Windows Firewall Control (WFC) by BiniSoft.org

If you use further this Software Proxy, this combo is senseless. You can't use WFwAs resp. WFC (which is a GUI for WFwAs) with a Software Proxy (you can't manage those outgoing connections right with your WFwAs resp. WFC - which means: you could only allow OR deny all proxy connections).

On the other side: if you would no more use this Software Proxy, you could use WFwAs with WFC without other Firewall product.

So in the sense as I wrote above ...

WITH Software Proxy:
- WFwAs (+ WFC) combo is senseless
- WFwAs (+ WFC) combo PLUS another Firewall is senseless

WITHOUT Software Proxy:
- WFwAs (+ WFC) combo works
- WFwAs (+ WFC) combo PLUS another Firewall is not recommended to avoid problems and incompatibilities (at least not if the additional Firewall would be for the same purpose as WFwAs)

So you'll have to make one big decision first: with or without Software Proxy!

 

which log do you refer to? connection log?

 

Is it possible to block web sites with windows firewall control? How would I do it?

 

WFC log from Event Viewer. Please check the troubleshooting section of the user manual.

 

I think... (provided you haven't got block rules that prevent this...)

Load up command prompt, and type the following: ping www.yourwebsitehere.com
It will do it's thing, and also pop up with an IP address.
Then in WFC, make an enabled block rule for your browser/all programs with the IP that popped up (insert IP into Remote Address section).

You could take this one step further (depends...) and use small 3rd party apps like IPNetInfo and DNSDataView to retrieve information for more blocks by IP Ranges, CIDR or DNS.

 

I'll try it, thanks.

 

Windows Firewall rules can't be defined for domain names. Only for IP addresses. This is not a limitation of WFC, but this is how Windows Firewall works.

 

I got 4 of these logged, but I think the timing is after I had the UI lockup.

Code:

System.Windows.Threading.DispatcherUnhandledExceptionEventArgs was caught.

They were logged about the time I posted about it, which I posted shortly after the event not during the event.

No other errors aside from those.

 

Please export them and send the file to support@binisoft.org to take a look at the errors.

 

Bad news about this one. The following options, even if they are available in WFwAS and saved in Windows Registry under (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules) they are not visible in WFC Rules Panel.

The reason: Microsoft forgot to update the Windows Firewall API in Windows 10 and these values are not returned. When WFC gets the IP addresses of a rule, these values are missing.

If someone can report this bug to Microsoft, please do so. I reported two different bugs regarding Windows Firewall API to Microsoft, back in 2013 and I never received any feedback from them. Also, the reported problems are still present in Windows Firewall API from Windows 8.1 and Windows 10 too. If Microsoft provides a fix for this, WFC will work with the new keywords. My job is done on this one.

 

marzametal -
It worked, the website is blocked, thanks.

 

@alexandrud

The not through API supported new "names" like "Internet", "Intranet" are a problem.

If a such rule is changed with WFC the new value is "Any".

Are you able to avoid this somehow?

EDIT: And after a rule copy with WFC the new value is "Any" too.

This problem is similar to the ICMP protocol change from ICMPv4 to ICMPv6 within WFC, wich does set the ICMP-Type to "Any".

All such rules should be NOT editable within WFC to avoid problems!

BTW: I have on my Win 10 system 6 such predefined standard Inbound- and 3 Outbound-Rules with value "Play To-Renderer".

I know, such rules are probably rarely in use - nevertheless: IF such are in use, problems will following after related use within WFC.

Greetings
Alpengreis

 

It is not possible because here the problem is that I can't identify such rules. The required information is entirely missing. If you change a rule that has remote IP addresses set to "LocalSubnet,Internet" in WFwAS, if WFC only the LocalSubnet will remain. If the rule has only the "Internet" set in WFwAS, then in WFC, the rule will be set to Any.

The other scenario that you have mentioned is different. In that case I know that there is a problem with setting some properties through Windows Firewall API. There is no way to detect these rules so I can't add a filter in WFC to avoid editing of such rules. As I said, there is nothing more that I can do about it. If Microsoft will fix the problem, then WFC will recognize these new keywords.

 

I understand. But PLEASE, Alexandru, make FAQ entries for those both cases.

EDIT: I have sent a problem report to MS too about the API - so at least they have one more now ;-)

 

INetFwRule won't work but I have tested WMI and it works. https://msdn.microsoft.com/en-us/library/jj676829(v=vs.85).aspx

 

Yeah, I saw just INetFwRule. I hope, Alexandru can use this info!

Thank you very much for your posting!

 

Unfortunately this does not help in this scenario.
1. The method that you have mentioned does not exist in Windows 7 which has 48.38% market share.
2. WMI may not be available on all computers. Last time when WFC used WMI (v.4.5.3.0 - detection of inserting of USB drives) I had a lot of bug reports because of WMI code that won't execute on many machines.
3. It can be used to see if an IP address is an intranet or an Internet network. However, it does not help to see if a firewall rule has the Internet or Intranet flag set, since a firewall rule received from Windows Firewall API is missing this information.

 

I should have been more precise, I was talking about querying MSFT_NetAddressFilter's and reading its properties RemoteAddress[] and LocalAddress[]. Seems to work on 8.1 and 10 both pro version. Sent you a sample in private.
WMI reliability could be a problem, and people would disable it for whatever reason.

 

JFI: I thought the netsh COULD be used as a workaround but nope, even for the command line utility they "forgot" the new names ... (at least I found nothing in the syntax help on cmd).

 

some weird thing with notification feature
every time i click Region & Language in W10 setting an notification popup with some svchost pid hosting 14 services.
I create 14 rules to allow every service in that chunk with full outbound access and i still get that notification with same pid
even all services in that pid are allowed to outbound.Maybe some kind of hidden telemetry/spyware **** from ms that bypass
svchost pid or some bug in windows connection logging

another thing alt mDNS defaut inbound UDP rule windows firewall interface show incoming ports as all but WFC phrase port
in rules list as "mDNS" and if i try to edit that rule don't allow "mDNS" entry as incoming port name

 

I have compiled your sample and it works on Windows 10. But there are a few problems:

1. WMI is very slow. Imagine calling that code for 300 hundred rules while loading the Rules Panel. Ok, let's say I call this code only when we open a rule for editing it in Rules Panel. At this point I could make the check and prohibit the edit on this rule because it has some values which can't be set by WFC. Saving the rule will remove those flags, so it will be better to disable the editing of such rule. But there are other scenarios too:
- You can change the group of such rules from Rules Panel context menu. This will remove these flags.
- The exported and imported policies will remove these flags.
2. On Windows 7 it doesn't work (error code 0x8004100e), but on Windows 7 these keyword may be skipped since they are not supported anyway.

Unfortunately this is not a solution. I will mention these in the user manual. The fix must come from Microsoft. I do not want to add dirty hacks which will slow down the application only to support a few rules that probably only 1% of users are aware of.

If you create a rule for svchost.exe without setting a specific service name, does it work ? Do you still see new notifications ?

Please make a screenshot of this rule in WFwAS and also in WFC. Thank you.

 

Yeah, and even the ex- and import IS a problem.

You say 1% of users: but you know that such rules seem standard Win 10 Rules (as I described earlier). And each user which make an ex- and later import and which includes those rules too, will have after this process incorrect rules. And the user have no idea about it!


About the mDNS rules ... I have the same problem too:

here are screenshots:

WFwAS:


WFC:


Regards!

 

if i create rule with no service i do not get any notifications

related to mDNS

 

For anybody who lands in the same problem (RDP unable to find computers within LAN after installing WFC) I solved it by first disabling and enabling remote connections again on each of my computers.

 

For the record, I am glad alex is making a stance to not just concentrate on windows 10 features that compromise windows 7, I think thats the right approach to make, whilst other security vendors seem too focused on windows 10.