Windows Firewall Control (WFC) by BiniSoft.org

And to you, too! Many thanks for your continued hard work.

Just a minor observation: when the installer is finished and "Run" is selected (Update completed successfully - Run), the wfcUI.exe process is launched with admin rights, which I believe is not the default behaviour?

 

It is the expected behavior since 2010, wfcUI.exe will be launched with the same privileges as the user account who elevated it during update/installation. It was always a low priority requirement to launch it under the currently logged in user.

 

@AmigaBoy
Good finding!


@alexandrud
All the best for you and a thanks for your awesome work!

About the "Run" and admin rights "problem". Of course a fix to start "Run" as current user (without elevated rights) would be even the best solution But at least as workaround:
why not just take away the "Run" button there. Personally I never used it and started it via (self created) Desktop Icon again ... So you could generate a Desktop Icon (of course for current user) while installing and at the end of installing a little info there to start it with that Icon manually after ...

 

Please don't do that, unless it's optional.

 

@AmigaBoy

Ok, could be started over the Start Menu anyway.

Well, a Desktop Icon is nothing bad generally - but I understand that this can be not desired to avoid too much Icons on the Desktop. So if, then optionally, I agree.

 

Someone that can help with this?

 

You have to allow svchost, no dedicated service.

 

I have two rules that are related to Windows Update (Windows 11):
WFC - Windows Update - C:\WINDOWS\system32\svchost.exe
Outbound rule to allow Windows Update (wuaucltcore.exe) - C:\windows\uus\amd64\wuaucltcore.exe

 

What about mousocoreworker.exe & sihclient.exe ?!

 

Why isn't my Port 113 stealthed? Everything else is stealthed!
How to create a rule for port 113 in the Firewall, to make it invisible to the outside
https://i.imgur.com/Y3jcZdk.jpg

 

You do know that WFC is just a Front end for the windows' firewall
And not a firewall replacement ?

 

Regarding the discussion of Microsoft.DotNet.DesktopRuntime, this is the way it works in the real world, if apps want it, they will not run without it, no questions asked.

 

Yes, I have those 2 as well.

 

I wonder why WFC blocked itself while installing Office on a W7 x64 laptop.

 

@Mr.X

Could you please paste the whole lines here, especially the destination ports ...

Maybe those are DNS requests??

Greetings

 

Did it have an allow rule? Without an allow rule all connections of WFC are blocked. The notifications also trigger digital signature checking by using wintrust.dll which may go online for retrieval of revocation lists.

 

anyone else getting no notification on blocked app?
latest update

 

@mango

No, but you should add more info(s).

Is that generally, is that for one program/app only, etc ...

 

@alexandrud

I had the following problem in the rules window with v6.9.9.1:

After changing a rule and "Apply" the window did not close automatically. The change has been applied.

Tried it 3 times and 3 event logs were logged (see attachment).

After closing and reopening the rule window it worked again.

That was the very first time I had this problem. So I assume it has to do with recent adjustments to WFC.

Thought I'd report this and keep an eye on it.

Greetings
Alpengreis

 

1. Try disabling and re-enabling the "Allowed Connections" and "Blocked Connections" options in the connection log on the right.
This will force the WFC to re-apply the required audit settings.
2. Also in the main WFC window in the Notifications section, turn off the "Display notifications" option, and then turn it on again.
3. Also reset the advanced notification settings to default by clicking the link at the very bottom of the notification settings window, or by unchecking the two bottommost birds (the third bird from the bottom can be enabled).

 

This is the problem for me when I perform a deep cleanup, like stopping services WFC uses to clean event logs, so I have to reinstall it afterwards.

 

Unauthorized rules from unauthorized groups that are disabled by WFC security settings are not now marked with the U prefix?
Previously it was U - Google Chrome (mDNS-In) and now it's Google Chrome (mDNS-In)

 

Happy New Year everyone!

A Secure Rules question. Some programs, do not like having their Inbound rules added to the "Windows Firewall Control" Group and will keep recreating them, as if those rules do not exist any more. I seem to remember Steam was one such case, but there are others too. Is there something else that gets changed to those rules that may trigger this, apart from the Group addition?

Indeed, the U - part has been removed from the rule name. It's in the Rule Description though.

 

Because of this behavior:

What's new in version 6.8.1.0 (10.02.2022)
- Improved: The logic of disabling unauthorized rules was changed to update the rule description instead of the rule name to avoid repeated rule creation as a result of different rule name.​

Some poorly written software check if their exact rule exists. If any detail of the rule is different that their details, they will keep creating the same rule over and over. This is is why Secure Rules as a feature was implemented in WFC.

For the same poorly written software I had to change the rename of the rule name to rename the description.

Which software has this behavior in your case?

 

AnyDesk for sure, perhaps some EaseUS software and a few others which I can't remember now. Not a huge problem, just slightly annoying and not WFC's fault of course.