Windows Firewall Control (WFC) by BiniSoft.org

The issue seems to be with the standard user account I run. When high filtering is switched to medium filtering the global blocking rules are removed but the Ethernet adapter/Internet does not enable. On the admin account it works OK. What could be the issue with the standard user account?

 

Switching profiles does not affect the network adapter, it is always on unless you have switched it off in some other way.

 

Well, I just wanted to see what domain name the program was connecting to be sure it is not going to another domain name. Yes, I know they have multiple IP addresses. I usually don't care for those. I just want to be sure it is going to the right place and not some random place.

 

The firewall rules are global and apply to all user accounts. There should be no problem regarding standard user accounts vs. admin accounts.

 

Thanks for specifying no difference between the two accounts. Was something that raised just a small interest for me as well.

 

Sometimes the network adapter is failing to start even with secure boot disabled. I think that rules out WFC... Current issue I'm having is I disabled secure rules and now when I try to re-enable secure rules WFC locks up and freezes. Should I perhaps try reinstalling WFC?

 

By default, the network adapter is not turned off when you turn off Windows, so when you turn Windows on, the network adapter is already on because it was not turned off.
If you have the network adapter turned off, it could be an operating system failure, or a special user custom solution via scripts.

But if the network adapter is already turned off when Windows starts up (turns off when Windows shuts down), this is a big plus, because no one knows what information or telemetry is flying out of the computer when it starts up, when the protection components are still inactive.

Windows Firewall Control does not know how to enable or disable the network adapter, no options affect the state of the network adapter.

Try a clean install

 

So why might my network adapter be turning on only after I've logged into Windows? I don't know for sure the network is adapter is being turned off and on, but generally when Windows starts I see the network disconnected icon instead of the connected icon and it's only once it reaches the desktop after a few seconds that the icon changes to connected. The weird part is on some boots the network remains disconnected and the only way to fix is to reboot again...

 

Windows detects the presence of the Internet by contacting http://www.msftncsi.com/ncsi.txt
this may take a few seconds, depending on the clutter of the operating system and the state of the network in general.
The tray icon shows the status of the network connection, not the network adapter. The next time you reboot, when you don't have internet, check the status of your network adapter (whether it's on or off) by right-clicking on the network connection icon in your tray and selecting "Open Network & Internet settings" (options differ from operating system to operating system). Most likely you have the network adapter enabled, you just don't have internet due to problems with your Windows.
Try switching the WFC profiles several times, they should switch instantly

 

So, we can't block that?

 

Block http://www.msftncsi.com/ncsi.txt ? You can block it, but it makes no sense, the network connection icon will look like "no internet" even though there is actually internet, or the icon will become "normal" after a few minutes of browser operation.

 

The issue appears to be unidentified network... Do you have any ideas on troubleshooting that?

 

The problem has nothing to do with Windows Firewall Control, it would be correct to ask in the thread on your Windows operating system (10, 8.1 or 7), they will help you with your networking problem faster.
The problem may be hardwar (cable, network adapter) or softwar (driver, operating system) in nature. From my experience I can suggest several options.
1\ At your connection point check the internet on another computer, this will help you check if the UTP network cable is working correctly.
2\ Uninstall the WFC after saving the rules. It is not obligatory, but it will help to be sure. Temporarily disable your Anti-Virus.
3\ Bad contact in the internet outlet or at the RJ-45 patch cord ends.
4\ Uninstall the network adapter driver and reinstall the network adapter driver.
5\ Replace the network adapter, it may be damaged e.g. during a thunderstorm. If you have an integrated network adapter, please insert a PCIe style network adapter into your computer.
6\ Reset the TCP\IP settings to default.
7\ Restore the system from a backup, if you have one, or from a Windows Restore Points.
8\ Contact your Internet Service Provider

 

Afternoon

So I have been dealing with the old issue that is 0x800704cf when any Micro$oft app that uses an M$ account, so Micro$oft Store, Teams, Xbox, etc. Full disclosure I have pihole installed on my local LAN, but it not that imho as disabling it has no effect.

I did a search on here for the same issue and only found the following -

• https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-239#post-2968580
• https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-239#post-2968446

The issue as I understand is NOT the following -

• All of the above app/programs have been given access to the web.
• Any of the required services (M$ account service that have asked for access in addition to the above apps/programs to the web have been blocked.

What I think it is -

• Windows 'thinks' its NOT connected to the web, when it IS in fact connected, I can browse send email etc. So as a result said apps/programs will refuse to login to my M$ account.
  
• I think this is similar to Android where it is constantly phoning home to 'connectivitycheck.gstatic.com'

Temporary workaround's -

• Set WFC to low filtering, reboot and for that session all the above apps/programs work as intended
• do a network reset in windows, reboot and for that session all the above apps/programs work as intended - only suitable testing not a daily task though.
• Uninstall WFC, reverting Windows firewall back to stock settings.

Is there a rule I can create in WFC that will allow out the windows service that is checking for internet connectivity..? Push comes to shove I will stop use Store/Teams as neither are essential.

 

Hmm my pihole blocks this as like 'connectivitycheck.gstatic.com' there are hundred of pings from all my Win10 devices to this domain and right now I dont know what data is getting sent back to M$ in said packets.

 

Those packets are encrypted and we can't know which data is sent. Your problem has nothing to do with WFC, but with svchost.exe and Windows Firewall. Previous Windows versions do not have this kind of problems. These problems are specific to Windows 10. If you want to use a Microsoft account and any other Microsoft online related services the only solution is to allow svchost.exe. Some Windows services do not operate under their service names only, this means you have to allow svchost.exe on remote ports 80,443 on TCP protocol to make sure that all these services are working as expected. Do not specify any service name for this allow rule. The same broad rule is required for Windows Update.

 

Hi Alex

And does your reply above also apply to my previous post regarding 0x800704cf?

As adding a rule for svchost.exe and opening posted 80, 443 has no effect, still getting the same error.

 

Please remove local ports from your rules. Your programs are not using those 80,443 as local ports. Local ports must not be defined since your applications will use a wider range of ports. You should define only remote ports: 80 (http) and 443 (https) for making remote connections. Add more remote ports based on your use cases. For example, for my webmail I also allow connections to remote port 2092 (allowed on the server side also for email inbound connections). It depends on your use cases. But for local ports, you can't control on which ports the applications will decide to make connections.

 

@alexandrud, so set the rule for svchost.exe as instructed then rebooted and windows still thinks its not connect to the internet.

I am going reconfirm all my troubleshooting steps, as I believe svchost.exe dosen't require always enabled access to the web.

 

I have svchost.exe completely blocked in the firewall, no problems or inconveniences.

 

Morning

Ok, but can I ask if you use the micro$oft store or M$ teams..?

 

So did yet another network reset and windows then considered itself connected to the web. I then had to enable the above rule for svchost, do a reboot and the store now works as intended. (m$ teams is still being a ****, so as I don't need it and can use the web version I have uninstalled it).

For general context I have attached a screenshot of all the applications/services I am blocking atm -

 

I don't use the Microsoft Store. I install updates offline. With your rule for NT Kernel & System is your ping command working? Like ping -t 8.8.4.4

 

I wasn't using the store but wanted to have a look at the latest version, but am regretting that now.

Do you use a tool for this? I ask is because I tried WSUS offline v1081 a long while back but could never get it to work.

Regarding NT Kernel & System, does windows use this also for internet connectivity checking..?

 

Hello to everyone on the forum, I just signed up because of WFC not allowing Windows 10 mail app to go through. I think I've tried everything, even "allow on click" with Windows 10 mail app, didn't work.

I see in the logs it is blocking what I am sure is the mail app, but still says blocked after I setup a custom rule. Anyone else having this problem?