another Windows Firewall Control?

Menu items in "Medium Filtering" have same label "Allow Program...", could we have something looks like "Browse to add", "Click to add" to make menu selection easier and quicker? I know the icons are different ...

 

Alex, just to clarify, can we export Advanced Security rules and import them into the latest version? By your wording, I'm guessing not but don't know for sure.

 

I think that "Browse to allow", "Click to allow", "Browse to block", "Click to block" will be more adequate. I will change them in the next version.

Yes you can, but WFC won't be able to show them. Only the rules created with WFC versions 3.0.1.0 b1, 3.0.1.0 b2 and 3.0.1.2 can be recognized and listed in "Manage Rules". Off course you can export your policy from WFwAS and import it back.

I currently finished a new feature named "Protect Application". If this one is activated, it will launch a new process named "wfchost.exe" (embedded resource) which will prevent wfc.exe from being closed. In case "wfc.exe" is closed through Task Manager or from the exit button, "wfchost.exe" will launch it back. Meanwhile the process "wfc.exe" will prevent the closing of "wfchost.exe", and launch it again if this one is closed.

What do you think ? Such a feature will be usefull or useless ? How should it be implemented ? I was thinking of this to be activated when a user locks the program with a password, preventing also the program being stopped.

Any suggestions are welcomed, along with new features that you think that will be usefull.

 

I think this is useful exactly under this condition. I would not appreciate this feature as default condition. Being activated when locking the program sounds a good idea.

Updated successfully from 3.010b2 to 3.012. Everything is fine so far.

From what dpi on is the new "high-dpi-version" useful?

Thank you

 

I don't intend to add this as a default behaviour because is not fair. On the other way, if the program is in locked state, even if a user closes the program, this would not help at all because neither the Windows Firewall Control Panel applet nor WFwAS, are not accesible until the good password is entered to unlock the program.

The alternative version is recommended for 125DPI. The default ones used in Display properties are 100 and 125. It may also be useful for a higher DPI.

 

I guess I'm a glutton for punishment. Bit the bullet and decided to try the latest version which gives me this

Code:

Description:
  Stopped working

Problem signature:
  Problem Event Name:	CLR20r3
  Problem Signature 01:	wfc.exe
  Problem Signature 02:	0.0.0.0
  Problem Signature 03:	4ea9fc4f
  Problem Signature 04:	wfc_
  Problem Signature 05:	3.0.1.2
  Problem Signature 06:	4ea9fc4f
  Problem Signature 07:	287
  Problem Signature 08:	68
  Problem Signature 09:	System.NullReferenceException
  OS Version:	6.1.7600.2.0.0.256.48
  Locale ID:	1033

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  E:\Windows\system32\en-US\erofflps.txt

 

When in the execution of wfc.exe, this error ocurred ? This is strange because almost the entire program is in a try{} catch{} statements, and there should not be any unhandled exceptions. When did you get this error ? Did you press a button or the program does not start at all ? The last beta 2 worked for you ? Basically this contains the same code as the last beta.

 

It was right after installation. At any rate, I started it up from the Start Menu icon as Admin and it said installation completed. Maybe just a hiccup on my end.

 

What is this for?

 

When you press on "Check for Updates", wfc.exe will connect to a xml file located on the hosting server of the website and verifies if the version in that XML file is newer than the current version installed on your PC. That's all.

 

Is that your address? I have you setup with a different IP range then that for checking updates

 

No it is not. The website is hosted in US at HostGator. Maybe they did some maintenance tasks and switched the IP for a short time.

 

Just to be clear, I was not checking for updates when this alert popped up. In the past, I have been alerted to this exact same address for svchost.exe. I wonder what the Ip is for? I'm also wondering about all these akamaitechnologies alerts. At one time, I had svchost.exe setup to allow for just windows updates whilst blocking everything else and all worked fine. As of right now, I have svchost IP range allowances for - McAfee, GoGrid, Ocsp.digicert, Ocsp.entrust, VeriSign Global, VeriSign, akamaitechnologies, RSA-Security, GoDaddy, Qwest Communications, servepath, cachefly, Beyond the Network and Level 3 Communications. All of which mean pretty much nothing to me. If at one time, I functioned normally without these being allowed, it should work again. On what little reading I've done about them, it mentions that they host info to transmit more quickly to a specific region. Why would that even be needed in this day and time with high speed internet?

 

Alex, do you plan to extend creating rules via WFC so that specifying IP-adresses or IP-ranges will become possible?

 

Well, you are the first person that would like such thing. If there will be more users who would like such a feature, I will add it. I never added such an option because the most users will not modify these settings for their rules. If a user already do this, he's already an advanced user who already do this through WFwAS. I will think about it. Thank you for your suggestion.

 

If this isn't hard to implement, I think it would be a great addition. I find the Windows Firewall interface to be cumbersome which is why I like WFC so much.

 

Hi,
I would also like this option.
Imagine if you have a Program where you have entered a Proxy and want to be sure it only does connect through the IP of the Proxy. The quickest way would be that you cannot just select the Port but also the IP with learning mode working.
Please ADD this option!

thanks

--------------

I also want to report a bug with the latest Version (3.0.1.2) that does appear for me:
Learning mode does not work, no popup appears.

The Prog is activated and so on.
I did a clean install of the prog, but no success.
At "Windows Logs -> Security" the blocked connections do appear.

I will include wfclog.txt as attachment.

Let me know how we can resolve the Problem.

With another tool called "Windows Firewall Notifier" that also has a Learning Mode, Popups do appear.

Best
ibydos

 

I already fixed the problem with notifications not showing up on some computers where users accounts do not have access to the security events. Today I will implement the IP range, and soon I will publish the a new version.

 

Great news! Thank you

 

I looked at the website of this tool and saw that there is a "Allow Once" feature enabled of which I thought it would not be possible with Windows Firewall and WFC ...
maybe there is a way ...

 

What's new in version 3.0.1.4

√ New: Added support for displaying and editing the remote address in "Manage Rules". IP ranges supported.
√ New: Shortcut to "Event Viewer" in "Manage Rules".
√ Fixed: "Learning Mode" is not enabling on Windows versions that are in spanish or portuguese.
√ Updated: The pop-up notifications allow to customize remote IP at creation of a new rule.
√ Updated: Some menu names were renamed to some more appropriate names.

Installation notes:
Installation notes: If you update version 3.0.1.0 or 3.0.1.2 to this one, your firewall rules will be converted automatically to the new format. If you use an older version, a clean install is mandatory. Please uninstall your version and choose to restore the Windows Firewall default settings. We are sorry for any inconveniences caused by this transition.

Download link for the normal version:
http://binisoft.org/download/wfc.exe
Download link for the higher DPI version:
http://binisoft.org/download/dpi/wfc.exe

Note, especially for Greg S:
At installation, the rule for wfc.exe, needed for the "Check for updates" feature, will be created only for port 80 TCP and the server IP address 50.22.79.60. This is the only IP address where wfc.exe should connect. Any other attempts are made by VeriSign Registration Service, which tries to connect and verify the digital signature of wfc.exe, and should be blocked.

Any feedback is welcomed. Thank you for your support.

 

Which rules will be converted? Just the ones previously made by WFC or WFAS also? I hope for the latter in hopes that it will populate the manage rules dialog. If not, I wish that it could along with the option to hide builtin default such as core networking etc..

Are there any problems if VeriSign and similar can't connect for verification? I've already gone back and blocked all the ones I mentioned in a previous post with no ill affects. Window updates linked to Svchost has been configured with only two IP ranges and it works. It's amazing to me how much Microsoft, VeriSign and especially akamaitechnologies want to connect to the net. I monitor it and if it can't connect in one way, it will try another. When it tries another, I block it.

 

The WFC rules. At remote address in "Manage Rules" it will show "Any". If you modified the remote IP in WFwAS for some firewall rules, you must enter those IPs or IP ranges in WFC also. To do this, select a rule and choose to "Modify rule", then specify the IP or the IP range and press Apply. Now, the remote IP will be updated also in WFC. Sorry for this, but this is the only way.

There is no problem if you deny connections to VeriSign. Those programs will run just fine.

Please share here your configuration of svchost.exe that you use for Windows Update. I am thinking to tweak the default rule for svchost.exe, and I need some samples.

 

Ok, I haven't installed it yet but from what you are saying, this would be easy enough for me to do even though I have quite a few custom rules in WFAS. I'm just looking to get to the point where I'm only needing WFC for monitoring and rule managing. You've come a long ways with this app, much appreciated!

As mentioned above, I haven't installed it yet but would like to ask a question. Now that detailed rules can be made for IP's/IP ranges, does the option exist to copy the alerted IP to clipboard? Another option maybe, clickable link(pre-allowed by WFC) to Network tools or similar so one can investigate where the outbound alert is going to?

I can share the Svchost/WinUpdate from WFAS if that would help. Svchost is allowed but it's tied to the wuauserv service. Of course it wouldn't have to be though.

 

As you can see in the screenshot below, you can copy the remote IP very easy. I can add a new button that can convert an IP to the hostname. Maybe this would be helpful.

http://s9.postimage.org/4tz55wdpr/newnotification.png

Which network tools do you have in mind ?
Thank you for sharing the IP range for svchost.exe.

For others who just now are reading this topic: Version 3.0.1.4 is available !