Windows Firewall Control (WFC) by BiniSoft.org

The default rules set from Windows Firewall is good enough. Just enable outbound filtering by switching to Medium Filtering profile in WFC. From now on, you just have to create a few rules to allow the programs that you want to connect. How many programs do you use that need internet access ? You can set up a few rules quickly and even tweak them. That's all. For a start, I think that creating generic rules to allow a specific executable file, without bothering about ports, addresses, protocols, etc, will be enough.

Ok. I have installed this web browser and started to use it. WFC displayed 2 notifications for it.

One for:

And WFC was able to create the corresponding rule.

And one for:

And WFC was not able to create a rule for this one. Why ? Because of the path. It contains the character ~ which is not accepted by Windows Firewall API. Also, this ~temp folder is hidden. I don't know why but it is very strange to have this kind of path and a hidden location for an executable.

I have tried to add a rule manually from WFwAS for this path and it does not allow it. So, this is a Windows Firewall related problem not something related to WFC. If I move the file sleipnir_engine_cv.exe to a different folder I can create a rule for it, but it is called from the original location, so this rule does not help.

What you can do ? Send them an email and ask them to use a normal path for their executable in a non hidden folder. My advise is to use a different web browser.

 

About Sleipnir Browser. It works fine on my PC #2 which does NOT have WFC4 installed. (also Win7x64)

 

I agree with you, but on the second PC did you enable outbound filtering for Windows Firewall (manually from CMD or automatically from WFC) ? If not, then all programs have full outbound access and all programs can connect at their will, including this browser.

WFC has nothing to do with your problem. It is just a front end for Windows Firewall, which by itself (WFC), does not block or allow any software.

 

@AaLF

Eventually (not tested), the solution could be a sym-link (symbolic-link) without the "~"-sign within a non-hidden directory.

For easy use of such links (and other link-types) you could use the freeware LSE (Link Shell Extension) with URL ...

http://schinagl.priv.at/nt/hardlinkshellext/hardlinkshellext.html

1. Make a new directory, for example with name "Sleipnir_Engine", take the original file "sleipnir_engine_cv.exe" as source-file and drop a sym-link to this new directory.

2. Make a Firewall Rule for this new sym-link.

3. Try it ...

Greetings,
Alpengreis

 

"Notifications System is incompatible with BoxCryptor and TrueCrypt software."

What happens if you have TrueCrypt installed?

 

Read here for an explanation from Alexandru

https://www.wilderssecurity.com/showpost.php?p=2221207&postcount=1681

 

I think i have found a bug.

The feature "Disable the ability of other programs to add firewall rules" doesn t work for Counter Strike Global Offensive (the last one) game.

So if Steam updates it or if i check the integrity of the game(game being refreshed) new rules for TCP and UDP Inbound are created in the Firewall ,the same as not using your WFC.

This is one of the reasons i installed your software ,to get rid of this stupidity the Windows firewall has ,to create automatically Inbound rules for applications without asking (being set to ask).I would have appreciated Outbound rules to be by Windows firewall created this way ,but ... why would not Microsoft annoy people with incomplete features
While Metro 2033 was blocked to create this rules using your software ,CS GO is stubborn it seems.

It doesn t really need this rules and TCP Inbound is really unnecessary.
The ruleset was already containing this 2 CS GO rules for inbound as being disabled ,from prior to install WFC ,but Steam or whatever created them made them anyway.

 

Windows Firewall Control v.4.0.4.4 - New Version

What's new:
- Fixed: Duplicate notifications are displayed even if there is a a block rule set to a specific protocol but custom remote ports or remote addresses are not defined.
- Fixed: The option regarding the incoming connections, named "Block all connections including apps on the list of allowed apps", which is accessible only from WFwAS, resets to "Block all connections to apps that are not on the list of allowed apps" when the user changes the Profiles in Windows Firewall Control.
- Fixed: When creating a rule through Shell Integration, the result dialog is not displayed in the bottom right corner of the screen.
- Fixed: When creating a rule through Shell Integration, the validation does not work and if the user chooses the same file multiple times, multiple rules are created. Now, if a rule was created through Shell Integration, the user can not create duplicates through this mechanism.
- Improved: New logging points were added in the software for debugging purposes.
- Improved: Code cleanup. Some parts of the code were simplified to improve the performance.

Installation notes: Just use the updater to update to the new version. That's all. There are no new translation strings.

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: b43962e44ef7f5838cdd8628db78d4c2b8a7415a

Thank you for your support and your feedback.
Alexandru

 

Is this one fixing my problem too or you are still looking into it ?!
Or blocking duplication will also help with the issue ?!

 

@alexandrud

Are you sure about the incompatibility with TrueCrypt (Container)?

In encrypted state, then it's of course not possible to make a rule ... but in MOUNTED state, the path is no more encrypted ...

Example:

- An encrypted container exist on drive J: in path "CryptedContainer" with name "Container1.dat" ...

- With TrueCrypt mount command, a new drive letter O: is defined ...

truecrypt.exe /q /v J:\CryptedContainer\Container1.dat /lo

- Now, the new drive O: is accessible as a "normal" drive. An exist program on this drive can added in Windows Firewall resp WFC with path ...

"O:\example.exe"

Why should be this not possible on this way?

Greetings and have a nice weekend!

PS: A "negative" side-effect would be, that after dismount, such rules would be invalid until next mount ... but this should be not a real problem.

 

I noticed a nice improvement in memory usage, so I decided to donate.

So far, I am enjoying Windows Firewall Control.

 

We don't have this game to test it. But if connect to play it online, then inbound connections are required as well as outbound connections. Try to modify the inbound allow rules that CS creates to inbound block and see if they are recreated again. If not, this may be a solution.

As you already described, after you restart your computer, all rules that you define for the mounted drive must be recreated. The problem is actually with Windows Firewall but this becomes also a problem with WFC. If it doesn't bother you to do this, then it is ok. The idea is that there is no solution to the need of recreating the rules.

 

Awesome updates! Love the new partial policy backup feature. Would you have the time to implement this long "Domain Management" function I suggested earlier? That's the only function that keeps me thinking about AVG's firewall.

 

I think that this approach will add a lot of complexity to the WFC. The aim of WFC is to keep things simple. With all these new options, new concepts will be introduced and will confuse the users. I will think about it.

 

Windows Firewall Control v.4.0.4.6 - Quick fix

What's new:
- Fixed: The full program path is not displayed in the notification dialog when the user hovers the moue over the icon of the program that was blocked.
- Fixed: When creating a new rule from Shell Integration the result dialog indicates that a rule can't be created even if it is created.
- Fixed: When creating a rule From Shell Extension, if the Manage Rules window is open, the rules list does not refresh automatically.

Installation notes: Just use the updater to update to the new version. That's all. There are no new translation strings.

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 946bcc16d85bea6f88e046cfc4c3050c1d892f41

Thank you for your support and your feedback.
Alexandru

 

Is it normal for windows explorer and notepad to want internet access?

 

I meant "invalid" until is mounted again.

Such rules stay in "invalid/inactive" state only. But they will not even deleted automatically.

So there is no need to recreate such rules.

After remounting, the rules should become an "valid/active" state (if the mounted drive letter not change of course - but this can be self defined (with always the same drive letter)).

Greetings,
Alpengreis

 

Notepad - I don't know. For Windows Explorer, I believe it's normal.

However: such outgoing connections have NOTHING to do with WFC!

Greetings,
Alpengreis

 

It seems that version 4.0.4.4 fixed the stupid inbound rules.

No ,the TCP inbound is not needed ,unless i am hosting a server ,which i don t.

I have also observed last time that inbound rules for metro 2033 (from withing Steam) appeared after PC restart or something ,i mean i did not see them neither in manage rules neither in the firewall itself until next day ,when turning on pc they were there
Now ,with version 4.0.4.4 seems to not be generated at all ,as per option job.

So somehow you ve fixed a bug in that version directly or indirectly.

Nice job, i ll install latest after some more usage of this one.

 

Well the only time I get alerts is when I use WFC so I wanted to make sure it's normal

 

No it s not ,in my point of view ,yes it may require connection to some certificates links or something ,but it is really no need to keep oubound On for Explorer.exe ,for the outside world or even for your own LAN ,if the firewall allows you to block it.

 

Here's the alerts, anytime I open explorer or notepad I get the alerts unless I allow them

http://imgur.com/a/WBHQe

 

The question was not whether it makes sense to permanently establish such a rule.

Greetings,
Alpengreis

 

Without WFC, no notifications - WITH WFC, you have notifications ... (unless you have another notification-system) ...

One again: connections have nothing to do with WFC!

WFC is a GUI for the Windows Firewall, that's all! WFC does not initiate any outbound connections. You can make a manual update check for new WFC version, nothing else.

Greetings,
Alpengreis

 

Each time? That's indeed a bit strange ... no idea about the reason. Normal or not, I don't know. I had also outgoing connection(s?) with Win Explorer (I have no details about the IP(s) or so), but not yet with Notepad.

You can make a "WHOIS" for the related IP for more details.

But the reason is NOT WFC.

Greetings,
Alpengreis