Windows Firewall Control (WFC) by BiniSoft.org

Hello,

Perhaps my question is already answered but I did not find it.
I understood that wildcards are not possible.

What do I have to do with programs that have an individual path after each update.
I found the section in the manual where it is described for MS Windows store apps but this is not working with normal programs. (Page 35)
I was able to “disable” the notifications but so the software is also automatically blocked. (Advanced notifications settings & Use disabled rules / Page 17)

Even Microsoft themselves use this silly way to update their softwareproducts. (each new version in a new folder)
e.g. officeclicktorun (updater program)
C:\program files\common files\microsoft shared\clicktorun\updates\16.0.10356.20006\officeclicktorun.exe
C:\program files\common files\microsoft shared\clicktorun\updates\16.0.10363.20015\officeclicktorun.exe

So again my question: can someone give me a tipp how to act with this example officeclicktorun.exe
It should be able to search for updates but should not show every single version a new notification.



Regards

 

Unfortunately, Windows Firewall rules are applied per path basis. If the path changes, a new rule is required. WFC can't change this behavior.
Interesting to see your example because I am using Office365 and this file is located in C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe and this is the file that gets updated on my machine. I do not have an updates subfolder.
You don't have to allow all these programs to connect to the Internet. You can add officeclicktorun.exe in the notifications exceptions lists and forget about it. I never created an allow rule for this executable file and I did not notice any problem with my Office installation. I could use it as usual.

 

Hi,
regarding "OfficeClickToRun.exe"
The main file is located at: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
but this files also gets updates too and so MS created temporaly subfolders during the update and those new files downloads the additional missing parts.
This is a screenshot from my ruleset.

But I understood. Currently there is no way to solve it.
Lets hope MS is perhaps adding something in the filewall in Windows 12

I have a few more programs, which are using this sill way to update: e.g. Bitdefender Antivirus (watchdog.exe)

 

This is a lazy way of doing the updates from developers side. Don't expect an improved experience from Microsoft, they won't add it. This is the same since Windows Vista was launched.

 

man you're too much ahead

 

My hope is still there. So my hope is on Windows 12, 13....
But the "funny" thing is that even Microsoft themselves use this way to update some of their products.

 

Hi guys! I am a big fan of WFC (when it was donationware, hah), but I don't see any other support outlets, so maybe someone here would have any idea how to tackle my problem.

I own Forza Horizon 5 game that's a Microsoft Store title. When the game starts, I get the notification to create a rule, so I create one, but no online connection happen and I can see the title as blocked in connection log. Regardless of how I set up the rules (any port, any protocol or even manual rule in firewall itself) the game is still blocked on medium filtering. If I switch to low filtering profile the game starts connecting.

I never actually had an issue with WFC before, same with Forza titles, the FH4 one works flawless. Kinda suspect it's not really WFC thing... more of a Windows Firewall and Windows Store protected folder BS. Any ideas?

 

Hi, please check if you have a double rule for this EXE-File with e.g a deny-Policy
I have had a similar behavior for an application in the past.
I solved it the following: Seach in the ruleset for the application-Executable (.exe) Then delete /disable all of them. Then start the application or in your case the game again and let create the rules again.

 

Thanks for trying, but I wish it was that easy. I've been playing with it for a couple of hours, deleting and creating new entries for this executable and nothing really changes.

What I established so far is that previous game (Forza Horizon 4) has an "allow all programs" rule that doesn't contain an executable (field is empty), but there is a custom group called Forza Horizon 4 and associated programs "microsoft.sunrisebasegame_SOMEID" where sunrisebasegame is the protected MS Store folder name. I don't know a way to create such a rule with WFC so I tried creating a similar rule in the Windows Firewall with associated programs that have same protected folder name (numbers that start with 62...), but WFC still prompts that it wants to add a rule and neither of those 2 work.

 

Ah, I did't see the last time that you are talking about Windows Store Apps
This kind of Rulesets (with an ID in the Group) are described in the WFC manual Page 35. Headline: "How to allow Windows Store apps that have a different path after an update?"
The group and rulset has to be created /modified in Windows Firewall directly. It CAN NOT be set form Windows Firewall Control. (WFC)

 

The allow rule won't apply until your game completely restarts. If you shut down your game, then restart it it should now have internet access.

 

Please read here a similar problem with Microsoft Flight Simulator. If Forza Horizon 5 uses a similar launch process that mounts a virtual drive, then you can't play the game while outbound filtering is enabled in Windows Firewall which is what Medium Filtering from WFC does. You can also read here how to find out which rule blocked your game if that helps you.

 

This looks like the virtual drive might be the issue, I've seen posts regarding 3rd party firewalls that had weird executable paths (\globalroot\device\harddiskvolume10\forzahorizon5.exe or c:5\forzahorizon5.exe). As per the second sentence - i ran those command line tools and the thing blocking the game was "Default Outbound Rule", imagine that?

Well, at least I know something, I'll go molest Forza forum with this.

Thanks for all your inputs guys!

 

About the virtual device and Windows Firewall:

See the following URL, which could be an idea for a workaround for this behaviour:

https://docs.microsoft.com/en-us/an...ows-apps-such-as-flight-simulator-in-fir.html

and there especially this ...

Synthwave1337-5898 · Aug 07 2021 at 1:17 PM ...

The idea behind is: while a such program is running, mount the virtual device to a drive letter; then a related allow rule for a such program on the mounted drive SHOULD be successful.

Perhaps, it could be automated with a powershell script (or so) ...

 

Not strictly WFC-related, but I'll ask you network wizards. My blocked Connections Log is being flooded with svchost.exe/DNS Client/Dnscache/UDP Inbound entries (port 5353) from devices on my home network, mostly from my second router set in Access Point mode for wireless connections to smartphones/tablets.

Did a quick search but couldn't figure it out. Is it safe to allow these? Anything else I can do or should I just ignore them and keep them blocked? Everything works normally, it's just the Connections Log I want to "tidy up", if possible. TIA.

 

It is safe as long as you use LocalSubnet keyword in the remote addresses property so that you will accept incoming connections on these services only from your LAN. However, you will not see these connections anymore in Connections Log under recently blocked connections, but under recent allowed connections. Same thing So, my opinion, keep them blocked if everything seems to work as expected.

Another thing, once you set up your firewall rules, you can disable the notifications until you notice something which does not work anymore. This will "tidy up" your Security event log even better

 

Many thanks!

 

hi
it's weird , sometime i don't get notifications , to get it i have to restart the Malwarebytes Windows Firewall Control service , that is set to automatic
i have wfc and kaspersky security cloud free
this does happen only on w7 64bit
i have uninstalled and re-installed , without luck
i can't get notification but wfc blocks all the program without a rule
does somebody notice the same issue?
thanks
I have this settings
https://i.imgur.com/vXvUmsO.png
https://i.imgur.com/YPoNA5G.png
https://i.imgur.com/7hFrHhR.png

 

This is from respected alexandrud's answers.
a\ After booting your computer, check if the wfcs service is running. Sometimes Delayed Start of this service can help.
b\ In the WFC main window in the Notifications section, turn off the "Display notifications" option, and turn it back on.
Also in Connection Log disable "Allowed connections" and "Blocked connections" and re-enable them.
c\ If the Connection Log has records of blocked connections for applications without rules and no alerts are shown for them, do the following
1. Click on "Reset Advanced notifications settings", or by disabling the bottom two options. Check if the notifications appear.
2. In the Windows Event Log, check the WFC log for errors.
3. In the registry HKCU\Software\BiniSoft.org\Windows Firewall Control delete the PlacementNotification key.
If the coordinates in it have not been saved properly, it may prevent the notification dialog box from opening.

 

Sometimes, but when I reinstall (without uninstall) and restart, it works again.

 

Hi @aldist
well i will try all of them about the service i tried to set Delayed Start , but after a reboot wfc re-set to automatic

is called WFC ?
thanks

hi @TairikuOkami
do you mean install over ?
thanks

 

Yes, it preserves all the settings, so it is more practical.

 

Hello,
i have a quest with to a problem. When i go to standby and wake the pc later up, tons of firewall request are incoming. The same, that normaly actual have a rule. That is happend evereytime a wake the pc from standby. Is there a way can change this ? Thats very annoying. But not all of t he rules i have to set again. Only some outgoing programs and tools i have to set again and again. But when it runs it runs fine. After shutdown and start the pc new, sometimes i have 2-3 rules i have add again.The rest is fine.

 

Try to:
A) Make a backup of your custom firewall rules by exporting them. From Rules Panel, select your custom rules and from right click context menu, Policies -> Export selected rules. This will create a wpw (WFC format) file which is an XML file. This file can be imported on top of the existing rules without deleting existing rules. For example, if you export a wfw file (Microsoft format), when you import it, all existing rules are erased and only the ones in this file are imported.



B) Right click in Rules Panel and select Policies -> Restore default rules. This will restore Windows Firewall default set of rules. No worries, you have your backup.



C) Switch to Medium Filtering profile and enable the notifications and try again to create a new rule from a notification dialog. Please let me know if this helps.

If you can see now the notifications, then the problem is one or more of your existing rules. Please check generic allow/block rules, the ones defined for all programs. This kind of rules may prevent new notifications if a generic rule is a matching rule for a blocked connection.

If this does not help, try to reset all settings to the default values from Options tab:

 

Are these rules created for files located on mounted drives ? I also use sleep, stand by, hibernate and I never encountered this kind of problems. Instead of re-creating the rules that you already have, I suggest you to define a global hotkey to toggle the profile or if you prefer, when your computer wakes up, manually switch from Medium Filtering to Low Filtering and then back to Medium Filtering. When you set a new profile, Windows Firewall is forced to re-evaluate all the rules and refresh its state. This should solve the problem you mentioned with existing rules that do not work after waking up from sleep mode, while these rules were just fine before entering sleep mode. Please let me know if this was helpful.