Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I thought I used to get notification with, for example:
    2249.png
     
  3. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    Might be a bug in the newest version. I would say wait for the Developer to chime in here. :)
     
  4. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Well, something went wonky for me because I found notifications at Disabled.
    And now, with notifications at Display. I'm not getting notification for Block rules.
    Thanks
     
    Last edited: Jan 15, 2018
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    That sounds familiar. ;)
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yeah, wonky kinda snuck up on me. Finding notifications at Disabled was :confused:.
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    ... Except I didn't specifically have block rules, WFC just stops notifying me of blocked connections so maybe a different matter.
     
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yeah, maybe I'm not remembering whats what.
    Finding notifications at Disabled was :eek:.
     
    Last edited: Jan 15, 2018
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    There is no bug. If you create a block rule it means that you want a program to be blocked, therefore a new notification will not be displayed for a blocked connection which has a matching block rule. It was never different. Since a block rule will always generate blocked connections events in System event log, what would be the purpose to display notifications for such programs ? Or let me put it another way, how would you stop the notifications for the programs that you already blocked on purpose ?

    The purpose of the notifications system is to display notifications when a matching rule is not found. Since you have a matching block rule, from my point of view, everything works as expected.
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    WFC may stop giving you new notifications if:
    1. You create a matching rule that will dismiss any new notification. You have to check your rules. Pay extra attention to firewall rules that apply to all programs.
    2. Audit settings are modified on purpose or by a security policy, that will prevent Windows Firewall from logging new blocked connections. If Connections Log does not contain recently blocked connections, then the auditing of these entries is disabled.
    3. The profile is set to Low Filtering which means outbound connections without an explicit block rule will be allowed. In this case there is nothing blocked, so, nothing to notify.
    4. Some weird incompatibility with another software that you use and which may interfere with WFC. For example, Rivatuner Statistics Server tries to determine the FPS of WFC because it uses D3D for rendering the user interface. Since WFC is not a game, Rivatuner Statistics will crash WFC with a d3d9.dll exception. The solution is to set Application detection level to None in Rivatuner Statistics so that it won't try to determine FPS for desktop applications.
    5. Another security software does packet filtering, a software proxy, which may determine Windows Firewall filtering not working as expected. A software proxy will redirect the traffic to the proxy making the firewall rules useless. Once the software proxy is allowed, then all programs will appear to connect through the proxy. You won't have blocked connections for individual programs, but allowed connections made by the proxy.

    Let's say you use Firefox and you don't have any rule for firefox.exe. If you use Medium Filtering profile and Display notifications and you try to use Firefox, do you receive a notification about a blocked connection for firefox.exe ? If the answer is yes, then the notifications work. If you don't receive any notification, check the Connections Log. Does firefox.exe appear in the recently blocked connections ? If the answer is no, then audit settings are not correct. If the answer is yes, then check the WFC and the Application logs to see if there is an exception logged at the time when the notification should have been displayed. If there is an exception, then send me the log. if there is no exception, check the existing firewall rules. One of the existing firewall rules made WFC to dismiss the notification.
     
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Okay. Thanks. My confused remembering was that I have a Block rule so, program does not call home. And then upon my call... for example, "check for updates" I could then temp allow outbound. I understand (remember) that a new notification will not be displayed for a blocked connection which has a matching block rule and It was never different.
    I was surprised by finding notifications at Disabled and ruminated myself into confused remembering.
    Thanks again. Regards w Respect
     
  13. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    This is a great explanation. Thanks!
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    The notifications system may be disabled if:
    1. You disable it on purpose and you forgot about it :)

    2. You reset user settings which will reset any custom set option. This is like you have installed WFC for the first time.
    upload_2018-1-16_20-23-0.png

    3. You uninstall WFC and reinstall it without keeping the settings intact. The third check box must be checked. By default, the first one is checked.
    upload_2018-1-16_20-22-6.png

    4. Aliens abducted your PC and disabled them because they didn't want you to see anymore those notifications :argh:
     
  15. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yep, mischievous band of manacle marauding aliens manipulated my machine.
     
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    1. No.
    2. No.
    3. No.
    4. No.
    5. No.
    I don't have WFC installed now so better off helping someone else.
     
  17. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    65
    Can I propose a feature? In popup alert boxes, can we have the ability to copy/select variable text? I often run traceroutes on IP's, and end up having to manually type an IP from the alert into a command prompt. Not a huge deal, but would be helpful to have.

    If selectable text isn't possible, then perhaps some function that can copy per-line variables (much like the mouse-button functions).

    Thanks!
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    upload_2018-1-18_16-4-48.png
     
  19. falcon04

    falcon04 Registered Member

    Joined:
    Mar 30, 2004
    Posts:
    9
    Is it possible to not display notifications for allowed entries ?

    I would like to not display 127.0.0.1>127.0.0.1 loopbacks which tend to fill the log file.
     
    Last edited: Jan 29, 2018
  20. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    Have you checked the side bar in the connections log?



    http://prntscr.com/i7e2fw
     

    Attached Files:

  21. falcon04

    falcon04 Registered Member

    Joined:
    Mar 30, 2004
    Posts:
    9
     
  22. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,102
    Location:
    Lunar module
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    You can't apply this kind of filter in Connections Log because WFC reads all entries from the Security log of the system and displays them all. If it is logged, it will be displayed. If you are not interested in allowed entries, then uncheck the check box below:

    upload_2018-1-30_12-46-17.png

    Notifications exceptions only apply to which notifications you see through the notification dialog.
     
  24. falcon04

    falcon04 Registered Member

    Joined:
    Mar 30, 2004
    Posts:
    9
    Notifications exceptions only apply to which notifications you see through the notification dialog.[/QUOTE]

    I get that - I do want to log allowed entries - but, I would like to hide the loopbacks in the display of allowed entries. This seems to work only for blocked entries ??
     
  25. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    When you want to view the allowed, you can click the Source IP address column and sort by IP. that will group all the 127's together for easier viewing. Only other thing I can think of to help.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.