Windows Firewall Control (WFC) by BiniSoft.org

Thank you! Don't worry about the time, WFC works great as it is. Just one more thing:

I like to re-arrange rules by the same program, so they are next to each to other. If program X creates a new rule on top of the list and has another rule elsewhere down the list, I'll delete the old rule and re-create it, so it'll be on top next to the new one. No need for A-Z sorting as suggested here (it's a good alternative - I'm doing sth. similar anyway).

If I understand correctly, WFC exports the rules in the order they are displayed in the Rules Panes, which is why the above method generally works. However, sometimes it doesn't. When importing a partial policy file, a few rules (usually not many) will often be in a different place.

After a bit of testing, I confirmed the problem is with the Export Rules process, not Import. When exporting many rules, their order will not always be reflected accurately in the .wpw file. Perhaps I'll try finding out if there's a common property in these rules, causing them to change their order during export. Unless it's expected, and WFC is not really meant to export rules in their exact displayed order?

edit: This is all about partial policy files, not full. Haven't tested .wfw export/import.

 

Hello,

I would like to ask whether my firewall rules are in order, or are there security concerns?
Can I system services like "System, widgets.exe, rundll32.exe, fesearchhost.exe, mousocoreworker.exe, taskhostw.exe, systemsettings.exe etc." block without problems? Or does windows need a connection to this service?

I use Windows 11 and DNScrypt and have a Static IP address (DHCP is off).

Firewall Mode: Medium Filtering

Screenshot: https://s20.directupload.net/images/221126/jfrxy6sa.png

I don't use Shares, RDP, printers etc.

 

From my experience, all this can be blocked. To ping external addresses, you need to allow outbound ICMPv4 and ICMPv6 for System (create two rules). These rules are by default part of the recommended WFC rules.
In the Windows firewall the principle of "what is explicitly not allowed is prohibited", so you can not create prohibitory rules, and after the final configuration of the system to disable notifications or add applications to Notifications exceptions.

 

I'm reading that this is related to Windows Update? If so, is it still ok to block?

 

I notice some apps behave differently when there is a rule blocking outbound connections vs waiting for the block prompt from the user. Is there anyway to make the block rule behave like the wait?

 

There is no wait there because the notification is displayed for an already blocked connection, not for a paused connection. Can you give more details on what is different with an app example?

 

Having trouble lately manually adding rules to the WFC group. For example, a program creates Inbound rules. I right-click them in the Rules Panel, adding them to the WFC group. When refreshing the list, their WFC group entry disappears (in the group column) i.e. they're never really added to the WFC group. Not sure what's going on.

Creating a duplicate of these rules does not add them to the WFC group, either. Using Windows 10 (current version).

The only workaround that works is to enable Secure Rules. In the question "do you want to add rules with no group... etc", answering Yes adds the rules to the WFC group. This time, it works.

 

Check WFC log to see if there is logged an error while modifying the rule(s). It may provide a reason.

Sometimes, the firewall rules store may get corrupted. You could try these steps:
- Select and export your custom rules (right click in Rules Panel -> Export -> Selected rules)
- Restore Windows Firewall default set of rules to refresh the state of the rules so that any corrupted rule is discarded
- Import back your custom rules
- Try again changing the group

 

Thanks, I'll try these if/when it happens again. I cannot find a WFC log, unless you mean the WFC entries in Event Viewer/Applications and Services Logs? I only found Information-level entries there, nothing out of the ordinary.

 

RMB click on tray icon > Connections log

 

Not sure how is the Connections Log relevant with WFC-related application errors. It might give an indication but it's not about reporting and logging errors.

 

%SystemRoot%\System32\Winevt\Logs\WFC.evtx

 

is there any way to allow DoSvc (delivery optimization service) while in Medium profile?
Windows 11 22H2

the destination/3128 you see in the screenshot is the system proxy

 

If these connections are still blocked, despite the allow rules, it means that you can't restrict those connections with a service based rule. Windows Firewall has some predefined rules which cannot be overridden by user-defined rules. WFC can't change this behavior.

 

Hi.
Stupid questions maybe, but is WFC fully compatible with Malwarebytes Premium?
Do I need to disable something?
Also, is it free?

Thanks in advance!

 

WFC is freeware since 2018 and it is compatible with Malwarebytes Premium.

 

Thanks Dicu!

 

I just installed today WFC and I don't see such behavior. Any program I run is able to connect (outbound). Any help would be appreciated, TIA.

From the user manual

 

Can you share more details about your setup? Do you use any VPN? What other security products do you use? Do you use Group Policy to control Windows Firewall?

 

Any details?

Maybe you have Low Filtering or No Filtering enabled?
Turn on the High Filtering profile, if no applications can get online, then the WFC is basically fine.
Turn on the Medium Filtering profile and always stay in it.
The WFC wfcs.exe service is probably running, otherwise you would see a black icon with an exclamation mark in your tray.
Go through all the WFC rules, there might have been an "allow all" rule in the old Windows firewall rules that is still working.
In the Rules Panel, remove ALL outbound connection rules, now no applications will go online until an allow rule is created. Create allow rules for applications as needed.
If you enable Learning Mode, digitally signed applications can create their own allow rules.

 

The secure profile disabled itself 2 times now. One time windows crashed and when i rebooted it was from medium filtering to low filtering by itself. And the secure profile unchecked. I guess the secure boot couldn't do something because there was not a shutdown signal. After that i was looking at it once a week or so. 1-2 months later casually checking if the secure profile was still on, it wasn't. No crashes or anything this time.

 

If I remember correctly, right after installation WFC starts in Low Filtering mode (and rightly so) which would explain this behaviour. Medium Filtering mode is the preferred mode and you need to switch to that, after making sure you've set up options and rules correctly.

 

Among others, TinyWall. And I found it was somehow interfering with WFC.
I thought disabling it (Right-click > Change Mode > Disable Firewall) was enough but it wasn't.
Uninstalling it resolved the problem, now WFC works as it should on Medium Filtering.
Sorry for not testing properly before coming here to post.

Is there a way to make them work together?
I mean, TinyWall and WF can coexist and were working fine at least in my setup so I believed WFC might work just fine too.

Thanks to all for trying to help me out.

 

Some Windows Updates will reset permissions on certain Windows Registry keys, including the ones where WFC limits access. There is no workaround for this other than uncheck/check again that checkbox.

 

No. WFC and TinyWall are not meant to work in the same time to control Windows Firewall.