Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    I have to think about a solution for these scenarios. I can create a list with allowed locations which will make WFC to automatically create a new allow rule for exe files under a certain folder when they try to connect. Or make the notification dialog to automatically update an existing rule which ends with the same exe file name, in this way the user at least knows that a rule will be updated. Or... Suggestions are welcomed. I don't have yet a nice solution to this problem.
     
  2. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    It's fine the way it is, it takes a literal click to make a new rule when a new .exe pops up like this (which is what? once a month for this Defender thing...), or you can edit your existing rule and just change the path to match the new number and press okay, in this case. change "....\Platform\4.12.17007.18011-0" to "\Platform\4.12.17007.18022-0". Big whoop.

    I'd personally hate WFC automating things, making new rules to new .exe files without my knowing. I like how it is now, and the C does stand for Control :p.
     
  3. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    What profile is your VPN connection; public, private, or Domain? Change the VPN to private, create allow rules for private and deny rules for public and domain, and set your regular wifi/lan to public. The below rules will only allow the private connections. Create these for every exe you want to be secured. Also, NorVPN's "killswitch" sucks. Get a VPN with a real one; AirVPN, mullvad, etc.

    Allow Rule:

    sshot-2.png

    Deny Rule
    sshot-1.png
     
  4. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    92
    Hopefully that will fix it for you, but if you are using the NordVPN app, that could be a problem, it uses dll injection into ntoskrnl, ntdll & a few other system files; which could bypass the firewall altogether, I'll post my findings here shortly;
     
    Last edited: Mar 2, 2018
  5. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    92
  6. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,120
    Location:
    South Texas, USA
    Can someone give me some insight on why WFC asked to allow explorer.exe to access internet if I already had it blocked with a rule from NVT SysHardener app? Thanks!
     

    Attached Files:

  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Please post here the full row (to see all columns) from Connections Log where you see explorer.exe so that I can see all details of the blocked connection. The same, a screenshot from Rules Panel with all details of the rule for explorer.exe. Thank you.
    Did you change the default advanced notifications settings? Did you see this only for explorer.exe or for other files too?
     
  8. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,120
    Location:
    South Texas, USA
    Here you go...

    Been running WFC for a long time now and either I hadn't noticed similar behaviors or it was just this one. Notification is set to Medium.
     

    Attached Files:

  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Thank you. These are the rules, but how does the blocked connection for explorer.exe looked like? If you go to Connections Log and choose to display recently blocked connections, it would be interesting to see the values of the blocked connection that generated a new notification while you already had this block rule. Do you remember if the notification displayed an IPv6 remote IP address? I can't reproduce this.
     
  10. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,120
    Location:
    South Texas, USA
    Oops sorry about that, here I reproduced it.
     

    Attached Files:

  11. godless

    godless Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    19
    Avast have variable path too, \avast\setup\new_12020918\instup.exe
    Rule like this is possible? -> \avast\setup\*\instup.exe
     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Hmmm, from your screenshot it looks like you are using a VPN? I think the problem is the check of the location. What Location is Displayed in Main Panel when you see this notification? VPN?
    No, wildcards are not supported by Windows Firewall. I really don't know why so many programs started recently to use a different file for updating purposes. In the past, you had one exe file responsible for updates, located in a fixed location. It could download new files and do the update. Now, everyone use ProgramData folder as a TEMP folder which gets full of garbage.
     
  13. Poppeye

    Poppeye Registered Member

    Joined:
    Mar 2, 2018
    Posts:
    5
    Location:
    Internet
    There seems to be a general misunderstanding on my part how to properly create a rule and I would appreciate any help.
    In the connection manager I get this kind of notification:

    02.03.2018 11:25:05 | 1992 | foobar2000 | C:\program files (x86)\audio\foobar2000\foobar2000.exe | Block | In | 192.168.1.187 | 47331 | 192.168.1.201 | 50126 | 6

    The source port changes with every connection attempt. I had previously created a rule like so
    https://imgur.com/pKzWYOM https://imgur.com/pKzWYOM https://i.imgur.com/pKzWYOM.jpg
    The connection is still being blocked, though. Where's my error?
     
  14. Poppeye

    Poppeye Registered Member

    Joined:
    Mar 2, 2018
    Posts:
    5
    Location:
    Internet
    Sorry, I'll answer myself: The rule seems to have been correct. I just found an overriding block rule for that process. I hadn't noticed that before because the rule name started with "U -".... haven't seen that before. Anyway, after deleting the block rule, the allow rule works. Sorry for taking your time!
     
  15. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Thanks for the information. Windows firewall is ignored by Nord in favor of their own firewall controls per an inquiry to their support staff. Ravenise, what you posted explains how it could happen. Alarming!
    I have a month of Perfect Provacy VPN. It is good, honors my WFC block rules but is expensive. I think Mullvad for the next month.
     
  16. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,120
    Location:
    South Texas, USA
    Thank you and yes forgot to mention I run a VPN service.
     
  17. tcarrbrion

    tcarrbrion Registered Member

    Joined:
    Dec 15, 2007
    Posts:
    105
    I don't like notifications. I would like a list of programs with wildcards, e.g. C:\ProgramData\Microsoft\Windows Defender\Platform\*\msmpeng.exe which make WFC automatically add a new rule when a matching programs tries to access the internet. I don't think this would compromise security much and no one need use it if they don't like it.
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Windows Firewall Control v.5.1.0.0

    Important notice: Due to the recent changes, the current installer can't update any previous version. You must uninstall first the old version and install the new version. Also, the activation status will not be preserved and the program must be activated again. I had to do these changes because I cleaned up the code and I didn't want to keep a lot of obsolete code for compatibility purposes. Just log in into your registered account from the website and grab a new activation code for version 5.1.0.0. Thank you for your understanding.

    Change log:
    - New: 'Secure Rules' was rewritten from scratch. When enabled, this feature will prohibit adding, modifying or removing firewall rules from outside of WFC.
    - New: A new feature called 'Secure Profile' was added in the Security tab. When enabled, importing firewall rules and changing the filtering mode of Windows Firewall
    is possible only from WFC.
    - New: A dialog is displayed to the user if the uninstall is launched while the program is locked with a password.
    - New: A new global hot key can be defined in Options tab to toggle Secure Rules state.
    - Fixed: If the uninstaller is launched multiple times, the dialog is displayed multiple times instead of focusing the already running instance of it.
    - Improved: When choosing a custom notification sound for the notifications, the dialog will now open by default in 'C:\Windows\Media' folder.
    - Improved: Various user interface improvements.
    - Updated: The WFC recommended rules contain now some inbound rules required for accessing the computers from the local network.
    - Updated: The URL services from the Tools tab were updated.
    - Updated: The user manual was updated with new topics.

    New translation strings:
    053 = None
    470 = Secure Profile
    471 = Protect Windows Firewall state from external tampering. When this feature is enabled, importing firewall rules and changing the filtering mode can be done only through this software.
    480 = Toggle Secure Rules
    481 = Secure Rules is now enabled
    482 = Secure Rules is now disabled
    958 = Uninstallation is not allowed while the program is locked with a password. Please unlock the program and then try again. Do not attempt to force the uninstall by using a 3rd party software because you will make Windows Firewall unusable.

    Updated translation strings:
    452 = Secure Boot
    454 = Secure Rules
    455 = Protect Windows Firewall rules from external tampering. When this feature is enabled, adding, modifying or removing firewall rules can be done only through this software.

    Removed translation strings:
    456 - 467


    Download location: https://www.binisoft.org/download/wfc5setup.exe
    SHA1: be3099c2e640eeda08e79fb28bfa4ba7e76b1ffe
    SHA256: b7179224f038c4290bcb87d7ee08a0b5b3eaf57670cf19d6c23efebbbcedac87

    Best regards,
    Alexandru

    I recommend you to check the user manual regarding how Secure Rules works now. Thank you for your support.
     
  19. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Downloaded, installed and successfully reactivated WFC 5.1.0.0. Thank you very much.:thumb:
     
  20. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    Thanks for the new version. I have a minor but annoying issue. The Notifications exceptions were not saved. This will be quite annoying until I get them all added back. :(

    I really appreciate the time and work you put into this program. I love it.
     
    Last edited: Mar 3, 2018
  21. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Are the rules kept after uninstalling?
     
  22. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    It gives the option to save the rules. It worked for me.
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Thank you for reporting this. I will take care of this problem in the next WFC release. Currently, it works if you export user settings from the Options tab and import them after installation.
    In the uninstall dialog you can choose to keep Windows Firewall rules and state.

    upload_2018-3-4_9-14-33.png
     
  24. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    If you do this then you need to expand the GUI for adding rules.

    I do add some rules via the windows interface as some types of rules cannot be done via WFC. This works fine as I can put the rules in an authorised group, so I really like the authorised group system.
     
  25. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    550
    How would you go about adding a rule so that an app can only access the lan ?

    Thanks
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.