Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. gorblimey

    gorblimey Registered Member

    Joined:
    Jan 19, 2017
    Posts:
    158
    Location:
    West Oz
    Thanks for that aldist.

    @lofac: I cannot possibly know what Alex is being paid. OTOH, he certainly wouldn't be working for peanuts. Cashews perhaps, but it still means his pay-scale is on the good side, worth getting out of bed for.
     
  2. Deletedmessiah

    Deletedmessiah Registered Member

    Joined:
    Feb 20, 2018
    Posts:
    130
    Location:
    Outer space
  3. Wokok

    Wokok Registered Member

    Joined:
    May 30, 2018
    Posts:
    11
    Location:
    France
    Hello,

    I have just learnt about the acquisition by Malwarebytes. I am already a registered user of WFC, so all is good for me, but it seems that on the website, there is no way for new users to purchase the product and become a registered user. I would like to know whether I'm mistaken, and if I'm not, does that imply anything regarding support or any future bug fix for features offered to registered users.
     
  4. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Earlier, alexandrud wrote in this forum that he would eliminate the identified serious errors.
     
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    I will continue to support WFC. Critical bugs will be fixed if they appear. However, new features will not be implemented anymore in WFC. Instead, I will work with Malwarebytes team for their new product.
     
  6. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    Hi Alexandru,
    Busy with business issues lately so would like to say many thanks for creating WFC.
    Every success with your new project also :thumb:
     
  7. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    I keep getting this message while trying to run Windows Update. I allow it every time but it just keeps coming back

    Picture:
    https://i.imgur.com/YWBKv3y.png

    Any ideas? The filepath is
    \device\imdisk0\temp\{79640f5f-3b68-4d2a-9af2-82e6a5ec5e32}\mpsigstub.exe
     
  8. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Try add this application to the "Notifications -> Exclude Notifications" list.
    Or, to turn off such notifications, do the following:
    - for the same application, create a common blocking rule for outgoing connections and DISABLE it;
    - in the advanced notifications settings enable this feature: Use disabled rules when searching for matching rules. If a matching disabled rule is found the notifications will not be displayed.
     
  9. gorblimey

    gorblimey Registered Member

    Joined:
    Jan 19, 2017
    Posts:
    158
    Location:
    West Oz
    It's entirely possible the {79640f5f-3b68-4d2a-9af2-82e6a5ec5e32} is not fixed, it changes every time. So the file path is not constant, and you can't make a rule.

    What happens if you just let it be blocked?
     
  10. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    What happens is that it asks me again the next time I try to update.

    \device\imdisk0\temp\{b6725ae4-d21d-47f7-b2c5-267490f3a2f5}\mpsigstub.exe
    \device\imdisk0\temp\{cf9ff1db-dc36-4495-9967-9831701c8767}\mpsigstub.exe

    It seems you're right, it keeps changing every update. Is there a way for me to whitelist mpsigstub.exe?
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    There is no way unfortunately. Windows Firewall rules are applied per path basis not per process basis. If the path changes, a new rule is required. You can add it to the notifications exceptions list so that you won't be bothered again, or you can temporarily switch to Low Filtering profile and allow it to go online.
     
  12. gorblimey

    gorblimey Registered Member

    Joined:
    Jan 19, 2017
    Posts:
    158
    Location:
    West Oz
    Is this path in UserSpace? (eg: C:\Users\... or Program Data ?)

    I really hate security software that behaves like Malware: ZAM Free is on notice, the last time it updated it did exactly what your problem child is doing.

    There is a fix, if it is in UserSpace. Get VoodooShield and set a rule to block everything in whichever Temp folder, like this attached image. If you never want to hear about it again, set the Block action to Silent.

    Note that this file is a M$ installer, so some updates may not work--IMHO sometimes not a bad idea.

    FWIW, VS and WF/WFC is my total realtime protection: what one misses or can't deal with, the other can. It's all about enumerating Goodness :)

    VoodooShield-BlockRule.png
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    BTW, is it possible to block apps from connecting to a certain domain-name via WFC, like with Little Snitch? And can you tell a bit more about your new job at Malwarebytes, what will you be developing?

    https://www.obdev.at/products/littlesnitch/index.html
     
  14. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Be interesting to see the mess Malwarebytes make of this.
     
  15. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    WFC does not support resolving domain names.
     
  16. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    157
    Location:
    Belgium
    yes, as always....
    Shall I remember Partition magic and Drive Image (of Power Quest); for both tools one floppy was enough....
    or DVDshrink? half a floppy was enough (and still +- running on W10)..
    and some others I do not recall of
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    In Windows Firewall you can't define firewall rules for domain names, only for IPs or IP ranges. I will start working in one week and I will find out more soon, until then I have no other news.
     
  18. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    I have the ...

    Code:
    Reading Security log failed.
       Exception: System.ArgumentException: Der Index 16510 liegt außerhalb des gültigen Bereichs. bei System.Diagnostics.EventLogInternal.GetEntryAt(Int32 index) bei WindowsFirewallControl.Proxy.ProxyServer.GetLogConnections(Int32 logEntries, Int32 direction, Int32 eventId)
    
    too unfortunately.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK thanks. And keep us posted about your work at Malwarebytes, sounds interesting. :thumb:
     
  20. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    205
    I've noticed that sometimes the Secure Profile option is automatically disabled, by Windows Update for example. I think the most recent Windows cumulative update also did this (KB4284819) - I'm on Win 10 1709 (16299.492).
     
    Last edited: Jun 13, 2018
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Next Monday I will start working again and I will take a look.
     
  22. buffering

    buffering Registered Member

    Joined:
    Jan 16, 2015
    Posts:
    7
    Hello and happy to hear the good news about binisoft.

    Yesterday I couldn't left-click on the taskbar icons (volume, battery, wifi) to see info or settings in Windows 10 (1803). Also right-clicking program icons in the task bar wouldn't work. So long story short, I fixed it by unchecking Secure rules and Secure profile in WFC. More specifically, Secure rules, because first I disabled Secure profile and restarted but no joy. Then I disabled Secure rules and restarted for the taskbar to work.

    Before disabling the options in WFC, I noticed a firewall error followed by a ShellExperienceHost error in Eventviewer. These two errors occurred successively, and repeatedly:
    Code:
    Log Name:      Microsoft-Windows-AppModel-Runtime/Admin
    Source:        Microsoft-Windows-AppModel-Runtime
    Date:          14-Jun-18 7:37:15 AM
    Event ID:      35
    Task Category: None
    Level:         Error
    Keywords:      AppContainer
    User:          DESKTOP-ABCD\USERABCD
    Computer:      DESKTOP-ABCD
    Description:
    CreateAppContainerProfile failed with error 0x80070005 because it was unable to register with the firewall.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
        <EventID>35</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x2000000000000002</Keywords>
        <TimeCreated SystemTime="2018-06-14T11:37:15.797005300Z" />
        <EventRecordID>912</EventRecordID>
        <Correlation ActivityID="{D768F447-0397-0000-8967-69D79703D401}" />
        <Execution ProcessID="5472" ThreadID="6088" />
        <Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
        <Computer>DESKTOP-ABCD</Computer>
        <Security UserID="S-1-5-21-860367813-1122591061-15154029-1001" />
      </System>
      <EventData>
        <Data Name="ErrorCode">2147942405</Data>
      </EventData>
    </Event>
    
    Log Name:      Microsoft-Windows-AppModel-Runtime/Admin
    Source:        Microsoft-Windows-AppModel-Runtime
    Date:          14-Jun-18 7:37:15 AM
    Event ID:      21
    Task Category: None
    Level:         Error
    Keywords:      (70368744177664),AppContainer
    User:          DESKTOP-ABCD\USERABCD
    Computer:      DESKTOP-ABCD
    Description:
    CreateAppContainerProfile failed for AppContainer onecore\ds\security\gina\profile\profext\appcontainer.cpp Line:1895 microsoft.windows.shellexperiencehost_cw5n1h2txyewy Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy with error 0x80070005.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
        <EventID>21</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x2000400000000002</Keywords>
        <TimeCreated SystemTime="2018-06-14T11:37:15.797063800Z" />
        <EventRecordID>913</EventRecordID>
        <Correlation ActivityID="{D768F447-0397-0000-8967-69D79703D401}" />
        <Execution ProcessID="5472" ThreadID="6088" />
        <Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
        <Computer>DESKTOP-ABCD</Computer>
        <Security UserID="S-1-5-21-860367813-1122591061-15154029-1001" />
      </System>
      <EventData>
        <Data Name="ErrorCode">2147942405</Data>
        <Data Name="Context">onecore\ds\security\gina\profile\profext\appcontainer.cpp Line:1895 microsoft.windows.shellexperiencehost_cw5n1h2txyewy Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy</Data>
      </EventData>
    </Event>
    More info about taskbar not working because of ShellExperienceHost - Taskbar start, notifications, search, wifi, date, battery and volume icons not working
     
  23. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    205
    Secure Rules in 5.3.x is known to cause problems with Windows 10 -because of the way this OS operates- and that's why you get a warning before enabling it. I would either disable it or use WFC 5.0.2.0 if you want that functionality.

    Search the previous posts for more info.
     
  24. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Is something like this possible?

    Okay so lets say I want to block www.example.com, I could do this with a host file with "127.0.0.1 www.example.com"

    But can WFC make just the program block traffic to and from www.example.com while leaving it functional for other connections?
     
  25. buffering

    buffering Registered Member

    Joined:
    Jan 16, 2015
    Posts:
    7
    Thanks @AmigaBoy
    @Special DNS resolution is a different aspect. There's a freeware for that HostsMan · abelhadigital.com. It flushes the dns cache, backup/restores previous host file, doesn't run in the background...everything you'd want. Except it applies to the whole machine - not specific programs.
     
    Last edited: Jun 14, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.