Windows Firewall Control (WFC) by BiniSoft.org

Yes I'm reading this post onwards. Thank you.

 

Due to lack of free time, that project is still in its alpha state. Nothing new to share about it.

 

I don't update. It is blocked... guess how. It wasn't that.

 

A Windows crash or another kind of failure at OS level may determine the operating system to restore default permissions on HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy key which will reset the state of these settings in WFC. At this time, there is no mechanism in WFC that reapplies limited permissions in case they were reset.

 

Hello @alexandrud, with SAC enabled, WFC can be installed, but it cannot be executed or made to run. Could that be solved? Thank you very much in advance. All the best.

 

What is SAC? Did you check the Event Log to see why WFC does not run? Is the service wfcs.exe or wfc.exe the one that fails during the startup? Please give more details.

 

@alexandrud
SAC :
https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-windows

 

https://support.microsoft.com/en-us...-control-285ea03d-fa88-4d56-882e-6698afdb7003

Smart App Control

 

Interesting,

Smart App Control from Windows 11 sucks. It blocks WFC even if it is signed with an EV code signing certificate just because it does not have a lot of downloads so that they can build a reputation of it based on number of downloads.
This is from above: There is currently no way to bypass Smart App Control protection for individual apps. You can turn Smart App Control off, or (better yet), contact the developer of the app and encourage them to sign their app with a valid signature.
If the Malwarebytes EV code signing certificate is not good enough, what can I say? Unless you use WFC version 5.3.x.x which is not digitally signed at all. In both cases, Smart App Control, still sucks

 

https://aka.ms/AAj63c5

If someone wants to help me so that SAC does not block WFC anymore, here is the feedback link.

 

Haven't really changed anything in my Windows 10 setup, but it's a few days that I cannot change the Filtering profile. It's stuck on Medium. If I manually set it to Low/High/No, it'll just go instantly back to Medium. Tray icon always stays green.

Tried uninstall/reinstall. Tried fully uninstalling my A/V (its own firewall -ESET- was permanently disabled in any case). Tried toggling Secure Rules/Profile and restarting the WFC service. Nothing seems to work.

W10 22H2 19045.2486

 

I used Windows Repair to "reset" the Windows Firewall. It has worked and WFC works normally again. Will post back if it happens again.

 

SAC Error.

 

Nothing I can do about experimental features from Microsoft. You will have to make a choice, SAC or WFC.

 

https://www.microsoft.com/en-us/wdsi/submission/4a94ea8d-98f4-48c7-9bd4-3cdf41e1e15b

Send some files to Microsoft, but according to the result of the analysis of the MS it tells me not to block it SAC, I do not understand anything. All the best.

"This channel is dedicated for Smart App Control Response and we don't see any block on this file from Smart App's side. In case this is not a Smart App Control issue, kindly resend the file through submission and make sure to choose the correct product.

Thank you for contacting Microsoft."

 

At least you got an answer, even if it does not help you. I sent to Microsoft several Windows Firewall bug reports and never got any reply

 

https://www.microsoft.com/en-us/wdsi/submission/538bb724-004e-498d-84f1-afd661cf9da9
https://www.microsoft.com/en-us/wdsi/submission/f8df998a-f3b1-48cd-9504-c44b8feb34bc

I hope that one day this message does not appear after having sent the files.

I will report if at any time this lock sign does not appear anymore.


All the best.

 

Windows Firewall Control v.6.9.0.0

Change log:
- New: Added support to change the notifications mode from the system tray context menu and from CMD line. They are available only when Medium Filtering profile is the current selected profile.
- New: Added support for negative search in Rules Panel and Connections Log. Use "!" in front of a search term to exclude it.
- Fixed: Locking/unlocking the application does not work correctly on Windows 11.

Download location: https://binisoft.org/download/wfc6setup.exe​

SHA1: a207a66cdd2227815176964d2813d7ed441cc6cf
SHA256: 09eb5f860cb480b158e7f8b376da24a65966f4add3f485993c4e15888e2f79e5

Since allowing wildcards is the most requested feature from the past years, there is also one experimental feature that is not included in the official changelog. Take a look at the screenshot below:



Creating an UPPER CASE notification exception will instruct WFC to auto create firewall rules for the specified exceptions:
- First rule BRUN.EXE translates to: if a file is blocked and the file ends with brun.exe, then create automatically an allow rule for it.
- Second rule C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16 translates to: if a file is blocked and its path starts with this path, then create automatically an allow rule for it.
- This works also when the notifications mode is set to disabled.
- All other exceptions work the same as they used to work. Just the UPPER CASE ones are treated differently.
- This is an experimental feature, please use it with caution. Do not create any exception for TEMP folders or for folders where you download a lot of programs.
- This feature uses the existing infrastructure, without requiring big changes in the code base. Please let me know if it needs to be tweaked.

Thank you for your support,
Alexandru Dicu

P.S. Please let me know if Windows 11 Smart App Control still creates problems with this new version. It is signed with a new EV certificate which may help with that problem. Since I don't use that Windows feature, I could not test it on my side.

 

Bug detected! When changing the interface language (any to any) in the system tray menu you get a mixture of two languages. The menu is normalized upon restarting WFC. There was no such bug in all previous versions. In the screenshot I changed DE to EN.

 

Bug detected! Running with the -cp key does not work.

 

Does Malwarebytes still own WFC? I hope not. I'm like to see WFC revert its gui back to before the gui was god-awful.

 

Who do you think paid for the EV certificate? It is not cheap, besides it is called Malwarebytes WFC.

 

Thank you for the very interesting experimental feature!

About the BRUN.EXE example, not sure which of these apply:

1. A file named BRUN.exe anywhere on the PC (even multiple locations).
2. A file named BRUN.exe and/or GOBRUN.exe etc. (i.e. *BRUN.exe) anywhere on the PC (even multiple locations).

 

Fixed. I forgot updating the strings there too. It will be included in the next release. Not a big deal since a WFC restart fixes it and changing the language is not something that you do on a daily basis.

Not a bug. I updated it to -cl or -connectionslog. I updated all supported parameters on page 7: https://binisoft.org/pdf/guides/Malwarebytes-WFC-User-Guide.pdf#page=7

Still owned by Malwarebytes and I also work for Malwarebytes since 2018.

Good question. WFC does two checks, if the file path of the blocked connection starts with or ends with the string provided as an exclusion. Yes, there will be a match for BRUN.EXE, GOBRUN.EXE, BRUNBRUN.EXE, located anywhere on disk since the path ends with BRUN.EXE. For this reason, for files located in paths like this C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe it is safer to create C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\PLATFORM to auto allow version 4.19, 4.20, etc, instead of MPCMDRUN.EXE.

In a future version it will be also possible to specify wildcards, like %ProgramData%\Microsoft\Windows Defender\Platform\*\MpCmdRun.exe. However, this requires more coding and a final UI for this feature. Based on the feedback of the current implementation I will make a decision. Unfortunately, big changes in WFC require a lot of development time (for example: dark mode support, reordering the rules in Rules Panel, etc) which I do not have. WFC was mainly developed between 2010-2018. Major changes will take weeks/months of work.

 

Did a quick test of the new Path/auto-create rule feature, and it worked as expected.

Created this "exception": C:\USERS\USERNAME\APPDATA\LOCAL\WHATSAPP

Opened a newer WhatsApp version (previous was still present, by design...) and it connected normally. This rule was automatically created:

The actual WhatsApp.exe process is located within each version-numbered folder (app-2.2304.7, app-2.2305.7). It's not the one seen here (below Update.exe). Don't know why they keep doing this convoluted installation mess: (Electron? )​

A nice feature would be to automatically delete the previously auto-created rule (related to the particular "exception") but it may complicate things of course.