Windows Firewall Control (WFC) by BiniSoft.org

Yes, they are special. Svchost.exe is used by all Microsoft Windows services to connect to the Internet. The operating system has some restrictions on which protocols and ports some of these services are expected to execute. This is why for certain services, a generic allow rule will not apply. The same thing for SYSTEM, certain network related actions are expected to happen and allowed only in certain circumstances. If you check the Windows Firewall default rules, there are many rules for svchost.exe and System. They can't just be replaced with 2 rules only.

 

Thanks!

So other than the Windows default rules + WFC recommended rules, it's fine to just ignore any other svchost.exe and System notifications and leave them blocked?

 

WFC recommended rules is a subset of Windows default rules, a minimum ruleset required for basic networking operations. You can use WFC recommended rules as a starting point, on top of which you will add new rules for your custom programs. If you don't need to access/ping your machine from your local network, you can delete all the inbound rules from this subset. Below is my starting ruleset:



No inbound access, my web browser allowed and the rules required for my printer to print papers.

 

@alexandrud do you think these two fields are needed to be included in WFC?
TIA

 

They are not really needed. Windows Store apps/games automatically add the required Windows Firewall rules when you install them as part of their installation routine. This use case where the user will start defining by himself firewall rules for these app packages ids is not a very common use case. In the worst case scenario, where you delete these rules, WFC will notify you to allow directly executable files located under %ProgramFiles%\WindowsApps subfolders. These firewall rules work too, even if they are not targeting a specific package id, but the actual executable file. WFC was never intended to replicate all features from Windows Firewall, especially the ones that have little use. There is no plan to add support for these.

 

Hello
I have not been lucky to find an answer to the following question:
Is it possible to create a rule that allows connections only to the local network, but also to 1 external (internet) ip?

I tried to create 2 rules:
1. Allow rule with a keyword LocalSubnet
2. Allow rule with specific external ip

But it doesn't work for external ip, as a result only LAN is allowed... As soon as i disable 1-st rule, i can connect to external ip.

 

It happened again. This time on Windows 10 x64.
I'm not able to toggle profiles anymore. It stays in Medium Filtering (green).
Sigh.

 

What error is logged in WFC log when you try to switch the profile and it does not work?

 

I think I found something that might help you:
https://youtu.be/Mf_OPIOuXdM

I can repeat the scenario if you wish in order to troubleshoot.

 

Thank you. I understand the problem. Secure Profile detection does not always work correctly, it may appear as disabled even to WFC, therefore any profile change does not follow the correct flow in code. Currently, toggling Secure Profile on and off fixes it, but it should not happen this way. I will fix this problem in next WFC release. Thank you for your report and for taking your time to provide the video of the problem.

 

Don't know if what you want can be achieved, but you can combine those in a single rule. Select Custom Addresses, then separate them with a comma - no space:

LocalSubnet,0.0.0.0 (replace 0 with your IP).

 

I really hope a nice dark theme makes its first appearance in the next release

 

Windows Firewall Control v.6.19

Change log:
- Fixed: Secure Profile is sometimes out of sync, it appears as disabled while it is actually enabled. Secure Profile reinforcement was rewritten to use events instead of a timer.
- Fixed: The service does a lot of processing when Medium Filtering profile is enabled but the notifications are disabled.
- Fixed: When using Learning Mode, if you manually delete a newly created rule, Learning Mode will not work anymore for the same app unless you restart WFC.
- Fixed: Rules from specific authorized groups list are not preserved by Secure Rules if the group name contains the apostrophe character.
- Fixed: While Secure Rules disables an unauthorized rule added from outside of WFC, it does not disable the rule if it was enabled from outside of WFC.
- Fixed: Importing rules may not properly complete if Secure Rules is enabled.

Download location: https://binisoft.org/download/wfc6setup.exe
SHA256: 27403f34ddb154ef4eb56a0a4b2dff708759e5b341f469b519cd61110b112182
SHA512: b66475bf6fae26df34eab036e951a37f2159e00ac9c1f705fbb7a2c22e609bb5079405313d9572f43495cb4ee2f01547d484a96c735dc4482771bda5a7adcd34

Thank you for your feedback and your support,
Alexandru Dicu

P.S.: Dark theme is still not finished

 

I've updated over the existing v6.18, but it's still not working properly. Same behavior
Should I restart my computer?

Edit: restarting the computer made no difference.

 

Hello,
yesterday I updated successfully from 6.18.0.0 to 6.19.0.0 by using the automated updater in Infos tab. I hope to not be wrong but if I remember correctly it uninstalled 6.18.0.0 version before installing 6.19.0.0. Maybe you should first uninstall the version currently you have in your system before installing 6.19.0.0 using the manual installer wfc6setup.exe. Before doing that it's better to make a backup of WFC rules (Rules tab - Export rules to file) and WFC settings (Options tab - Export settings to file)

 

Does this happen on this machine only or across multiple machines? Does anyone else have this issue? I will try something else in code in the following days and I will keep an eye on it.

 

I normally stay on Medium profile but I've tried right now and I'm able to switch to other profiles withous issues. My OS is Windows 11 24H2 build 26100.6584

 

I've got this machine only.

 

Already tried it. Didn't work.

 

Hello,
is it possible that in the latest version 6.19.0.0, automatic addition of rules added in Notification exception with UPPERCASE is not working correctly?
It works correctly in the previous version.
Thank you for your work!

 

I removed the rule for my browser and it got recreated immediately. Works here with WFC 6.19. Which is the file that you want to auto allow and what notification exception did you create?

 

Unfortunately, it doesn't work. I have Windows 11 25H2. And I set up winget.exe, for example (I tried other files and paths as well, of course). As soon as I install the previous version, it works again.

 

Works here. But there seems to be a misunderstanding regarding the feature. Outbound blocked connections are processed only if the Display notifications is enabled or Learning mode is enabled. I noticed that you have the notifications set to Disabled. Notifications, including notifications exceptions, never worked and were never supposed to work if the notifications are set to Disabled. The entire logic is skipped.



LATER EDIT: I know what you mean. I installed version 6.18 and notifications exceptions work even with the notifications set to Disabled. This was the wrong behavior. But if more people will vote for this, I will revert the wrong behavior and we can consider it the good behavior

 

I would really appreciate, if the behavior could be set as it was before. Where I use WFC, users are unable to recognize what is correct and what is not. So I have set everything up for them.
If you could also implement a feature that creates auto-rules for non-admins (like in version 6.9.9.1), I would be very grateful. And I would very much like to express this gratitude in monetary terms.

 

@alexandrud

Ahem ;-) wrong is wrong ... I vote for fix

Greetings