Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    65
    Just wanted to say big thanks to alex -- the new notification keyboard shortcuts feature is fantastic, I'm using them all the time now. So easy and quick to handle notifications now, not even having to lift my hands from the keyboard. Thanks!!
     
  2. al3xwild

    al3xwild Registered Member

    Joined:
    Dec 7, 2019
    Posts:
    12
    Location:
    where the streets have no name
    Does the raccomaneded rules for WFC still valid for win 10 1903 ? ( main panel -> rules -> restore windows firewall control raccomanded rules )
     
  3. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    No end ...

    I have been using WFC on a WIN10 /64 machine for a while now....
    I hopped that after a week or so, I will have all necessary rules created and i can 'lock' the firewall. But it seems like , now and then, another request will pop up and there is no end ....

    Does anyone have a final set of rules which can be imported and somehow customized??
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Sure they are.
    There is no such thing. Each of us have different network requirements, different software installed, different set of rules. Just because you see a new notification of something being blocked, it does not mean you have to allow/block it. Create the rules for your browser, a few programs/games that you use, and forget about the rest of them, unless something is not working and requires your attention. You are connected to the Internet, off course there is no end.
     
  5. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    easy to say... but what do I do with:

    C:\windows\system32\dashost.exe
    C:\windows\system32\backgroundtransferhost.exe
    C:\windows\immersivecontrolpanel\systemsettings.exe
    C:\windows\system32\apphostregistrationverifier.exe

    asking to connect here and there. And like these I have at least 20 executable which in fact I do not know either to allow or block.

    If I "block" them, the disfunctionality may not be visible (example;checking for updates)
    If I "allow" all of them , what is the purpose of a firewall?
     
  6. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Indeed, what is the purpose of a firewall if you cannot use your head?
     
  7. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada

    Can I use your "head" insteado_O

    How would you react to a request made by :

    C:\windows\immersivecontrolpanel\systemsettings.exe

    to connect to 5 different IP's using remote port TCP 80 and 443?

    Can you justify your decision?
     
  8. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    C:\windows\immersivecontrolpanel\systemsettings.exe does not get any allows on my end, MS does not get to phone home because it wants too or because they're MS. What is it doing? What does it need a connection for? Does it still work without a connection? Not sure? Then block it, watch your connection logs for those block events and figure out why they are happening and what you were doing when they were happening, if that's to hard then just turn off the firewall and save yourself some headache.

    AppHostRegistrationVerifier.exe can get bent.
    taskhostw.exe can get bent.
    usocoreworker.exe can get bent.
    etc.

    And "I have at least 20 executables"... do you trust them, and same questions as above, etc. Block them if they still work without. Like if Firefox is blocked and doesn't work and you trust your install then allow it, if you download a random installer and it's asking for some connection but still installs the program fine, then why is this even a question?
     
  9. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    I am sorry, but if I would need this kind of logic in allowing or blocking an application ("Does it still work without a connection") I can ask my grandma , she would advice the same.
     
  10. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Save your grandma some headache then and turn off the firewall.
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    As the developer of WFC, I already suggested the "WFC recommended rules" as a minimum set of rules that are required for normal Internet/LAN usage. They are covering a limited amount of svchost.exe, System and spoolsv.exe (printing support) outbound connections. Later, I also added some inbound rules for svchost.exe and System to this rules set, to be able to access a computer from another one from the same home network. Besides these rules for svchost.exe and System, I do not allow other connections of Microsoft Windows processes. dashost.exe, backgroundtransferhost.exe, systemsettings.exe, apphostregistrationverifier.exe, etc, all blocked. No problem since 2010. Now, decide for yourself if you want to allow them or not.
     
  12. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Hmm, that is very interesting information. I'll try to remember that for next time I install WFC.

    Thanks @alexandrud !
     
  13. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Block.
    Block.
    Your questions are not about setting up a WFC, but about Windows processes. Ask Google about the need for these processes, ask in Windows topics, and here your questions are of the nature of flood.
     
  14. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    I did. Most of the time the answer is "This is an essential Windows process and should not be blocked"

    On Win 10 updates are happening 'behind the scene" so blocking here and there may affect the way you are getting updates.
    Also, if you are using a VPN, you need a lot of "NT Kernel and system" rules

    It is not that simple like " block everything" .....
     
  15. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    LOL, enjoy your telemetry and being a stat on a graph I guess.
    Unacceptable.
    Use your head, unblock what needs to get things working, done.
    Ask your Grandma.
     
  16. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    OK, this is my last comment on this topic; Windows firewall was initially introduced to block all inbound attempts and to allow all outbound one. Nothing else.
    Later on, has been manipulated to give you sensation that in fact you can control things:

    1. Telemetry ; you cannot block windows telemetry using a windows firewall. Windows will get data from you, no mater what. Telemetry is embedded in some svghost.exe and there is nothing you can do to stop it.
    2. protect against unwanted communication with www. Windows firewall will block only the innocent applications; whoever wants to communicate can easily bypass the firewall ( parent application communicating through child application)
    3. impossible to use with dynamic IP ; a lot of software will use dynamic IPs and is really impossible to consistently block them.

    On the other hand the feeling of blocking and denying access is great, inducing the sensation of "i got you"...
     
    Last edited: Jan 9, 2020
  17. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    The firewall is just one of several telemetry blocking tools. For svchost.exe you need to completely block access to the network, disable the DNSCache service, create individual DNS-rules for browsers etc. And almost none of the system processes should have access to the network.
    Some services and system processes, having a telemetric purpose are also turned off .
    Windows Update? Install offline, or use non-system solutions, or use a temporary resolution. After the updates, check the firewall rules and delete the ones added by Windows itself.
    Today, the fight against Windows telemetry is 90% successful.
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    All of these have nothing to do with WFC.
     
  19. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    You are absolutely right.

    What I am trying to say is "even though you put lipstick on a pig, is still a pig"
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Never heard this expression. WFC may suit the needs of some users and may not be a good choice for others. Windows Firewall, like any other software has some strengths and some weaknesses. It does not mean it is a bad product.
     
  21. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
  22. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    117
    Location:
    Here
    Could you (or anyone else) expand on this point a little? I see this mentioned a lot but don't think I've ever seen a source for where this information comes from. Are you saying windows bypasses it's own firewall?
     
  23. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
  24. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    117
    Location:
    Here
    Both answers to that question say you can block telemetry with windows firewall? The first opens with:

    The actual answer to your question is "Yes". See this widely mentioned article


    The other states:

    Try this with enabling full telemetry and Cortana allowed. Does not require to delete any other services. No telemetry network activity has shown with WireShark, GlassWire, tcpview, CurrPorts and SmartSniff (i.e. no Microsoft web address or IP is shown).

    Again, I see people mentioning this around the web, and it seems almost universally accepted, but I don't understand where people are getting it from other than other people in forums?
     
  25. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    If you expect an "official" answer from some organization , this is not going to happen. The internet is the medium to exchange info this days.
    All you need is to think logically: Windows needs info about your PC in order to deliver the updates; as long as it can get that info through your firewall , it can get any info.
    You may be able to block whatever is described black on white as "telemetry" but the rest will slip thorough, nless you want to disconnect from internet.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.