Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    I think, that the application name in the connection logs is taken from the application name in the rules pane. The name can be entered or edited in the Properties (2xLMB)
    Снимок2.jpg
     
  2. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    What we have here is an failure to "communicake" as the Boss stated in the movie Cool Hand Luke starring Paul Newman. "cake" what an dude!

    Again.....,
    What one must arrive to understand is that the Microsoft Windows 10 service-hardening rules govern the Microsoft Windows Defender Firewall for both Outbound and Inbound connections regardless of any firewall rules that may exist.
    Microsoft owns Ring 0 of the firewall. Ring 0 is governed by the service-hardening rules.

    The NEW firewall rules for Windows Update NOW reside in Ring 0 and are not visible or accessible to/for the End User of the Operating Service, and exist 'explicit ruling'.

    Which means that any end user defined rules for windows update require that the properties of the end user defined rules to exactly match the properties of the windows update rules in ring 0 to allow for windows update to work, and that can not be achieved because the properties for the windows update rules in ring 0 are not accessible to the end user. Also take note, that now, when windows defender firewall is set to block all outbound, some of the TCP:443 out are blocked and can not be re-configured to allow because of the explicit ruling.)

    Microsoft has removed the PROGRAM 'wuauserv.exe' from %SystemRoot%\System32\ so that the PROGRAM svchost.exe can no longer be BOUND to the Windows Update SERVICE to create an firewall rule for Windows Update.

    Setting the Windows Defender Firewall to Block All Outbound will NOW also result in that the service-hardening rules in Ring 0 for Windows Update will automatically BLOCK some TCP:443 Out, and Windows Update will fail.
    Check the Binisoft Windows Firewall Control Logs for Blocked TCP:443 Out. (end user will not be able to create valid working rules here because the port/s are blocked in ring 0 with explicit rules)


    What does all of this mean? It means that Microsoft is encouraging, some might argue and say forcing, the end user of the Microsoft Windows 10 Operating "Service" (system) to leave the Windows Defender Firewall at the DEFAULT SETTINGS for optimal security. (That's GOOD)

    The default settings for Microsoft Windows Defender Firewall are: Allow All Outbound and Block All Inbound.


    Note that failure to update Windows through Windows Updates for an prolonged period of time will result in that device being denied future updates from Microsoft.


    Look, if one is that paranoid about allowing all outbound do this:
    Choose new outbound rule
    Choose Predefined
    Choose Diag Track (for example)
    Choose BLOCK (the default)
    Result - "Connected User Experiences and Telemetry" are now blocked outbound for TCP:ALL for All programs and All application packages.

    Repeat the above for any Predefined rule your little ole heart desires.
    Microsoft has provided the end user with all of the necessary rules to block or allow in "Predefined Rules" for both In/Out for optimal security.

    Microsoft Windows 10 is an set-it-and-forget-it Service.



    -HKEY1952
     
    Last edited: Nov 15, 2017
  3. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    So what is this connection that's happeningo_O

    Happens around the same time, every day, for the last maybe 3-4 days it's been happening... This is new, I thought it might have been a glitch with it check for updates, but I don't have that setting checked.

    https://i.imgur.com/OkSk2hT.png
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    See my answers from here and here.
     
  5. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Thanks for the answer, so it's System related, but using wfc.exe name, seems devious.
     
  6. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    Running great, can't wait till the next update, have a wonderful holiday weekend.
     
  7. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    It's been awhile since I have read this thread, can someone tell me which page has the latest beta?
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    There is no beta. Here is the last release post. Anyway, you can go to the website directly to get the latest version.
     
  9. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
    Having issues with Network Discovery and File and Printer sharing radio buttons/toggles under Advanced sharing settings win Win7x64 Ultimate. These toggles seem to be driven by the WFC profiles and I cannot override them. I have the latest WFC v5.0.0.2. I already tried to 'Restore defaults' under Windows Firewall settings in Win7. Also tried starting and setting the following services to 'Auto':
    - TCP/IP NetBIOS Helper service
    - DNS Client
    - Function Discovery Resource Publication
    - SSDP Discovery
    - UPnP Device Host
    but after reboots and whatnot the issue is still there. And the ISSUE is that I must have Network Discovery and File and Printer sharing ENABLED so that I can share my phone's mobile data via hotspot tethering. The only solution at the moment is to select 'No Filtering' profile for WFC but that eliminates the whole purpose of the fw.

    So how can I have WFC on Medium Filtering (my preferred option) and yet still have Network Discovery and File and Printer sharing enabled?

    EDIT:
    OK, managed to enable that stuff while staying on 'Medium filtering'. Here's how:
    1. Connect to a standard WiFi network, NOT to hotspot tethering from phone
    2. Windows firewall settings - Allow a program of feature through Win FW - enable 'Network discovery' and 'File and printer sharing'.
    3. Network sharing center - change advanced sharing settings - enable 'Network discovery' and 'File and printer sharing'
    4. If still fail: Windows firewall settings - 'Restore defaults' (menus to the left) and then redo from step 1. onwards.

    Now that I've succeeded in enabling Network Discovery and File and Printer sharing, however, issues with WFC persist. At least sites load but stuff like Thunderbird, Skype, Viber, etc. does not sync. How's that and why?
     
    Last edited: Nov 24, 2017
  10. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Thanks :)
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    If you enable File and Printer Sharing and/or Network Discovery a new set of Windows Firewall rules are created by the operating system. They include outbound and inbound rules which are created in a group named File and Printer Sharing respectively Network Discovery. By default, these rules are disabled in Windows Firewall. If it does not work to enable these from Network Sharing Center, try to enable manually the rules from these group.

    However, if you have manually removed these rules, Windows may fail in recreating them since it just enables/disables these rules for enable/disable the functionality of network sharing. In this case, make a partial export of your custom rules, then restore Windows Firewall default set of rules and try to enable again File and printer sharing.

    WFC just enables/disables outbound filtering in Windows Firewall when you change the profile in WFC. That's all. WFC doesn't allow or block any connection.
    When you install WFC, everything remains the same like you didn't install it. However, if you swith to Medium Filtering profile you enable outbound filtering in Windows Firewall, therefore, you just need to set up some rules for the functionalities that you use.

    1. If you use Secure Rules and you don't have these two groups names in the authorized groups list, then these rules will be removed by WFC when the operating system creates them.
    2. If these rules are removed and you try to enable these functionalities, the operating system can't recreate them, even if Secure Rules is disabled.

    To debug connectivity problems, always use Connections Log. It displays recently blocked connections which can help you to find out which rules you still have to create. Pay attention to svchost.exe and System connections too.
     
  12. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    I got a new wifi router and connected my PC to it. I had to delete all rules and start all over. WFC was blocking everything. I had rules for all my programs and it was like they weren't in the rules list. Blocked everything from internet.

    So I deleted all rules and am recreating them as things ask for internet. Not sure why this happened but I thought I would post to see if anyone else had this same issue.
     
    Last edited: Nov 24, 2017
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Maybe you changed from a Private network to Public or vice versa?
     
  14. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    I am not sure. If that would cause it, probably was the reason. No idea if my network was Private before but it is Public now.
     
  15. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
    Thank you for the reply. If I understand you correct then I did the following changes. Under WFC settings - Security I hit 'Import group names from the current existing list'. That then populated my list (which prior to that only contained Windows Firewall Control and Temoporary Rules) and then I deleted the excess rules thus just adding File and Printer Sharing and Network Discovery. So with that I now hope that set on Medium Filtering WFC won't ever block those 2. But even as I described in my prev. msg that didn't seem to be the problem. I did indeed succeed in enabling Network Discovery and File and Printer sharing (even without WFC settings - Security and 'Import group names from the current existing list'), however, issues with WFC persist. Sites load but stuff like Thunderbird, Skype, Viber, etc. does not load/sync. Again, those are issues NOT when connected via ethernet/wifi, but ONLY when sharing my phone's data to my notebook pc via hotspot tethering. So what's the cause those problems under those particular conditions?

    Also, an important side question – WFC settings / Rules – is it not best to set it to 'Outbound and Inbound' so that I have control over my apps/system in both directions – what comes in and what comes out. Why is this ‘Not recommended’, as it says there?
     
  16. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    I am trying to give svchost.exe access for only DNS. When I click on the rule and go to properties, I go to protocol and there is no DNS in the list. Can you please fix this?

    Apparently this cannot be done when you are behind a wifi router, that is connected to a cable modem LAN. Of course which has internet access for your PC.

    This worked before I got the wifi router.
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    1. Regarding the first problem, I can think only about the Location of the rule. How are defined your rules for Thunderbird, Skype, Viber, etc ? Are they defined for Private location only ? When you connect though your phone, are you on a Public location ?
    2. By default, in Windows Firewall, all programs without an allow inbound rule are denied to accept incoming connections. Use Medium Filtering profile and consider creating only outbound rules to allow the programs that you want to allow connecting to the Internet. Inbound rules are usually required for server applications and should be created only on very few scenarios. You don't want the Internet to connect to your computer (inbound), but you want you to connect to the Internet (outbound). For example, your browser does not need access to your computer. Why would you want allow receiving unwanted packets on your machine ? The same applies for most programs. Indeed, for network discovery, file and printer sharing, you need some inbound rules, but otherwise, you don't.
    The protocols list never contained an entry called DNS. This is not possible. Are you able to create such a rule from WFwAS ? Post here a screenshot of such a rule. Thank you.
     
  18. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    This was the rule I had before I placed my PC behind a wifi router. It worked perfect and DNS requests were working. I could browse the web with svchost disabled for total OUT going access.
     

    Attached Files:

    • dns.png
      dns.png
      File size:
      42.2 KB
      Views:
      30
  19. JNicoll23

    JNicoll23 Registered Member

    Joined:
    Oct 24, 2009
    Posts:
    48
    Location:
    Scotland
    I don't understand why you say "with svchost.disabled" when your rule screenshot shows an ALLOW rule for svchost. Also, that rule worked for UDP traffic being sent to port 53 at 8.8.4.4 or 8.8.8.8; I wonder if by any chance the DNS servers you're using now (perhaps those on your wifi network?) are at a different address?
     
  20. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    The rule is enabled because I cannot access the internet without it now. I just imported my old DNS rule that I used before to show it here.

    Before I had the DNS rule enabled and the other one disabled. Internet worked fine (DNS). Now if I disable that rule and leave only the DNS rule enabled, internet does not work.

    DNS servers are the same.
     
    Last edited: Nov 27, 2017
  21. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    205
    A request: when this window appears: "Rules with no group defined were detected. To preserve them, do you want to add... etc."
    a 'Cancel' option would be helpful. I know there's a Cancel option in the previous step of this operation but still, it'd be nice.
     
  22. PrinceYann

    PrinceYann Registered Member

    Joined:
    Nov 29, 2015
    Posts:
    38
    @OFF-TOPIC

    Warning about W10 1709 (in case this happens to other Windows' users): on the About page of the modern control panel, I see a red X icon for 'Firewall & Network Protection' and the Security Center says that the firewalls are off, offering a button to turn them on. Clicking that button deletes all firewall rules and replace them with default ones. That message is misleading, as the firewall is on, which can be confirmed if you click to view the details, but then there is the message "Firewall is using settings that may make your device unsafe", this time offering a button to "restore settings".

    Stay away from these buttons and make sure you periodically backup your firewall rules.
     
  23. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Perhaps such a question was. When you install Windows Updates in Windows 10, automatically creates some new firewall rules. How can I prevent this unauthorized action?
     
  24. JNicoll23

    JNicoll23 Registered Member

    Joined:
    Oct 24, 2009
    Posts:
    48
    Location:
    Scotland
    Are you certain that the DNS servers are the same? The settings in Windows (here anyway) for DNS servers for my wifi router and my ethernet connection are different. (I didn't intend them to be, but they are - I must have altered the definitions for the connection I was using one day and not altered the other set.) Have you used ipconfig /all to make sure they are what you think, once with the ethernet adaptor in use and once with wifi in use? If your old rule - with 8.8.4.4,8.8.8.8 specified - was for pre-wifi use, it's likely that those DNS servers are only defined for an ethernet adaptor, but you'll be using the wifi adaptor now. It's maybe using the DNS servers it's told to use (by DHCP?) by your router, probably those of your cable provider.
     
  25. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    They are all the same. I have double and triple checked. Even with ipconfig/all they all show as 8.8.8.8 and 8.8.4.4

    I am hardwired into the wifi router on the same PC. Not wireless now and was not before either. It has to be the way the wifi router works being connected to a cable modem LAN as well.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.