google).
Result: No notification is generated (in the connection log appears the blocked connection)!
Note: If you change Program also to Any, the notification msg will be generated.

Thanks for analyzing and fixing in advance!

Thank you and have a nice weekend!
Alpengreis

 

@alexandrud

• Uninstalled\reinstalled WFC; wfcs.exe continues to AppCrash.
• Performed clean install of Windows OS; wfcs.exe continues to AppCrash.

Obviously there is a problem with the current version.

 

Also the version before for me as well, I checked if it occurs on logoff user but it occurs only on restart. I have re-installed WFC as well, same issue.

 

I will fix the crash that is reported in Windows Reliability Monitor in the next version. The service calls a .NET function which does not work (always) when stopping a Windows service. This does not affect the functionality of WFC.

 

Perfect, and thanks.

 

Serious problem after Windows 10 cumulative Update KB3093266

IMMEDIATELY after Installation of this Update (and the required reboot), WFC starts no more "Kann nicht mit dem Windows Firewall Control Service verbinden" (in english: "Cannot connect with the Windows Firewall Control Service" or similar).

The reason is: WFC Service does not start automatically now - a manually start is possible and after, WFC runs normally (probably)!

Greetings
Alpengreis

EDIT: I will try to reinstall WFC and/or other "workarounds" ... if I have new results, I'll post here of course ...
EDIT 2: Indeed, after deinstall and reinstall of WFC, WFC service runs again ... hmm, maybe the start sequence of WFC service had changed through Win Update?!

 

Just installed update KB3093266 on Windows 10x64. After rebooting and finishing the update the WFC service started as usual. I rebooted again and confirmed that the WFC service is starting automatically, so can't reproduce what you're describing.

 

Maybe it was a "random" thing and/or combined with other circumstances (with certain service configurations or auto-start programs for example) or whatever. However: good to know, that it's not compellingly the case.

Thank you for your response.

 

EDIT: Not sure why but a reboot of the system (for another reason) seems to have resolved the issue...thought I was going doolaly for a moment...LOL

Has anyone checked the Connections Log recently? I have for the first time in a while and cannot find any entries recorded either Recently Allowed or Blocked / Inbound or Outbound over any time period...and I cannot fathom as to why that is. The Manage Rules function is working fine in terms of what it is displaying etc.

Am running v4.5.4.2, so am up to date.

Anyone else having this issue or knows what I might be doing incorrectly in my use of the fucntionality?

Many thanks, Baldrick

 

Try to clear the log. If an entry from the Security log is corrupted then WFC may not display them. If you go to Security subcategory in Event Log do you see events with ID 5157 ? Also, make sure that from the Connections Log, both inbound/outbound check boxes are checked. If these are not checked, then Windows Firewall does not log anything. Also, pay attention to allow all rules that may allow all traffic.

 

Hi Alex

Thanks. Have cleared the log and checked the Event Log but no ID 5157. I will let the system run for a while and check again tomorrow. Funnily enough, when I set the Profile to Medium Filtering I am also sporadically NOT seeing notification of outbound communication attempts...am wondering if the whole thing is somehow linked?

Regards, Baldrick

 

Yes, they are related. Read below how the notification system works:

http://www.binisoft.org/faq2.php#notifications

If Windows Firewall does not log dropped packets, then no notification will be displayed. Did you install recently a new security product ?

 

Hi Alex

Got it...thanks. I will double check everything at my end.

Regards, Baldrick

 

Small tweak request on UI...

When right clicking on a rule in the Manage Rules screen, there is displayed a list of options. Would it be possible to put the option DELETE lower (under Merge Rules, above Open File Location)? DELETE and DISABLE are too close to one another, and I end up deleting rules rather than disabling them... which proves a nightmare for my "nice" layout

Thanks for considering my request. Take care.

 

+1 for this suggestion.

Additionally, delete could be executed only after confirmation (as configurable option!). This analogous to the original Windows Firewall.

Alpengreis

 

@alexandrud

What is\are the unintended consequences of blocking all Windows Explorer network access ?

 

There will *always* be something that is not perfect on *any* program. I learned this quirk after 'fooling' with Windows and a bit of Linux also since back in 1984 or so.
There will always be a few people that will find 'something' in *any* program and if that program has a forum that the coder participates in there will be much more to come.
This is a good solid program. Now, it is not perfect, and never will be. But a solution is given, so use it.
My 2¢ only...no offense please.

 

1. Even the developer WISHES to make feature requests!

2. I take it not personally, nevertheless, you should know: I had reported some serious bugs, so the program is even better now for all users! Also I had reported some not soooo bad ideas, some of these are implemented now. Sometimes I help him even outside this forum (beta tests or LONG other analyzes/tests) via e-mail. This costs me much hours.

3. I have not just one WFC license. And I make a WFC translation (german) - voluntary!

4. What you think is the sense of this forum? The point is not, to make it perfect, but to make it better should be and IS allowed!

5. The developer is a smart man. He make the decisions, which request is senseful and which not! You must not "help" him. He is in holiday anyway right now ;-)

Then "no offense please"?! YOU make the offense ... a little at least However: such postings are useless and contra-productive. Let the people work and write here and make no troubles for nothing ...

In this sense!

Greetings
Alpengreis

PS: I was system admin on NCR ITX and Unix V (and other systems) and responsible for much things included many users and workstations. I know, that perfection is not possible, you can believe that!

 

Is there any chance to get WFC working together with DNSCrypt + Unbound (for cache) + disabled DNSClient (due huge HOSTS and dns cache [set to 4 hours])?

I know that the DNS client is necessary to proper get WFC working (as also mentioned on the homepage), but it seems to work also well with disabled client. My problem is:

* WFC 'crashes' without any feedback if there is a huge blocked list under 'connection lock' - you must restart the service after that.
* Even if I allowed everything for Unbound and DNSCrypt, it still thinks that Port 53 is blocked (maybe MS limitation or WFC's).

So my question is if there is any workaround + setup to get this working without negative side-effects?

 

About the disabled DNS Client service: you can see in the following link, what the effect is ...

www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-72#post-2513779

Greetings
Alpengreis

 

Thanks, but that doesn't answer my question how to solve this. As from what I can understand, it seems WFC isn't compatible with Unbound or DNSCrypt, so it should be mentioned on the official page or give the user a document/workaround how to deal with it. Besides that it shows the router IP, it still works on other applications just fine.

Btw, if the DNS problem can't be fixed I do not see any argument to use this product due the fact that almost every new router supports an option to change the DNS server (which is often used from what I know [not only malware reasons]). If that means the entire logic behind the firewall is then with this broken , this would be a no-go and I need to switch to Windows 10 Firewall or must wait for an fix/workaround or any ideas to handle it.

 

I can't seem to stop windows firewall (with WFC) from blocking UDP packets to and from uTorrent.

I created multiple rules for the correct utorrent.exe executable allowing ALL network access to and from all hosts on all ports. No go. I tried specifying UDP, and the originating port, too. I even tried creating a rule in windows, bypassing WFC entirely. I also tried allowing outbound UDP packets from the specific port I told uTorrent to use, port 55055. Nothing I do seems to stop the windows firewall from blocking these UDP packets. I can still use uTorrent, but I get thousands of UDP packets dropped, constantly.

Has anyone else run into this?

Edit: Just tried qBittorrent with the exact same problem. For some reason, windows firewall insists on blocking packets even when they are explicitly allowed in the rules.

Edit2: I think I figured it out, thanks to searching this forum-- Peerblock is catching some packets and blocking them. What confused me was that I didn't realize Peerblock used the windows firewall and logged in the standard security event log, I thought it did its own thing. So actually everything is fine. I guess.