Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    994
    I keep getting an alert on file "mpisigstub.exe" even though I allow, the alert keeps coming back. This file does not exist on my computer.

    Can anyone help?
     

    Attached Files:

  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Add mpisigstub.exe in the Notifications exceptions list. The rule that you create is for a temporary file that gets removed automatically if it can't reach the Internet. After you allow it, it is already gone and it will be extracted into another temporary path, therefore the rule that you create will not be any good for a new temporary path.
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Windows Firewall Control v.6.4.0.0

    Change log:
    - New: Added a new entry to Direction combo box in Connections Log. The user can see now both inbound and outbound entries in the same results list.
    - Improved: Updated the Time generated column in Connection Log to display the time zone.
    - Improved: Search in Connections Log and Rules Panel was extended to include the service column.
    - Improved: The x button from text boxes that is clearing their content is back.
    - Fixed: Learning Mode does not work anymore when language is not set to English.
    - Fixed: When multiple network adapters are found the Location displayed in Dashboard panel is Public instead of Private.
    - Fixed: When importing the user settings, restarting the application fails if it is executed only with standard privileges.

    Download location: https://www.binisoft.org/download/wfc6setup.exe
    SHA1: a9b4403d76c8e14840c39c06ed83dd2d292d9325
    SHA256: 11f44ad524fa01aa04ee5866728d4ec9ef4951996056fd88c00a35dc533a3dc1

    Thank you for your feedback,
    Alexandru
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Great! Installing now. :thumb:
     
  5. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    I was confident that this would eliminate the "dancing" effect of the text.
    The "dancing" text appeared after removing the X buttons, and the "dancing" text disappeared after the X button returned, very good.
     
  6. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Thanks for the new version, well done!
     
  7. Be_Ta

    Be_Ta Registered Member

    Joined:
    Jan 15, 2019
    Posts:
    49
    Location:
    Earth
    Good Evening,

    the last days i encountered an "error?" or Bug with the Firewall.
    Sometimes, when i turn my PC on and start windows the settings in WFC changed.
    The Setting: --> Security --> Secure Profile, gets resettet or changed. i do use "Secure Profile" and have it enabled but like i sayd sometimes, if not on every reboot this setting gets disabled..

    Wich is pretty bad for me, since i cant trust the software anymore..

    How can i fix this?


    Best Regards
     
    Last edited: Aug 17, 2020
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Build version of your Windows? I will check on my side.
     
  9. Be_Ta

    Be_Ta Registered Member

    Joined:
    Jan 15, 2019
    Posts:
    49
    Location:
    Earth
    Thanks for taking the time :)

    My Windows version is: Windows 10 LTSC 1809 - Build 17763.1339

    i also looked trough the event viewer and found this, im not shure its related..


    Code:
    •    DESCRIPTION
    Windows Firewall state was modified from outside of Malwarebytes Windows Firewall Control.
    •    XML
    <?xml version="1.0" encoding="utf-16"?>
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="WFC" />
        <EventID Qualifiers="0">495</EventID>
        <Level>4</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2020-08-12T22:16:57.711494900Z" />
        <EventRecordID>2457</EventRecordID>
        <Channel>WFC</Channel>
        <Computer>synonymus</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Windows Firewall state was modified from outside of Malwarebytes Windows Firewall Control.</Data>
      </EventData>
    </Event>
    
    if you need more infos, let me know :)

    Thank you..
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Secure Profile is achieved by removing default permissions to the following Windows Registry keys:
    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile

    When Secure Profile is on, only WFC service can access these keys to get and set Windows Firewall profile. You can't also access these keys from regedit.exe.
    When Secure Profile is off, any software can access these keys. You can also read these keys from regedit.exe.

    When this happens again, please open the StandarProfile registry key and check its permissions. I want to know if the permissions are reset by another software or if WFC can't properly read permissions from this key.

    In WFC version 5.3.1.0 I made a fix because WFC could not detect anymore the permissions for 'MpsSvc' on this key. Starting with Windows 10 build 1803, Microsoft renamed 'MpsSvc' to 'mpssvc'. WFC uses since version 5.3.1.0 a case insensitive check. Do you use an older WFC version?
     
  11. Be_Ta

    Be_Ta Registered Member

    Joined:
    Jan 15, 2019
    Posts:
    49
    Location:
    Earth
    thank you,

    i will check those reg keys when it happens again.
    I just saw that im using WFC version 6.3.0.0 and i see theres a new version. so i will update WFC and report back if it happens :)

    Thanks for taking the time..
     
  12. Be_Ta

    Be_Ta Registered Member

    Joined:
    Jan 15, 2019
    Posts:
    49
    Location:
    Earth
    hey there,

    @alexandrud
    it happened again.
    When i booted up my pc i checked if everything was set like it should, and secure rules was deselectet again. So i did what u suggested and went to the Regedit to do what you sayd, here are 2 pics of teh Reg and the permissions...

    I hope this will help you, if you need more, please let me know.
    I did also look in the event viewer but there was nothing for today under WFC.


    Best Regards number2.PNG number1.PNG
     
    Last edited: Aug 22, 2020
  13. tyGZ4K5o8s8

    tyGZ4K5o8s8 Registered Member

    Joined:
    Oct 8, 2018
    Posts:
    5
    Location:
    Somewhere near water
    As of today my Windows Update rule just stopped working. I tried a clean reinstall of WFC but it didn't help. In the video you can see the rule being created when trying to update windows. You can see that it is in the rule list and that the rule itself is not blocking anything. It also shows in the connection log that it is still being blocked even though the allow rule exists, and that even if created from the connections log... the rule still fails.

    https://youtu.be/lP6afHqjqAo

    However, if I set the 'Service' section of the rule properties to "Apply to all programs and services" rather than the automatic setting of "Windows Update" (wuauserv), then Windows Update runs fine. The thing is, I have always had the rule set to "Windows Update" under the service section as that is what WFC automatically sets it to upon creation. Not until today has there ever been a problem. Why would I want to have to set svchost to allow outbound access to EVERY service without prompt? I never had to before.
     
    Last edited by a moderator: Aug 22, 2020
  14. tyGZ4K5o8s8

    tyGZ4K5o8s8 Registered Member

    Joined:
    Oct 8, 2018
    Posts:
    5
    Location:
    Somewhere near water
    I wanted to edit, but there must be a time limit? I saw someone else post about this exact same thing not too far back. Supposedly a Windows firewall bug, but why has it then worked unchanged for me up until today? There were no changes made to my PC whatsoever since yesterday. No updates, notta.
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    There is a time limit, but it is at least 24 to 48 hours or more. Not sure of the exact time.

    However, I see your post has been edited by a Moderator. In that case you can no longer edit your post.
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    I suspect a Windows Update might be the culprit here, it just resets the permissions on those keys automatically. Or a tool that cleans/repairs Windows Registry, similar to CCleaner. I will enable Secure Profile on my machine for a few days and see on my side if it remains enabled.
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    In Windows 10, depending on the build number of the Windows 10, Windows Update does not operate only under the wuauserv service. There are multiple services involved in this. This is why I recommend to leave svchost.exe to connect over ports 80,443 so that Windows can connect. In latest Windows 10 builds you need a rule that is not service specific for Windows Update to properly work. The same applies for Windows Store.

    My impression is that an initial check for updates is made under wuauserv service. Then it makes several calls by spawning new svchost.exe processes which do not use the wuauserv service anymore. These are not allowed, then the initial connection appears as a dropped connection (blocked) in Security event log, even if there is an allow rule for wuauserv service. This might be just another thing from Microsoft to ensure the users will not block their countless telemetry collection, or a bug in how Windows Update is supposed to check for updates. Either way, WFC does not block or allow any connection, since it doesn't do any packet filtering. Any allowed or blocked connection is made by Windows Firewall itself based on the existing firewall rules.

    You need a rule like this one for Windows Update:
    upload_2020-8-23_3-31-52.png

    P.S.: If you want to keep the video on YouTube, please update the title since WFC is not blocking anything. Thank you.
     
    Last edited: Aug 23, 2020
  18. Be_Ta

    Be_Ta Registered Member

    Joined:
    Jan 15, 2019
    Posts:
    49
    Location:
    Earth
    I also thought it is the when i update windows, but i checked and after i updated windows (august update) "Secure Profile was still Active, even after several reboots.. I also dont use or used something like ccleaner

    But i also think its Windows , i dont know how or why but i cant think of anything else..


    Best Regards

    Edit...

    Yesterday i checked if its enabled before shutting down my PC, it was enabled (secure Profile).
    Today when i started my PC the first thing i did was checking the Secure Profile Option again, and it was disabled.. There was no Update yesterday or anything else. i was just watching a video and browsing teh web with firefox. i also had steam running and discord.
    Thats about it, and then i was shutting down the pc and went to sleep..

    just thought i also mention this, if it helps to find teh culprit..

    Best Regards
     
    Last edited: Aug 24, 2020
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    I'd be watching Steam in this case. It may be doing this at Windows startup. Can you uninstall it temporarily and watch the result?
     
  20. Graphite85

    Graphite85 Registered Member

    Joined:
    Aug 28, 2020
    Posts:
    40
    Location:
    New Zealand
    Hello,

    I am having some issues using WFC. I have it set to medium filtering. I have rules for various Windows Update services to communicate outbound however keep getting notifications from WFC that those services have been blocked. Some of these are seen in the connection log like Windows Update C:\Windows\system32\svchost.exe. Windows Update is failing to fetch Defender antivirus definitions but I can get them if I temporarily disable firewall. Why am I continuing to get block notifications when I have allow rules? Can anybody help me with this? I also need help to ensure I have all of the correct outbound rules set to allow Windows Updates through correctly. Thanks.
     
  21. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    See here
    Create an allowing rule for svchost without specifying a service and disable it. Enable the rule for a short time only during the update. It's even better for Windows Update to use offline updates.
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    The answer is on the same page, 3 posts above yours.
     
  23. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    1,269
    Location:
    sweden
    I just installed WFC to try it out, i have been using Simplewall up to now. Simplewall asks, about for instance, all the recuests that the Av Qihoo 360 does the first time, thats how i want it. Then i can selectively choose its future connections. WFC just allows it, and most other things.

    What am i doing wrong?
    High filtering does not help.
     
  24. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    These options must be enabled
    ScreenShot_256.png
    In the Rules Panel, check to see if your Av Qihoo 360 automatically create allows firewall rules, if there are such rules, delete them and enable Secure Rules.
    For a simpler understanding, you can completely remove all outbound and inbound rules, leaving or creating outbound DNS and DHCP allowing rules for svchost, after which the firewall will ask you questions about each connection.
    Also, carefully look at the Connections Log, which connections were blocked, and draw a conclusion whether you need to allow them, deny them, or leave them unresponsive. For the first time it is better to leave without reaction, or create a temporary rule.
    If you don't have a home LAN, then you actually don't need inbound permissive rules.
    After a short time, you will be able to optimize the firewall rules for your needs. It is a convenient and reliable firewall.
     
  25. Less

    Less Registered Member

    Joined:
    Dec 24, 2008
    Posts:
    288
    i had the Secure Boot enabled, i noticed the High filtering was not enabled occassionally.
    Weird.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.