Windows Firewall Control (WFC) by BiniSoft.org

@alexandrud

I have analyzed a little bit deeper.

I start the wfc.exe NOT as administrator (even looks good from the registry). And I have no problems with permissions.

Rather, there seems to be an issue if another program does not start correctly - as in my case, it seems really to be the Secunia PSI Agent. In this case (sometimes) the whole Desktop start process is delayed and also other programs can have starting problems. I must see if I can solve the problem by "PSI Service = Delayed start". Moreover, the problem occurs here only rarely.

Conclusion: HERE it is probably NOT a problem of WFC!

Thank you, alexandrud!

Regards,
SwissBIT

 

@alexandrud

May I ask concerning the changes in locking system (https://www.wilderssecurity.com/showthread.php?t=347370&page=4)?
This is clearly the most important thing is still missing (for me)!

Regards,
SwissBIT

 

What does the "Lock the state of Windows Firewall" do?

Robert

 

Hi Robert

You can set a password to lock the GUI. In this state, you (and others of course) can not make changes with the GUI. But each time after unlocking the GUI, you MUST reenter a "new" password to lock again.

Greetings,
SwissBIT

 

Yeah but the 'Manage Rules' are locked too! Also, are no notifications given? If this is so, ALL one's rules must be established before lock down?

What are you asking Alexandrud to change?

Thanks,
Robert

 

Yes, completely locked, without notifications (I wanted to write this before, but the heat, you know *g*)

Well, this is not a MUST ... otherwise it will just simply proceed according to the selected filtering level and existing rules ...

Please read with beginning from Posting:
https://www.wilderssecurity.com/showpost.php?p=2237910&postcount=69

Regards,
SwissBIT

 

Thanks, Swiss. Will read those posts. But that is what I mean...if I lock WFC and I am on 'Medium Filtering' ONLY existing rules would be processed.

Has to uninstall due to the Win 8 store, weather and mail not working. Only way for me to get them to work was to put WFC in 'No Filtering' or exit it entirely. Reinstalled and will see if the problem persist.

Alexandrud, when uninstalling, WFC was still in Event Log.

Robert

 

Exiting WFC will do nothing regarding the connection capabilities of other programs. The rules are in Windows Firewall and they apply even if WFC is not running. Regarding the second question, I will update the uninstaller to delete also the WFC log category from Event Viewer.

The changes to the locking system are not yet implemented. A future version will contain these changes.

 

As for WFC in the Event Log, for me I was just going to reinstall anyway.

I understand how WFC is implemented. However, ONLY got store, weather and mail to work by putting WFC in 'No Filtering' or exiting WFC.

Now everything is working again!

As for locking system up to you and SwissBT. WFC/UAC does not affect me in 'Local User' account. I never run in Admin mode anyway.

Thanks,
Robert

 

All right - have a nice sunday everyone!

 

Same to you and Alexandrud. Going to drink now.

Robert

 

@alexandrud

New IP address field Bug:

I have tried to define in WFC rule manager the following TCP address ranges (with activated Override checkbox of course):

Code:

2000::/3,2001:678::/29,2001:7f8::/29

After a "refresh list" in the WFC GUI only remains the first:

2000::/3

This also happens when I create the rule in WFW-As and after doing a refresh in the WFC GUI.

Without CIDR:

2000::-3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff,2001:678::-2001:67f:ffff:ffff:ffff:ffff:ffff:ffff,2001:7f8::-2001:7ff:ffff:ffff:ffff:ffff:ffff:ffff

it's no problem. Also uncompressed:

2000:0000:0000:0000:0000:0000:0000:0000-3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff,2001:0678:0000:0000:0000:0000:0000:0000-2001:067f:ffff:ffff:ffff:ffff:ffff:ffff,2001:07f8:0000:0000:0000:0000:0000:0000-2001:07ff:ffff:ffff:ffff:ffff:ffff:ffff

is no problem (WFW-As makes then an auto-compress).

BugFix to making: WFC MUST accept multiple CIDR entries as WFW-As too!

Thanks,
SwissBIT

 

@alexandrud

Bug [Notification]: "System" is not included in "Any"

My filtering level=Medium
My notifications level=High

I have tried to add a block rule for the following outgoing connection try, so that I no longer get an unnecessary block-notifcation each time:

Base-Notification
-----------------
Program: System
Source: 192.168.1.103 : 137
Remote: 217.110.97.198 : 137
Protocol: UDP

Detailed-Notifcation
--------------------
Name: NT Kernel & System (UDP-Out)
Local ports: 137
Remote ports: 137
Remote IP: 217.110.97.198
Protocol: UDP

So, I have add the following block rule:

Name=NT Kernel & System (UDP-Out) --> Self-explanatory, not important of course!
Program=Any --> I thought "Any" is better in this case, rather than just "System"
Local ports=Any --> I thought "Any" is better in this case, rather than just "137"
Remote ports=137 --> Self-explanatory
Remote address=217.110.97.198 --> Self-explanatory
Protocol=UDP --> Self-explanatory
Service=- --> Self-explanatory

When retested, the notification but still appeared!

Analysis: It turned out that "Any" not really "All" is for notifications. At least "System" is NOT include in "Any"!

So, I change: from Program=Any to Program=System

Retest result: Okay now, no notification!

BugFix: "Any" MUST be really "All" for WFC notification system!

Greetings,
SwissBIT

 

Another request Alexandrud. Could you possibly put in 'Manage Rules' after 'Service' a Description or WhoIs column? That way along with 'Remote Address' a user can input a more recognizable name.

Examples would be:

Remote Address: 50.87.146.202
Whois: Unified Layer (Windows Firewall Control)

Remote Address: 65.52.209.62
Whois: Microsoft Corp

I know that a user can already input this info in the 'Properties' tab under 'Description' but a user has to double click on the 'Name' of the rule to see it.

Thanks,
Robert

 

A new column with extra info can't be added because WFC uses the rules directly from Windows Firewall and I can't extend the rules properties with new fields. Instead, I can do the following:

1. Add a new column in the datagrid with the Description content.
2. I can add a tooltip on the program name to display also the Description.

Personally, I will choose the first one, because in this way, this column can be hidden, depending on the user preferences.

 

I too prefer #1.

Guess it say's it all..." depending on the user preferences"

Thanks again,
Robert

 

@alexandrud

[Correction of my post (because I can no more edit)]:

Not correct, the Language Interface Packs (LPIs) are only available for "Ultimate" and "Enterprise"!

Can you give me an answer to this question, please?

Kind regards,
SwissBIT

 

@alexandrud

Hi, here is a PERSONAL consolidation of open questions/posts ...


[Security]

Can you respond to this report resp. to the received email?

https://www.wilderssecurity.com/showpost.php?p=2260354&postcount=202

Was or is this a serious thing?


[Bug-Reports]

Can you respond to these reports, please:

https://www.wilderssecurity.com/showpost.php?p=2262905&postcount=237

https://www.wilderssecurity.com/showpost.php?p=2263250&postcount=238


[ToDo]

- Event-Logs:
The Event Log for "Filtering Platform Connection" should not be AUTOMATICALLY removed after deinstall WFC. Perhaps the Log was enabled before WFC was installed (for ex in my case)! This shoule be optional (add to the other deinstall-dialogue-questions)!

- Application and Services Logs - WFC:
After deinstallation of WFC, this Log should be removed (at least as option).


[Suggestions]

- Remove "Command Prompt" & "Registry" access:
IMHO makes no sense to offer these opportunities within WFC. On the contrary - this runs as fast what wrong with careless use (especially because admin access course)!


Have a nice week!

Kind regards,
SwissBIT

 

Just a quick update, this worked. As a matter of fact I've been on the road for the past two weeks, and thus booting my laptop more often than usual. Haven't had a any problems with the tray icon.

 

Hi alexandrud (and everyone else),

I have a simple question about how best to configure the firewall using WFC. First, let me say that I am using a Win7 64 machine and I am using it exlusively as a user; there is no networking whatsoever, no remote access of any kind that I want here. Just straight, simple, home user functions.

In my situation, is it best to block all inbound requests (even the "core networking" connections), only ever allowing outbound stuff?

Thanks much,

David Schenk

 

No router? Understanding Windows Firewall links.

http://windows.microsoft.com/en-US/windows7/Understanding-Windows-Firewall-settings

http://dailytips.net76.net/?p=463

"Selecting Block All Incoming Connections does not disconnect your computer from the internet. Even in this mode, you can still use your browser to connect to the internet. Similarly, other outbound connections—whether they're legitimate services or some sort of spyware—continue unabated. If you really want to sever your ties to the outside world, open Network And Sharing Center and disable each network connection. (Alternatively, use brute force: physically disconnect wired network connections and turn off wireless adapters or access points.)"

Personally, I would not block all inbound connections when at home...not sure many do.



Robert

 

Thanks, Robert. Those links, especially the first one, do answer it.

I do have an external router, but it's a fairly basic one, and I like to maintain a few layers of redundancy on most of my security policies. Whenever I'm done with internet access, I actually do unplug the cable from the router, too. I know it seems extreme, but it has never brought me harm.

So I've reset it to block all inbound requests, and everything seems to be working fine. I appreciate the help, so thanks again.

Yours,

David

 

David you should still get this nifty program to control your outbound connections too.

It's only $10 and Alexandrud is attentive to users request/problems. He has been perfecting it for over 2yrs so it has matured. This is a new thread as the old one was getting to large.

Old thread:

https://www.wilderssecurity.com/showthread.php?t=293143

Good luck,
Robert

 

Hi Robert,

Oh, yeah!--I already bought it and love. That's why I posted my question here. The regular GUI on the Windows firewall is almost inscrutable, whereas alexandrud's is a piece of cake.

Yours,

David

 

I agree on all your points!

He is working on a new update that will include a 'Description' column in the 'Manage Rules' so the users can do a Whois lookup and put in a more"friendlier/recognizable" name instead of just 'Remote address' which, let's face it, is just numbers.

I mean Remote address xx.6.6.6 can be Let's infect your compter INC.

Robert