Windows Firewall Control (WFC) by BiniSoft.org

I have to think about a solution for these scenarios. I can create a list with allowed locations which will make WFC to automatically create a new allow rule for exe files under a certain folder when they try to connect. Or make the notification dialog to automatically update an existing rule which ends with the same exe file name, in this way the user at least knows that a rule will be updated. Or... Suggestions are welcomed. I don't have yet a nice solution to this problem.

 

It's fine the way it is, it takes a literal click to make a new rule when a new .exe pops up like this (which is what? once a month for this Defender thing...), or you can edit your existing rule and just change the path to match the new number and press okay, in this case. change "....\Platform\4.12.17007.18011-0" to "\Platform\4.12.17007.18022-0". Big whoop.

I'd personally hate WFC automating things, making new rules to new .exe files without my knowing. I like how it is now, and the C does stand for Control .

 

What profile is your VPN connection; public, private, or Domain? Change the VPN to private, create allow rules for private and deny rules for public and domain, and set your regular wifi/lan to public. The below rules will only allow the private connections. Create these for every exe you want to be secured. Also, NorVPN's "killswitch" sucks. Get a VPN with a real one; AirVPN, mullvad, etc.

Allow Rule:



Deny Rule

 

Hopefully that will fix it for you, but if you are using the NordVPN app, that could be a problem, it uses dll injection into ntoskrnl, ntdll & a few other system files; which could bypass the firewall altogether, I'll post my findings here shortly;

 

Check this out: https://nordvpnspyapp.blogspot.ca/2018/03/nordvpn-spy-app-censoring-customers.html and please let us know if you can manage to get Nord to stay in the box.

 

Can someone give me some insight on why WFC asked to allow explorer.exe to access internet if I already had it blocked with a rule from NVT SysHardener app? Thanks!

 

Please post here the full row (to see all columns) from Connections Log where you see explorer.exe so that I can see all details of the blocked connection. The same, a screenshot from Rules Panel with all details of the rule for explorer.exe. Thank you.
Did you change the default advanced notifications settings? Did you see this only for explorer.exe or for other files too?

 

Here you go...

Been running WFC for a long time now and either I hadn't noticed similar behaviors or it was just this one. Notification is set to Medium.

 

Thank you. These are the rules, but how does the blocked connection for explorer.exe looked like? If you go to Connections Log and choose to display recently blocked connections, it would be interesting to see the values of the blocked connection that generated a new notification while you already had this block rule. Do you remember if the notification displayed an IPv6 remote IP address? I can't reproduce this.

 

Oops sorry about that, here I reproduced it.

 

Avast have variable path too, \avast\setup\new_12020918\instup.exe
Rule like this is possible? -> \avast\setup\*\instup.exe

 

Hmmm, from your screenshot it looks like you are using a VPN? I think the problem is the check of the location. What Location is Displayed in Main Panel when you see this notification? VPN?

No, wildcards are not supported by Windows Firewall. I really don't know why so many programs started recently to use a different file for updating purposes. In the past, you had one exe file responsible for updates, located in a fixed location. It could download new files and do the update. Now, everyone use ProgramData folder as a TEMP folder which gets full of garbage.

 

There seems to be a general misunderstanding on my part how to properly create a rule and I would appreciate any help.
In the connection manager I get this kind of notification:

02.03.2018 11:25:05 | 1992 | foobar2000 | C:\program files (x86)\audio\foobar2000\foobar2000.exe | Block | In | 192.168.1.187 | 47331 | 192.168.1.201 | 50126 | 6

The source port changes with every connection attempt. I had previously created a rule like so
https://imgur.com/pKzWYOM https://imgur.com/pKzWYOM https://i.imgur.com/pKzWYOM.jpg
The connection is still being blocked, though. Where's my error?

 

Sorry, I'll answer myself: The rule seems to have been correct. I just found an overriding block rule for that process. I hadn't noticed that before because the rule name started with "U -".... haven't seen that before. Anyway, after deleting the block rule, the allow rule works. Sorry for taking your time!

 

Thanks for the information. Windows firewall is ignored by Nord in favor of their own firewall controls per an inquiry to their support staff. Ravenise, what you posted explains how it could happen. Alarming!
I have a month of Perfect Provacy VPN. It is good, honors my WFC block rules but is expensive. I think Mullvad for the next month.

 

Thank you and yes forgot to mention I run a VPN service.

 

I don't like notifications. I would like a list of programs with wildcards, e.g. C:\ProgramData\Microsoft\Windows Defender\Platform\*\msmpeng.exe which make WFC automatically add a new rule when a matching programs tries to access the internet. I don't think this would compromise security much and no one need use it if they don't like it.

 

Windows Firewall Control v.5.1.0.0

Important notice: Due to the recent changes, the current installer can't update any previous version. You must uninstall first the old version and install the new version. Also, the activation status will not be preserved and the program must be activated again. I had to do these changes because I cleaned up the code and I didn't want to keep a lot of obsolete code for compatibility purposes. Just log in into your registered account from the website and grab a new activation code for version 5.1.0.0. Thank you for your understanding.

Change log:
- New: 'Secure Rules' was rewritten from scratch. When enabled, this feature will prohibit adding, modifying or removing firewall rules from outside of WFC.
- New: A new feature called 'Secure Profile' was added in the Security tab. When enabled, importing firewall rules and changing the filtering mode of Windows Firewall
is possible only from WFC.
- New: A dialog is displayed to the user if the uninstall is launched while the program is locked with a password.
- New: A new global hot key can be defined in Options tab to toggle Secure Rules state.
- Fixed: If the uninstaller is launched multiple times, the dialog is displayed multiple times instead of focusing the already running instance of it.
- Improved: When choosing a custom notification sound for the notifications, the dialog will now open by default in 'C:\Windows\Media' folder.
- Improved: Various user interface improvements.
- Updated: The WFC recommended rules contain now some inbound rules required for accessing the computers from the local network.
- Updated: The URL services from the Tools tab were updated.
- Updated: The user manual was updated with new topics.

New translation strings:
053 = None
470 = Secure Profile
471 = Protect Windows Firewall state from external tampering. When this feature is enabled, importing firewall rules and changing the filtering mode can be done only through this software.
480 = Toggle Secure Rules
481 = Secure Rules is now enabled
482 = Secure Rules is now disabled
958 = Uninstallation is not allowed while the program is locked with a password. Please unlock the program and then try again. Do not attempt to force the uninstall by using a 3rd party software because you will make Windows Firewall unusable.

Updated translation strings:
452 = Secure Boot
454 = Secure Rules
455 = Protect Windows Firewall rules from external tampering. When this feature is enabled, adding, modifying or removing firewall rules can be done only through this software.

Removed translation strings:
456 - 467

Download location: https://www.binisoft.org/download/wfc5setup.exe
SHA1: be3099c2e640eeda08e79fb28bfa4ba7e76b1ffe
SHA256: b7179224f038c4290bcb87d7ee08a0b5b3eaf57670cf19d6c23efebbbcedac87

Best regards,
Alexandru

I recommend you to check the user manual regarding how Secure Rules works now. Thank you for your support.

 

Downloaded, installed and successfully reactivated WFC 5.1.0.0. Thank you very much.

 

Thanks for the new version. I have a minor but annoying issue. The Notifications exceptions were not saved. This will be quite annoying until I get them all added back.

I really appreciate the time and work you put into this program. I love it.

 

Are the rules kept after uninstalling?

 

It gives the option to save the rules. It worked for me.

 

Thank you for reporting this. I will take care of this problem in the next WFC release. Currently, it works if you export user settings from the Options tab and import them after installation.

In the uninstall dialog you can choose to keep Windows Firewall rules and state.

 

If you do this then you need to expand the GUI for adding rules.

I do add some rules via the windows interface as some types of rules cannot be done via WFC. This works fine as I can put the rules in an authorised group, so I really like the authorised group system.

 

How would you go about adding a rule so that an app can only access the lan ?

Thanks