Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    I apologize if this has been asked or answered before. How do I allow the connection for Windows Mail on Windows 10 with Medium Filtering?
     
  2. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Can you explain this, please? What is with all the default Win 10 Inbound rules (most extra rules but not all) which have Protocol = ANY?? And other program installers make such rules too - examples: Acronis True Image, iTunes, Take Command ...

    Thanks in advance!
     
  3. Shamshi Adad

    Shamshi Adad Registered Member

    Joined:
    Mar 16, 2016
    Posts:
    40
    Location:
    Eastern Shore of Maryland, USA
    I agree. At the end of the download I want the OPTION to SAVE it to my DL Folder or RUN it NOW.
    Peace. Alan
     
    Last edited: Jul 24, 2016
  4. killingtime

    killingtime Registered Member

    Joined:
    Jul 27, 2016
    Posts:
    8
    Location:
    UK
    Hello,

    I'm looking for a front end to the default Windows 7 firewall but have some questions about WFC;

    1) Is it possible to download the user manual for this application without installing the product? I know the user manual comes with the program but I have another firewall installed at present and don't want to delete the rules. Can't find the user manual on your website either although I have seen the youtube video.

    2) Does WFC modify or add any rules as part of its installation? If so what?

    3) Following on from 2), once installed does WFC lock the firewall down like tinywall so nothing gets out at all without user intervention, of does WFC just use the rule-set in place at the time it's installed?

    4) Is there any guidance in your manual on performing service orientated filtering - like allowing or blocking network printing? WFC will most probably be capable of this but the average user is unlikely to know which executables to set permission on - an what the permissions should be. I know from reading the tinywall manual that there are document sections on which rules to modify to allow such activities (including the Windows store). This question is perhaps a bit beyond the scope of WFC because it's a GUI for existing windows functionality, but without the information an average user would be lost.

    Thanks,
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,792
    Location:
    .
    Here you go...
    cloud.mail.ru/public/4gDm/sqS6gGYAy
     
    Last edited: Jul 27, 2016
  6. killingtime

    killingtime Registered Member

    Joined:
    Jul 27, 2016
    Posts:
    8
    Location:
    UK
    Thanks, I'll give it a read tonight.
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    There must be a cause. You have to investigate this more. Check your other security products, your IPv6 configuration, your router configuration, etc.
    You can enable the notifications or you can use the Connections Log to see which executable file is blocked when you launch the Mail application which gets blocked.
    I meant to say that for torrent clients, separate rules are required to fix the connectivity problems. With an ANY inbound rule the torrent client will display the user as unconnectable. After setting two distinct rules for UDP and TCP, this problem is fixed.
    1) Not yet. It will be in the future but I have to change a little bit the website.
    2) WFC leaves Windows Firewall rules intact at installation. At uninstallation the user has multiple choices, including reverting to the rules he had before installing WFC or to leave the rules as they are.
    3) No. The user manual is related to WFC functionality and it's purpose is not to explain how to configure a firewall in general. The WFC recommended rules contain the rules required for network printing.
     
  8. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    I think that didn't work. Firstly, even with Medium Filtering, there's no notification about Windows Mail, although other programs have notifications. And secondly, I had enabled Low Filtering several times already, but when changed to Medium Filtering, Windows Mail wouldn't work again.

    Windows 10 Mail works on Low Filtering, but not on Medium Filtering.

    There's something going on with firewalls like yours (the other problematic one is TinyWall) that prevent Windows Mail app to connect. Internet Suites like Kaspersky's and ESET's work flawlessly.

    Can you check, please? :)
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    I just tried to use the Mail app from Windows 10. While I was connected to my local proxy it didn't work at all because I didn't find any way to insert my proxy username and password. It always said that it can't connect and that was all. Even with Windows Firewall disabled. So, I had to connect my computer directly to the Internet through my phone's connection.

    1. To allow Mail app to connect and sync your email, you must create an outbound rule for svchost.exe.
    2. To send an email you have to create an outbound rule for C:\program files\windowsapps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\hxmail.exe
    3. To be able to add a google account you have to create an outbound rule for C:\windows\systemapps\microsoft.accountscontrol_cw5n1h2txyewy\accountscontrolhost.exe and one for C:\windows\system32\authhost.exe

    I have added two accounts, one Outlook account and one Gmail account. In both cases, the synchronization failed. For example, in the Inbox folder only a few emails were downloaded, in the SPAM folder all emails were downloaded, for the other custom folders it displayed the message "We didn't find anything to show here" even if I have tens of emails in all folders. I had the same synchronization problems even with Windows Firewall disabled.

    So, if you don't mind to miss important emails, then you can use the Mail app. My impression is that this app is very buggy and incomplete.

    Regarding WFC, there is nothing that should be changed because the problem is not WFC. You have above the files that you have to allow in order to use this app. To find these I had the High notification level enabled. The same blocked connections could be found in Connections Log.
     
    Last edited: Jul 28, 2016
  10. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Thanks, alexandrud!
    I'll try those.

    Edit:
    It works! Thanks!
    Is there no security risk in allowing svchost to connect outbound?
     
    Last edited: Jul 28, 2016
  11. full_inu

    full_inu Registered Member

    Joined:
    Jul 28, 2016
    Posts:
    3
    Location:
    Russia
    This app currently doesn't support IPv6 addresses, right?
    Because i noticed, that even without allowed entries (for svchost.exe) Windows 7 claims PPPoE connection as established (but really it doesn't).
     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    svchost.exe is used by all Windows services to connect to Internet, including Windows Update. There is no security risk of allowing svchost.exe. However, some telemetry tasks are also done through svchost.exe. :( For this reason, I have "upgraded" recently back to Windows 7. :)
    Windows Firewall does support IPv6. WFC is just a controller for Windows Firewall, not a firewall by itself. Please give more details, screenshots.
     
  13. full_inu

    full_inu Registered Member

    Joined:
    Jul 28, 2016
    Posts:
    3
    Location:
    Russia
  14. PrinceYann

    PrinceYann Registered Member

    Joined:
    Nov 29, 2015
    Posts:
    38
    Bug Report for 4.8.2:

    Previously I sent a bug report about the Connection Log crashing when the security log was set to 200,00 MB max size. That was fixed, now there is no crash anymore, but the connection log does not refresh correctly after the first query.

    Try to reproduce by doing this: set the options "recently blocked, outbound, all connections, all entries", press F5, wait for the results, now change "all entries" to "fist entry" and press F5. When the "Please wait..." is gone, the entries show aren't updated, being the same for the first query.
     
  15. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    I did the above: All listed = 55, Last listed = 6. Seems to work on my system.
     
  16. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    357
    Location:
    Canada
    I was just coming here to report the same - for the last 2 versions - Connection Log does not refresh after loading. You need to exit - reopen - change settings - reload. this is the same on all 3 installs of WFC i have

    EDIT: OS is Win10
     
    Last edited: Jul 30, 2016
  17. blikksem

    blikksem Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    4
    I'm running the latest (4.8.3.0).
    I run it in Medium Filtering mode.

    Almost every time I reboot now, WFC starts up in No Filtering mode.
    I happened to notice it as on one reboot, WFC went into High Filtering mode.

    Any thoughts?

    PS: Under the Security Tab, Secure Boot is toggled on.
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    I just tried this on my Windows 7 computer. I have removed all the rules then I cleared the Security log. After a few minutes, there appeared some allowed connections to multicast addresses on UDP protocol which are usually used for discovery purposes and some loopback connections which are normal. In your screenshot, the IP 52.169.179.91 appears to be one of the Microsoft servers. Maybe it has something to do with the telemetry "features" from Windows 10. It would be interesting to have a response on this from Microsoft. The Connections Log just reads and displays the entries from the Security log of the system. The blocking and the allowing is made by Microsoft Windows Firewall, not by WFC. They have probably a better answer than me regarding this behavior.
    I can't reproduce this. It works normally on my systems. Do you still have the large log size set ? Are you able to reproduce with a smaller log with a fewer entries ?
    Due to the fact that the security log size is fixed, it may be possible to have only recently allowed connections in the list or only blocked connections. Older entries are overwritten by newer entries. When you open the Connections Log after you press the Refresh button there are no entries displayed ? And if you close the view and reopen it, then it works ?
    Make sure that there is no other security product that you use that tries to disable Windows Firewall. You can enable the revert profile from the Profiles tab to make sure that your profile gets back to Medium Filtering if it is switched to another filtering profile. If the High Filtering is enabled at start-up the reason is the Secure Boot feature which does this on purpose.
     
    Last edited: Jul 30, 2016
  19. PrinceYann

    PrinceYann Registered Member

    Joined:
    Nov 29, 2015
    Posts:
    38
    I cleared the Security log and couldn't reproduce it. I will let it grow to 200MB and test again.
     
  20. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    357
    Location:
    Canada
    thanks for the reply - when I open the connection log everything displays correctly when i 'refresh' the first time. For example, I open the log below and 'refresh with settings 'recently blocked', 'outbound', etc... and it loads fine - 277 entries. I then change the direction to 'inbound' and 'refresh', but after 'waiting...' the entries are not updated. If i close the connection log - reopen - refresh - then the correct entries will show up. I have 4.8.3 & believe this started with 4.8.2, but i also installed Win10 around the same time. Also, I think that with a small log file I can change settings and refresh a few times before it locks up, but with a larger log file (say ~9000 entries) then it always just works once

    refresh.JPG
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Ok, thank you for your feedback. I will let my log size grow up to 200MB and I will do some more tests.
     
  22. alexchan1016

    alexchan1016 Registered Member

    Joined:
    Jul 31, 2016
    Posts:
    2
    Location:
    china
    win 10 14393.5
    wfc 4.8.3.0

    it is almost every time after I restart computer, when the wfc in the taskbar but i double click the icon there is no response , and if there are new program need to connect to the Internet ,there is no notice bar to show in the right down area.

    sometimes i use the process explorer to end the wfc.exe and reopen wfc , it works , and sometimes still not work..

    i want to now why , this question happens very frequent in many win10 inside versions and many wfc version . while i can only remember that last year , this status never exist , but since 2016, it came up.
     
  23. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Problems with Connections Log too ...

    Alexandru, you know I report a problem with empty Connections Log. I thought, this was a one time problem only but unfortunately, it's not the case.

    I have now more details about this behaviour:

    1) I have this problem NOT with "Inbound" Log "Recently Allowed/Blocked connections" and

    2) I have this problem NOT with "Outbound" Log "Recently Allowed connections"

    3) I HAVE this problem with "Outbound" Log "Recently Blocked connections"

    I see the following effect:

    I have only few entries (maybe 10 or so) in the log and then - even at the same day - the log is cleared! Then few entries again and log is empty again and so far ...

    So for me it seems a problem with the log size (limit) through WFC.

    MAYBE this could be related to my NON english localized system (you know we have other signs and so (if you have in english localized Win a "," we could have a "." or vice versa.

    Can you check this please?

    Regards!

    Alpengreis

    EDIT:

    PS: The protocol size from windows (%SystemRoot%\System32\Winevt\Logs\Security.evtx) is 20480 KB by the way, maybe WFC has a problem with defined limit for outgoing blocked size-/time only or so ...
     
    Last edited: Jul 31, 2016
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Please read this post:
    https://www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-96#post-2590481
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Please take a look at the screenshot below. My log size is 200MB, so the size is not a problem. Indeed, it took almost 4 minutes to process this log file on a i5 CPU with 8 cores. I have entries from the past 4 days, but depending on the Internet usage, all these 200MB can contains the entries only from the past few hours. For a log size of 20MB, depending on the Internet usage, the entries can be only from the past minutes.

    1. When you say that Connections Log has a problem with the outbound blocked connections, check in the Security log if you have entries with Event ID 5157 and the Direction set to Outbound (%%14593). If you don't have such entries, then Connections Log has not found anything to match these. If you have such entries but Connections Log fails to read and display them, please check the WFC log for event ID 323. If no such event id is logged by WFC it means that the processing did not encounter any problem.
    2. Try to disable the logging for allowed connections from Connections Log and check if the behavior changes.

    upload_2016-8-1_9-39-14.png
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.