Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Vilmalith

    Vilmalith Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    68
    I'm running in to a little problem with A3 Launcher (an Arma3 launcher) and WFC. Whenever A3 Launcher checks for an update it creates a random folder in the Temp folder and throws the updater in there. With WFC is set to anything other than Low Filtering it blocks the updater. I've tried setting a rule based on port and protocol and IP, but the updater is still blocked. If I allow the updater program, it's still blocked because I have to run it again and the folder it's in is randomly generated each time it's run.
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    Windows Firewall Control v.4.9.6.0

    Change log:
    - Updated: WFC recommended rules contain now the required rules for PING command for ICMPv4 and ICMPv6. Also, the recommended rule for WFC updater contains now the port 443 since the website uses now HTTPS instead of HTTP.
    - Updated: The disabled rules in Rules Panel and the entries in Connections Log use now system colors instead of hard coded colors. This improves readability when a high contrast theme is used.
    - Fixed: Inbound connections have local port and remote port swapped in Connections Log data grid.
    - Fixed: When choosing 'Customize and create' in Connections Log an inbound connection, the local port and IP should be swapped with the remote port and IP in order to create a working rule.
    - Fixed: Blank window with no message is displayed when trying to install an older version over an existing newer version.

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 63df00bbcb5f11e8208057c28e2316825ffd9ab3
    SHA256: 6dc5106c7018567adc4e5473ed0676b7d9acfe0312f3eb0578b9f9954848b1c1

    Best regards,
    Alexandru
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    Please check the following topic from the user manual:
    User interface > Rules Panel > How to create a rule for a program which executes from the temporary folder?
     
  4. Vilmalith

    Vilmalith Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    68
    So Low Filtering is the only option, since the port stuff was a no go. Thanks
     
  5. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Back in the day, eh.:thumb:

    Same as Tiny Personal Firewall on Win 2K.

    Robert
     
  6. Hifexar

    Hifexar Registered Member

    Joined:
    Mar 22, 2017
    Posts:
    12
    Location:
    Krasnodar Russia
    Usually almost all the programs in Windows take settings font smoothing from settings in Windows.
    Thus, you can control the font smoothing in the programs.
    But WFC is exposed in the forced font smoothing. And there is no control.

    Personally I always disable font smoothing, because I don't like the blurred letters.
    When font smoothing is disabled, the borders of the letters contrast, have a clear color transition. The letters are clear! Precise, sharp, readable, strict, neat. Don't know what the English word more accurately translates the Russian word "чёткий".
    From blurry fonts, my eyes get tired. They need more to strain as contrast is lost.
    The smaller the font the worse the effect of font smoothing.

    I mean, not everyone likes it blur fonts. Many just don't get it, as it has long been Windows includes the smoothing by default. They don't even know that there is a different and better. But in earlier versions of Windows, this was not. And those who are older, it's more noticeable.

    Why am I writing about this because very evident when everything is good and bad in WFC.
    I usually rarely open WFC, as the whole set, but now need to conduct tests with Chrome, and a lot of time looking in the logs WFC.

    "Nobody complained about this since 2010."
    Just they don't regret eyes. Or They don't know what this might have something to do.


    And by the way, the logs periodically stop updating when you press "Refresh list". This can be treated only by closing and re-opening logs, or closing and re-starting WFC. Why this happens is unclear, but apparently there is a bug somewhere.
     
    Last edited: Mar 26, 2017
  7. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    I experience the same problem if I refresh the logs regularly. Appears to happen randomly though.
     
    Last edited: Mar 26, 2017
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    Regarding the font smoothing, I will think about it, maybe a check box in the Options tab. I will see.

    Back to the Security log entries and the Connections Log entries, below is a screenshot that explains how it works:

    upload_2017-3-26_21-16-59.png

    I will keep an eye on the Connections Log in the next few weeks to see if there is a refresh problem in WFC code.
     
  9. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    336
    For me the new version feels to load websites slower. Haven't looked at a stopwatch but it feels slower somekind.
    Anyone else got that feeling or is just my imagination runing lose?
     
  10. Hifexar

    Hifexar Registered Member

    Joined:
    Mar 22, 2017
    Posts:
    12
    Location:
    Krasnodar Russia

    Thanks for all!
     
    Last edited: Mar 26, 2017
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    Since WFC doesn't do any packet filtering, it can't interfere with the websites loading times.
     
  12. Plutox

    Plutox Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    22
    Dear Alexandru -

    I have a problem with importing WFW files into the current version (4.9.6.0) of WFC. Problem occurs with both Windows 7 and 8.1.

    From 'rules' panel, right click and select 'policies/import', choose a WFW file - WFC issues a confirmation message but no rules appear. Neither do the rules appear in WFwAS. Importing a WPW file gives no problems and works entirely as expected. I can successfully save and re-import the full policy by selecting all the rules (Control-A) and saving it as a partial policy (a WPW file).

    But WFW files seem not to work at all. This is on standard, single user machines with nothing unusual. This ought not be an issue with secure rules as I have turned secure rules off before importing. In any case, as I am re-importing my own rules, all the group names are already present and secure rules is set to disable, not delete.

    Your thoughts please.
     
    Last edited: Apr 1, 2017
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    WFC uses netsh to import a WFW file which is a Microsoft proprietary format. You can read below how to use this command to import a policy file manually. In this way you can see the error result that the import gives with your file.

    https://technet.microsoft.com/en-us/library/cc771920(v=ws.10).aspx#BKMK_1_import

    WPW format is just an XML file used by WFC to import or export only the specific rules.

    If you export a WFW file from Windows 7 you can import it in Windows 8 and Windows 10. But, if you export a WFW file in Windows 8 and then you want to reimport it in Windows 7, it will not work. It doesn't work because each new version of Windows has new rule properties, and when you want to import some rules (newer version of Windows) with unknown properties (on older version of Windows) it will fail.

    Have you tried to reimport the policy file directly from WFwAS instead of WFC ? Does it work this way ?
     
  14. Plutox

    Plutox Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    22
    Thanks for the response.
    The error is "access denied"
    Likewise, "access denied - code 5"

    OK, this explains the failure mode. But why? The profiles are being stored in the usual documents area. If you can write a profile to this folder, why can you not read it back afterwards. The WFW file properties confirm that I am the owner. Ownership details appear identical to those of the WPW file that works correctly.

    Also, I confirm that I am not attempting to load Windows 8 files into Windows 7 or vice versa - all tests have remained on single machines.
     
  15. guest

    guest Guest

    @alexandrud Hi

    In the Rules Panel Window, if you click 'Show Invalid Rules' and then click on 'Show Duplicate Rules', duplicate rules window is empty but if you refresh list and then directly click on 'Show Duplicate Rules', the duplicate rules are displayed alright.

    So, the problem is transition from Invalid to Duplicate Rules is not diplaying the duplicate rules.
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    1. Try to move the file to D:\myfile.wfw or any other partition from your computer. Are you able to import it from there ?
    2. Did you change recently any Windows Firewall or Security properties through Group Policy Editor ?
    3. Do you use any encryption of your files from your disk ?
    4. Do you have this problem with a specific file or with any exported files from this computer ? If you export a new policy file are you able to reimport it back ?
    This works correctly. Those buttons will apply a new filter over the displayed items. When you Show Invalid Files you will apply a filter over the entire rules set. Then when you Show Duplicate Rules you apply a new filter over the last results. It works the same if you press those buttons in the opposite way.

    Create two duplicates of an invalid rule and check the behavior again. From my point of view, this works as intended.
     
  17. Plutox

    Plutox Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    22
    This is fascinating and it appears that it isn't really your problem, but Microsoft's ;)

    Working entirely from the NETSH command line, it seems that exporting the rule set via "NETSH advfirewall export myfile.wfw" and immediately attempting to re-import it ("NETSH advfirewall import myfile.wfw") results in the same error. Nothing to do with your software. But odd, nonetheless. This is on two different systems, one W7 the other W8.1.

    Moving the exported file doesn't seem to make any difference. I have checked the ownership details of myfile.wfw and there doesn't seem to be anything unusual about it.
    No. No.
    No! So far, this is all I have tried to do – re-import a file I have exported, on the same machine with no more than a few minutes between one and the other. Strange.

    I'm really not too worried by this as it appears that doing a 'partial' export with all the rules selected achieves the same result as a global export, but it is fascinating.
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    This is odd.
    1. Maybe the export file is corrupted. Please send me your exported file from Windows 7 to see if I can import it on my machine.
    2. Maybe another security software keeps the file blocked (by extension), or denies Windows Firewall from importing new policy files. Some anti executable security programs may block the execution of console applications. Since netsh is executed in the console, it may be blocked by such a software.

    Please let us know if you find the culprit. This is something on your side, something that you have installed, tweaked, restricted on both of your Windows installations.
     
  19. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    @alexandrud

    Respect prevention for apps to create new rules by themselves I found this recommendation in a forum. Haven't tested them though:

    1) Open Control Panel and set View option to Small icons. Then go to Windows Firewall - Advanced settings.
    2) Export your Windows Firewall settings by selecting Export Policy... from the context menu of Windows Firewall with Advanced Security on Local Computer.
    3) Delete all the rules from Inbound and Outbound Rules by Ctrl+A and Delete keys.
    4) Go to Control Panel - Administrative Tools - Local Security Policy.
    5) Expand Windows Firewall with Advanced Security.
    6) From the context menu of Windows Firewall with Advanced Security - Local Group Policy Object,
    - Select Import Policy... to import your firewall policy file(.wfw) created by step 2.
    - Select Properties and then click Customize... in Settings under each profile tab(Domain, Private, Public), and set No to Apply local firewall rules.


    Question: Does this method actually work?
     
  20. Plutox

    Plutox Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    22
    That was the clue.

    The heart of the problem was Kaspersky’s “self-defense” facility. Once this is turned off, import works as expected, both within WFC and NETSH. Although I have Kaspersky’s firewall disabled, perhaps their firewall operates in the same manner as WFC (a front-end for Windows Firewall) and, therefore, protects against the loading of rule sets.

    Thanks for your help.
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    1. This does not work if you have a Home Edition of Windows which does not include Group Policy Editor. For this reason this is not a solution for everyone.
    2. Windows Firewall API won't return the firewall rules enforced through Group Policy Editor, this means these rules won't be displayed in WFC Rules Panel. However, they will be displayed in WFwAS but they will be read only. They can't be modified or removed.
    3. Setting No to Apply local firewall rules will just ignore the rules defined in WFwAS and only the rules defined in Group Policy Editor will be taken into consideration. Any new rule created through WFC or WFwAS or by a 3rd party software through netsh, will not apply at all. You will have to create any of your rules from Group Policy Editor. In this case the user is forced to use an interface similar to WFwAS, which is the reason why WFC was created.
     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    @alexandrud

    Splendid explanation, thank you so much.
     
  23. mortl

    mortl Registered Member

    Joined:
    Jul 17, 2009
    Posts:
    64
    Windows Firewall Control 4.9.6.0 - free version

    Is there a way to change filtering to medium without it blocking me from the internet?
     
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    When you enable outbound filtering in Windows Firewall (Medium Filtering profile in Windows Firewall Control) all outbound connections without an allow rule are by default blocked. In this case you have to create a few allow rules for the programs that you really want to allow to connect.

    What means to you "blocking me from the internet" ? Did you create an allow rule for your web browser ?
     
  25. Kerrison

    Kerrison Registered Member

    Joined:
    Jul 14, 2015
    Posts:
    9
    I just upgraded to the final Windows 10 15063.13 64bit and WFC stopped working. I can't get the program to start at all while the WFC service is running, and reinstalling it from the latest download doesn't work either.

    Additionally it blocks all outgoing connections until I enable them for my connection in windows firewall settings-- took me awhile to find this as I've never actually used it without WFC before!

    Event from the crash: https://pastebin.com/C3grgSVb

    Crashing on d3d9.dll, oddly enough.

    Looks like we need an update here.
     
    Last edited: Apr 5, 2017
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.