Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    I am loving this software, many thanks.
    Well worth the token donation :thumb:
    Mine uses as low as 8mb (idle) to 75mb (gui open) approx (working set) but no slow down at all.

    I did not believe the frequency of svchost.exe 'phoning home' (akamai/microsoft)
    Nice touch in adding block rules in what is seemingly not really needed :thumb:
     
  2. davidmaier

    davidmaier Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    9
    When connected to my local network, using the default ruleset, my
    event log get filled up with thousands of firewall events:


    Die Windows-Filterplattform hat eine Verbindung blockiert.

    Anwendungsinformationen:
    Prozess-ID: 1060
    Anwendungsname: \device\harddiskvolume3\windows\system32\svchost.exe

    Netzwerkinformationen:
    Richtung: %%14592
    Quelladresse: 255.255.255.255
    Quellanschluss: 67
    Zieladresse: 0.0.0.0
    Zielanschluss: 68
    Protokoll: 0

    Filterinformationen:
    Laufzeit-ID des Filters: 119085
    Ebenename: %%14610
    Laufzeit-ID der Ebene: 44

    How do i avoid that without changing the router network setup, by
    just defining a WFC rule ?


    Greetings

    David
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    This is an inbound connection that was blocked, probably generated by your router. Do you use a router ? The DHCP server tries to connect to your machine.

    You can avoid these thousands of blocked connections by creating a rule to allow all inbound connections for svchost.exe like the highlighted rule from the screenshot below. This is a Windows Firewall default rule. Don't you have it already in your rules set ?

    Untitled.png

    Later Edit: I saw that it used protocol 0. Maybe it would help if you set the Protocol to ANY instead of UDP. Just to test it.
     
  4. davidmaier

    davidmaier Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    9
    Still no luck. I changed the protocol to ANY for both IN and OUT core DHCP networking rules all other rules are default and enabled.


    Greetings
     
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    If you use Medium Filtering profile in WFC it is normal to see so many blocked connections for svchost.exe especially for outbound. Inbound connections are anyway blocked until a rule allows them. Is there any functionality that is broken for you because of these blocked connections ?
     
  6. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    Been using this for a few years now works like a charm using the defaults. Both 32/64-bit version works great.
     
  7. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    @alexandrud You earlier stated that the stock Windows Firewall only alerts for blocked incoming connections, and only for signed applications. Although it's necessary in only micro fraction of applications, would it be possible to make this work with all applications, instead of just signed applications? Presuming Windows Firewall also logs blocked incoming connections...or is that a whole lot more complicated?
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    This behavior in Windows Firewall can't be changed because is out of my control. It is not complicated to add notifications for inbound blocked connections in WFC, but I will not add them because there can be thousands of inbound connections blocked in just a few minutes. There will be too many notifications. Instead, I can modify the Recently Blocked data grid to filter the blocked connections by direction: outbound (like it is now) and inbound (this will be new).

    How does this sound ? If you have another proposal, please share it.
     
  9. AppletopHat

    AppletopHat Registered Member

    Joined:
    Jul 8, 2013
    Posts:
    5
    Location:
    Earth
    Hi, Hello. Just wanted to say thank you! I had previously tried tinywall but it didn't like me :p Ran across this and have been using it for about 3 weeks with Qihoo 360 IS and all seems well. I find it a total pain to deal with windows firewall advanced settings but this really does help. Thank you again :)
     
  10. MyBlackBox

    MyBlackBox Registered Member

    Joined:
    Jun 28, 2013
    Posts:
    35
    Location:
    Italy
    It seems a BOOTP connection. I should go to your router's IP or another internal LAN address.
     
  11. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
    Removed Off Topic Posts. If you have an issue with the developer, contact them here: http://www.binisoft.org/contact.php.

    Let's keep this thread on topic, and not bash each other. If it continues, this thread is destined for closure!
     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    Windows Firewall Control v.4.0.0.8 - New release

    What's new:
    - New: Updated the filters in Recently Blocked window to be able to display also recently blocked inbound connections.
    - New: Added a new override checkbox in the Properties dialog of a rule which can disable temporarily the validation for the remote IP addresses field. This is useful when the validation for IPv6 can't be validated by the WFC internal rules but the input is correct.
    - Updated: The CheckBox template was changed to RadioButton template for the "Play default sound" and "Play custom sound" options in the Notifications tab.
    - Updated: Reduced the size of the installer by 20%

    Installation notes: Just use the updater to update to the new files. That's all.

    Other notes: About the new override function for remote IP addresses. If you activate this checkbox you can input also a wrong input. In this scenario, even if you press on the Apply button the rule will appear to be modified. Press on the Refresh button to reload the rules. If everything was ok, then the new value was saved and will be displayed. If the input was wrong, then it was rejected by the Windows Firewall API and the old value was not updated. In this case, after you Refresh the rules list, the old value will be displayed. The last valid value.

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 010a8e29137959fb109d1d860070e75d2ddb2b2e

    Thank you for your support and your feedback,
    The developer ;)

    4008.png
     
  13. SwissBIT

    SwissBIT Guest

    @davidmaier

    This is broadcast traffic. Stupid question: Do you MUST allow this?

    Kind regards,
    SwissBIT
     
  14. SwissBIT

    SwissBIT Guest

    @alexandrud

    Thank you for update!

    The solution for IPv6 is easy and clever!

    Best regards,
    SwissBIT

    PS: In the next post, I will try to give you some crash reports for crashes that I had already communicated here.
     
  15. davidmaier

    davidmaier Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    9
    @SwissBIT

    If blocked my eventlog fills up at a speed of approx. 10000 new events per hour. I have no access to the network routers / devices to change their broadcast features.
     
  16. davidmaier

    davidmaier Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    9
    I just updated to 4.0.0.8 and tried to allow the following inbound connections using the recently blocked list,

    wfc-rule-not-created.png

    but no rules are being created.

    Greetings
     
  17. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    @alexandrud

    Hi there,

    Excellent program. I went ahead and bought it.

    I have a small request for enhancement. The shell integration is excellent and very handy. However, every program these days includes shell integration, thus showing a very big list.

    There are two items in the shell integration, which both are excellent choices. One "Allow Through" and the another one "Block Through".

    Now, is it possible to have a cascading menu (sub menu) for WFC, thus taking one entry in shell integration, rather than two entries?

    Thus, also any future entries can be also added to this cascading menu (sub menu).

    Best regards,
     
  18. SwissBIT

    SwissBIT Guest

    @davidmaier
    I have this incoming traffic and events (blocked) also. I do not need these connections and they do not seem to slow down my system. Therefore, these entries are HERE only intended for the garbage.

    One question remain: You really NEED this connections? If not, is it not possible for you, to ignore these, regardless of the large amount - or in other words, produces a router UNNECESSARY or even UNWANTED connections - why should it be necessary to allow this traffic?

    But okay, maybe I'll watch for a closer look (if I have enough time for it).

    Greetings,
    SwissBIT
     
  19. davidmaier

    davidmaier Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    9
    @SwissBIT

    My question now is how do i create a rule from within wfc that allows
    that kind of incoming traffic. On my core 7 system i can´t feel any
    impact but on my first generation atom i can feel it. Also i don´t like
    filling up any event logs for nothing.

    Greetings
     
  20. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Been following this product for years now. Great to see it mature to it's current incarnation! Always liked the 'looks' of it as just simplistic elegance but effective. Paid for it immediately.

    Why no 'Allow for now and ask me later'? Similar to 'Block for now and ask me later'. With this rule let's say I allow Firefox outbound connections but as soon as I close it and reopen it WFC will ask again. In other words when I close Firefox the rule disappears since it is only temporary....just a little more granular control to test or whatever. Do not want to keep going into the rule sets just to delete a rule...not efficient IMO.

    If this is already possible sorry but just installed the product so newbie here.

    Thanks,
    Robert
     
    Last edited: Jul 10, 2013
  21. SwissBIT

    SwissBIT Guest

    @davidmaier

    Okay, all right. I will try to create a rule ...

    Greetings,
    SwissBIT
     
  22. SwissBIT

    SwissBIT Guest

    @Robereyewhy
    Yes, this is already possible. Click on the T in the notify box, this is for temporary rules.

    Greetings,
    SwissBIT
     

    Attached Files:

  23. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Thanks SwissBIt did not see that. However, when I close then open Firefox I am allowed outbound connections. How long does the temp rule remain? If I log off/restart then it disappears.

    Would rather it (temp rule) be removed every time I open then close an app/system exe or whatever.

    Just seen in Manage Rules and Properties for the Temp rule for Firefox:

    Temporary rule. This rule will be deleted automatically on the next program start.

    However, this is not the case.

    Alexandrud any comments?

    Thanks,
    Robert
     
    Last edited: Jul 10, 2013
  24. SwissBIT

    SwissBIT Guest

    The next START of WFC deletes temporary rules (are not deleted when you exit) ...

    WFC does not register the program terminations or so. Maybe it would be good if we could define a period of time, would be deleted after?

    Let's see what alexandrud says ...

    Greetings,
    SwissBIT
     
    Last edited by a moderator: Jul 10, 2013
  25. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    That's what I thought.

    Yes please Alexandrud. Say from 5 seconds till xxx seconds/minutes or until restart of WFC. Give the user options to make their own decision. That would be all I need for now as will refine and create my own rules later.

    Thanks again for the quick replies SwissBIT.

    Mahalo,
    Robert
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.