Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Ah, yes, that's right. Just the font color is no more different, sorry about that.

    Correct, I had another thing in my head.

    Yes, after changing the ICMPv6 type to ICMPv4, the ICMP-Type is set to Any - but okay, not a big thing. MAYBE you could integrate a warning here too?

    Okay, it's enough, right.

    Hahaha, yeah, could be, indeed :)

    I know the fact about the non-supported API.

    I think the most dangerous here is not the changing itself which changes to "Any" instead the expression, it's more the following: user make a backup of some rules with importing later (NOT a hole policy which is no problem, I know), THEN such rules are changed too to "Any", but he does never see this, except he check ALL imported rules.

    What do you see for such new expressions whithin WFC? Have you really NO CHANCE to identify such rules (would be not necessary to have the real addresses)? IF, then you could make those rules read-only too.

    However: thank you!
     
  2. mi3mi2

    mi3mi2 Registered Member

    Joined:
    Mar 18, 2016
    Posts:
    19
    A performance impact would be inevitable, yet if the user is made aware of that and this is implemented as a third option of Secured Rules, I trust those willingly choosing this dynamic helper rather than the other straightforward options of 'disabled' or 'deleted' would be more than happy to accept such an impact, so as to retain a clue but get rid of the annoyance of endless repetitive entries in their Rules Panel.

    After all, such performance impact as a result of an iteration would only be momentary and on uncommon occasions when somebody with unprofessional bad programming practice insists on creating unauthorised rules despite such rules user created, modified, renamed or even merely grouped already exist. Under normal circumstances programs would not even attempt to create rules as long as it is not blocked, so I guess most users might never even encounter such an impact.

    And, for those having to bear the iteration impact, wouldn't they be compensated by better performance of the Rules Panel with much less redundancy?

    Thanking you again, in anticipation!
     
    Last edited: Dec 24, 2016
  3. Grumlo

    Grumlo Registered Member

    Joined:
    Nov 14, 2015
    Posts:
    176
    Thanks Alexandrud
    I will check in few days.
    I cannot use secure rules with network shareware?
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    This is because not all ICMPv6 have a correspondent ICMP type for ICMPv4. Resetting it to Any is a working solution that always work, otherwise the change may fail when saving the rule.
    One solution would be to display read-only (without the possibility of modifying) all Windows Firewall default rules. Then default rules can be modified from WFwAS and custom rules from WFC. But I think this is a little bit to much, because:
    - from WFwAS you can't modify rules that have a group name set, while from WFC this is possible
    - duplicating, importing, exporting a rule with "Internet" keyword is not solved anyway by this approach

    I have no solution to this. We have some limitations because WF API does not implement all the things that you can do from WFwAS.
    Your point of view is correct. I will see what I can do about this.
    You can use Secure Rules with network shares but if you have Secure Rules enabled and "File and Printer sharing" group is not added in the authorized groups list, then enabling File and Printer sharing may fail because Secure Rules will delete/disable these rules.
     
  5. Grumlo

    Grumlo Registered Member

    Joined:
    Nov 14, 2015
    Posts:
    176
    Ok i understood :)
    Thanks
     
  6. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Aha, ok - NOW I understand it, that makes sense!

    No, this would be indeed too much. Then we have really to life with ...

    I see ... one suggestion yet:

    could you display a warning (similar to the "Defer-to-User" rules) for all Windows Firewall default rules instead to make those read-only? And maybe a warning too when a user opens the Rules Manager first time (with warning for backup and import of such rules), perhaps really for first opening only OR user could deactivate warning then manually?

    Thank you very much for your always detailed explanations.

    Have good holidays (if you have hopefully)!
     
    Last edited: Dec 26, 2016
  7. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    installed but not seeing any connections listed at all.
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    I will think about it.

    1. Do you have the Allowed connections and Blocked connections check boxes checked in Connections Log window ?
    2. If you go in Event Viewer, under Windows Logs -> Security do you have events logged with ID 5156 (permitted) and 5157 (blocked) ?
    3. When you enable the notifications system, WFC calls internally auditpol.exe with some parameters. Make sure that your other security programs do not block auditpol.exe or wfcs.exe from being executed. If this happens, WFC may fail enabling/disabling the required auditing options.
     
  9. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    OR maybe even better the following:

    here I have only those standard Windows Firewall rules with new expression:

    6 x Inbound & 3 x Outbound with new Expression: PlayTo-Renderer

    ALL those 9 rules have the same Group name: Play To functionality

    So - if this would be the case on ALL systems - you could only block this Group name "Play To functionality" for editing AND if possible for im- and export as "single" rules.

    I know there are more than 9 Windows Firewall standard rules with this Group name (other rules with NO new expression anem too), but would be better than involve ALL Windows Firewall standard rules ...

    OR (maybe a dangerous one):
    How would it be to block those rules direct in the registry? I have her the following reg key for FW rules:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

    then a such rules - for example with new expression "Intranet" includes the following text:

    v2.26|Action=Block|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA42=IntrAnet|RA62=IntrAnet ...

    Ok, had just some ideas ... maybe you can use it, maybe not ;-) ...
     
  10. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    "1. Do you have the Allowed connections and Blocked connections check boxes checked in Connections Log window ?"

    i see now i have not activated the program.

    i guess i thought this program was free but it appears not all option are available without a donation.

    i don't use paypal.
     
    Last edited: Dec 28, 2016
  11. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    808
    Need not have a paypal account to make donation.

    You can select 'Pay with Credit Card or Log In' in the paypal page.

    Credit Card - Visa, Master, Amex, Discover
     

    Attached Files:

  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    The website from where you download the software and the EULA that is available when you install it specify very clear that the notifications system requires activation. Anyway, Connections Log is available without activating the program. The problem that you have has nothing to do with the activation.
     
  13. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    @alexandrud After the latest version of WFC, I've noticed that WFC tends to use a lot of CPU, any idea what's going on?

    WFC Using a Lot of CPU After Recent Update.png

    Actually, I've been experiencing this. As I pointed out earlier, there's something in Windows 10 that's trying to create these phishy Internet Connection Shearing rules:

    Phishy Internet Shearing Firewall Rules.png

    As Secure Rules keeps disabling the unauthorized rules, and I'm not aware of what's creating it (perhaps another windows 10 telemetry?), they keep piling up as you can see above. Best solution would be to determine what's creating those rules, but until I can, it's better to not have them piling up...perhaps keep only the latest.
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    What was WFC tray application doing while the high CPU was observed ? Was it close, open, loading Connections Log items ? DO you have this high CPU usage all the time or this was just a moment ?
     
  15. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    uninstalled and reinstalled.
     

    Attached Files:

  16. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @boredog

    Notifications are NOT the same as entries in Connections Log. A Notification is this for example:

    WFC_notify.JPG

    So, Alexandru is right: the not activated program has NOTHING to do with your empty Connections Log.

    Technical generally: In your Log for RECENTLY BLOCKED CONNECTION, you should see - as the name says - each recently blocked connection for OUTBOUND for the last 100 blocked - REGARDLESS if they would generate notifications or not (not each blocked outbound connection does generate a notification - you could even define different notifications preferences and for ex. if you have a related block rule you will never receive a notification for this blocked connection).

    In SHORT: notifications are for activated WFC only, Connections Log should work ALWAYS.
     
    Last edited: Dec 29, 2016
  17. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    well i have tried to install it three times and just can't see any connections listed. and so currently i can't use it.
     
  18. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    No window was open, it was running on medium filtering in the background, and it was like that for like 15 minutes, then it went back to normal. Usually does it on every system start up or randomly.
     
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    1. Blocked connections are recorded only if you use Medium Filtering profile. If you want to see recently allowed connections, do you see them ?

    2. Have you checked in Event Viewer if there are entries logged in Security category ? Check my previous answer to you regarding this.

    3. Please execute the following command (auditpol /get /category:*) in a CMD prompt with administrative privileges. When you change the Connections Log check boxes, you should see changes regarding "Filtering Platform Connection". Below in my example, "Success and Failure" means that logging is enabled for allowed (Success) and blocked (Failure) connections. So, if you change those check boxes but the value from auditpol remains the same, it means that one of your security products (you know which ones you use) block WFC from executing auditpol.

    upload_2016-12-29_20-19-7.png

    I will do some more tests. It does not happen on my computers. I will keep an eye on this.
     
  20. dada1980

    dada1980 Registered Member

    Joined:
    Jan 2, 2009
    Posts:
    4
    Did you tried to refresh the connection log? Mine does not show the log list when I open it, I have to refresh it every time.
     
  21. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    ah ha!!! i had filtering set to low. now have set to medium and can see connections. :D
     
  22. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    It also appears to occur when I resume my Surface Pro from sleep/hibernate.
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Windows Firewall Control v.4.9.2.0

    Change log:
    - Fixed: At uninstallation the "Program Compatibility Assistant" is displayed. The code was updated to avoid displaying this for WFC installer/uninstaller.
    - Fixed: After last update, the columns visibility is not remembered after reopening the Rules Panel or Connections Log.

    New translation strings (which I forgot to mention in the previous version):
    840 = Apply to all programs and services
    841 = Apply to services only


    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: aea6d88fedfd6aa4121d9d7ea385da52a9f0f5b7
    SHA256: 2a37c79dec9891705db6fb269981d5ad178217beb40257dcd6dec2ffb6628341

    Happy New Year!
    Alexandru
     
  24. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Thank you for new version and a happy new year for all.

    For the german language users // Für die deutschsprachigen Benutzer:

    The german language file is already sent to Binisoft.org and should be available very soon // Die deutsche Sprachdatei ist bereits an Binisoft.org gesendet und sollte in Kürze verfügbar sein.
     
  25. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Happy New Year!

    Thanks for such a well designed and constantly improved software.

    Robert
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.