Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    In case someone wonders why the website is not working, the hosting company a2hosting has some trouble and the website will be back online soon.
    Thank you for your understanding.

    LATER EDIT: It works again.
     
    Last edited: Nov 3, 2017
  2. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    I am guessing it is best to go into Low Filtering while doing any installs?
     
  3. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Installs for what? I never do this.
     
  4. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    When I am installing a new program/application on my PC. There are a few that I never update because of other issues. I always remove them and clean install the newest version.
     
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    It depends. If you have an offline installer, then you don't have to change the profile. Some installers are web installers which will require to download some extra files. To avoid creating temporary rules for the installers, it is easier to disable outbound filtering until the installation finishes. But, some installers will want to connect to the Internet even if they do not need to download extra files. These ones I want to keep blocked. :)
     
  6. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    Exactly! Thanks also. I trust the few apps that require me to remove and reinstall. It is just a pain because they need a reboot if upgraded. It was just a pain trying to allow each plugin/module access every install. I will just set to low while doing this now. They only need updating once every 30-45 days so its not a major issue. Absolutely loving WFC!! Lets me block windows update with my rule disabled, until I am ready to update. :)
     
  7. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    These commands do not work (elevated command prompt), Win10 v1607 x64, status of the WFC in the tray does not change, in the same way nothing changes in WFwAS.
    Medium Filtering:
    netsh.exe advfirewall set allprofiles state on
    netsh.exe advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound

    Low Filtering:
    netsh.exe advfirewall set allprofiles state on
    netsh.exe advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound

    No Filtering:
    netsh.exe advfirewall set allprofiles state off
    And which command to ON High Filtering?
    Thank!
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    I just tried on my Windows 10 machine and these commands work. I use an en-US version of Windows.
    If you change profile from WFC user interface, does it work ? If the answer is yes, then these commands work on your side too because WFC executes exactly the same commands.
    There is no command for High Filtering profile. Windows Firewall does not contain this mode. To achieve this, when this profile is set in WFC, two new firewall rules are added to the firewall, named High Filtering profile - Block inbound connections and High Filtering profile - Block outbound connections. These two rules are defined to block all connections for all programs. These are two special rules and cannot be deleted from the Rules Panel. When the profile is switched to another profile, these two rules are automatically removed (by WFC).
     
  9. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Yes, it works, no problem, and when I turn ON the High Filtering profile, I see two new rules in WFwAS.
    Some time ago worked and from the command line, and then I decided that the Windows updates broke something.
     
  10. bORN2BWILD

    bORN2BWILD Registered Member

    Joined:
    Oct 3, 2016
    Posts:
    26
    Location:
    Greece
    I'm using for the last decade Comodo standalone firewall. In my wife's laptop i use WFC. Love them both (not my wife, Comodo and WFC).

    I have a problem with Comodo and i would like to ask if WFC behaves differently. Lately i get Generic OUTGOING alerts about Windows Operating System trying to access the Internet. And i can't tell what exactly happens, if it is really Windows (10) or some other software using Windows to connect. Comodo says that sometimes it is impossible to know what exactly is asking to Internet Access.

    Is WFC different ? Will i be able to know what software or dll or whatever is trying to get Internet access ?

    Thanks
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    If the operating system will try to connect to the Internet you will get notified about svchost.exe is trying to connect to the Internet. Since every Microsoft Windows service is using svchost.exe to connect to the network/Internet, you can't be sure which service is requesting the communication. Also, these communications are encrypted, so even if you find out which Windows service wanted network access, you can't really find out why. If you are using Windows 10, taking into consideration the telemetry, connection attempts from the operating system should not be something unseen until now. In your case, probably the operating system wants to connect. If other software (malware) tries this, then your antivirus should say something.
     
  12. bORN2BWILD

    bORN2BWILD Registered Member

    Joined:
    Oct 3, 2016
    Posts:
    26
    Location:
    Greece
    @alexandrud

    svvhost.exe and telemetry.exe are recongnized all-right. Windows Operating System is something else, hidden. I'm using Windows 10, 64 bit Pro. I have no Malware or anything. Probably some application is trying to hide. To phone-home ?

     

    Attached Files:

  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    I don't know the meaning of "Windows Operating System" in the context of Comodo software. Maybe it is the same as "System" from Windows Firewall?
     
  14. bORN2BWILD

    bORN2BWILD Registered Member

    Joined:
    Oct 3, 2016
    Posts:
    26
    Location:
    Greece
    No because System has a predifined rules set in Comodo. Comodo said that Windows OS is something they can't recognize.

    See my thread:

    https://forums.comodo.com/firewall-...ows-operating-system-t115826.0.html;topicseen
     
  15. bORN2BWILD

    bORN2BWILD Registered Member

    Joined:
    Oct 3, 2016
    Posts:
    26
    Location:
    Greece
    anyway i guess i must try myself WFC to see what happens ....
     
  16. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    Comodo did not block windows update and the windows store for me when I tried it. I did not attempt to block them but did not allow any requests other than my attempts to use my apps/programs. It never once asked me for the things required for win update or store and they worked.

    With WFC, the second I opened the store it asked me for two different requests for access, svchost and runtimebroker. svchost for windows update and both for the win 10 store. This is why I love WFC over all the other firewalls ( have tried 99% of them). It only allows what I want it to allow. Hope this helps.
     
  17. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    If you have Comodo Firewall in safe mode, it will automatically allow any outgoing request from trusted apps. If you wanna get alerts you have to switch to custom ruleset mode.
    Nevertheless, if you set up a rule to block for example Windows Store, it will block any outgoing connections even in safe mode
     
  18. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    It has been a while since I tried Comodo. I think it was 3-4 firewalls ago. I was using ZoneAlarm right before WFC. My god what a resource hog... Thank goodness for WFC.
     
  19. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)

    Windows 10 Home x64 v1709 OS Build 16299.19

    Please read the above Quotes word for word first!


    The Windows Firewall Control rule for Windows Update should not be labeled "Windows Update" because svchost.exe is not bound to any of the REQUIRED Windows Update Services or bound to any of the REQUIRED Windows Update program executables at all in this rule. The rule is only bound to svchost.exe, and only binding svchost.exe to TCP:80 and TCP:443 outbound only. ANY call to svchost.exe from ANY source requesting outbound to TCP:80 and/or TCP:443 will not be restricted. This rule violates the Windows 10 service-hardening rules.

    The program svchost.exe in this rule exists free reign OUTBOUND to TCP:80 and/or TCP:443 for ANY Application or ANY Service that calls svchost.exe requesting outbound to TCP:80 and/or TCP:443, leaving TCP:80 and TCP:443 wide open, thus contradicting the built-in Windows service-hardening rules for the "Host Process for Windows Services" (svchost.exe).


    Now, the Windows Firewall Control rule for the Windows Time Service (W32Time) is correct, and restricts svchost.exe to the W32Time Service and restricts communications outbound to only UDP:123 because svchost.exe is BOUND to the W32Time Service and BOUND to UDP:123 outbound only. That of which is the internal Windows default rule in the service-hardening rules for svchost.exe when svchost.exe is conjoined with the W32Time Service. As an result, ALL other requests are dropped within this particular rule that do not match [svchost.exe with W32Time Service with UDP:123 outbound] as one communication process.

    Microsoft Corporation is not going to allow serviced clients the binding of svchost.exe to the Windows Update Service along with the binding of the required related services and programs for Windows Update to work when Windows Defender Firewall is configured to block all outbound connections, because Microsoft PROGRAMMED ALL outbound connections through svchost.exe to conform to the built-in service-hardening rules for (svchost.exe) in order to enforce security and reliability during update communications and to further allow Windows 10 to properly and security service the said device, now, and over time [1][2].

    The service-hardening rules will open the port/s upon request as needed and drop (block) any unrelated requests that do not satisfy the policy rule, then close the port/s.


    The Microsoft Windows 10 Operating System is slowly but surely evolving into an "cloud service" operating system, as intended by Microsoft. (Microsoft Windows 10 Operating "Service")

    Blocking svchost.exe communications or tampering with svchost.exe communications may breach the Operating Service security and/or impede the Operating Service functionality by conflicting with, thus violating, the Windows 10 service-hardening rules.

    Heed the warning given to the user when modifying or creating firewall rules involving svchost.exe in the Microsoft Windows Defender Firewall.


    Binisoft Windows Firewall Control is great!, and an very useful front end for the built-in Microsoft Windows Defender Firewall. However, the Microsoft Windows 10 Operating "Service" (System) and Windows Defender Security run best and secure best at the DEFAULT SETTINGS.


    My personal Microsoft Windows Defender Firewall setup with Binisoft Windows Firewall Control: ALLOW ALL Outbound and BLOCK ALL Inbound (Low Filtering). There exists NO RULES in both Outbound or Inbound and there are no problems with Windows and no errors recorded in the Event Viewer.

    [1] Windows 10 is NOT spying on you (us). Those automated outbound connections, some of which are aggregate and some of which include personal identifiable information, exist and are executed to improve the Windows 10 Operating "Service" and to configure Windows 10 to operate and function harmoniously in regards to each individuals use of, interaction with, and configuration of the said device and the Windows 10 Operating "Service", rendering an more "personal Windows 10 experience". In other words, over time the installed Microsoft Windows 10 Operating "Service" will transition its settings to comply with the users preferences. It's called "Machine Learning" an learning algorithm called "Artificial Neural Network" (ANN), usually called "neural network" (NN), an branch of "Artificial Intelligence" (AI).

    [2] All that one needs to do is invest an little time and parse through the Windows 10 Settings and disable or enable the desired settings, it's all there for the paranoids, in Settings.....then relax! Enjoy Windows 10! Set it up and give it some time. Windows 10 is your personal "service", learning from and responding to your input. Over time, the installed Microsoft Windows 10 Operating "Service" will transform your device/computer into your very own unique and personal unit.



    -HKEY1952
     
  20. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Hm, this is absolutely wrong. I have a lot of rules for outbound connections, and I have no problems with running Windows 10.
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    I missed the point of your very large post.
    1. In Windows 7 you can add the Windows Update service (wuauserv) in the Service property of a svchost.exe rule and it will work. I agree with you. But, on Windows 8, Windows 10, this does not work anymore. Just try for yourself and you will see that Windows Update will not work with such a "service-hardening rule". For this reason, svchost.exe must be entirely allowed when Windows Update checks/downloads new updates.
    2. If you do not enable outbound filtering in Windows Firewall, then all programs can connect at their will. What is the purpose of a software firewall if any connection would be allowed ? Your recommendation is just BAD. Indeed, with outbound filtering disabled any existing outbound allow rules are not required since the connections are allowed by default.
    Again, I missed the point that you are trying to make.
     
  22. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    I'm on Windows 10 FCU and I set WF to block both IN and OUT connections.
    Then I set up exclusions as mentioned here: http://hardenwindows10forsecurity.com/
    So, basically, I enabled:
    • Program svchost.exe UDP OUT on port 53
    • Program svchost.exe TCP OUT on ports 80 and 443
    • Program svchost.exe and service wuauserv any protocol OUT on any port
    Everything is working fine, including Windows Update
     
  23. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    In your case, the third rule makes rules 1 and 2 unnecessary, since they completely overlap. The third rule needs to be removed.
     
  24. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    For what I understand, the third rule applies only to svchost when related with wuauserv service, while 1st and 2nd rules apply to svchost, no matter what service is using (thus including wuauserv)
    The 3rd rule overlaps 1st and 2nd only when wuauserv is involved
    So:
    • svchost + wuauserv: any OUT is allowed
    • svchost + any: only UDP OUT on 53 and TCP OUT on 80 and 443 are allowed
     
  25. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Please, show the screenshot of the editing this rule.

    At a minimum, if the update does not work without rule #3, then it should be ON for the update check period only.
     
    Last edited: Nov 13, 2017
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.