Windows Firewall Control (WFC) by BiniSoft.org

IMHO (unfortunately) this isn't makeable because wildcards are not possible by Windows Firewall design.

 

@alexandrud I'm in the process of finishing the setup of my old 2008 HP Laptop on Windows 8.1.1 (for a relative in need of a Laptop). During this process, WFC alerted that the Windows service "wwahost.exe" was making connections to the IP address 23.62.97.65:80. According to the configuration of your "WFC-Akamai Technologies" recommended rule for the Windows serve "svchost.exe", that IP should be blocked. Is that right? Should it be blocked from ALL Windows services?

BTW, the manufacturer software, HP Support Assistant, was making loads of connections to that IP using 31 different files...starting to think I should uninstall it for privacy reasons. Anyone have any thoughts on this?

 

It could be made possible by WFC allowing * wildcards during creation and then converting the wildcard rule to use ranges instead when sending them to Windows Firewall, and then do the same in reverse (ie. WFC would parse them after getting them from Firewall, and convert into using * wildcards where possible/appropriate).

 

Same here, one of the machines I run is from HP. First thing I did after seeing all the stuff they put on after buying it was to wipe it with DBAN, partition it with Gparted and then put the OS of choice on it. The drivers on the HP page are easy to get and kept updated, though I only put the drivers for the hardware I use, for example leaving the webcam driver and several others not installed. Also I am not using any of the software they have on the drivers page, not worth it and I find now it runs smooth as ... and my impression is also much more stable if not 100% stable.

Back to WFC4, can this be used as a replacement for Comodo Firewall? (Note I am only using the Firewall part, not CIS).

I like the HIPS and all, but I think I could leave it when running Panda alongside Sandboxie and UAC set to max, no?

CFW is good but if there is a native firewall that can, with the help of WFC4 achieve the same set of rules and security I would like to give it a go. What are other people's experiences with this?

Can M$ be trusted with its native firewall? Do you think there are hidden things in it that might allow secret access and such? Perhaps government induced pressure etc? (Just asking, not that paranoid, just looking for people's experiences with Windows Firewall boosted by Firewall Control 4)

Thank you.

 

Alrighty, uninstalled. I mainly installed it for the sake of getting driver updates from HP for the old guy (which came with Vista), especially the WebCam, which doesn't seem to be working in Windows 8 as of now. So far haven't seen any update, and I doubt I'll be seeing any for Windows 8...I'll just keep an eye on the product page.

In short, yes it can.

I used to use Comodo Firewall due to it being free and that it had a GUI for quickly creating new firewall rules the moment the program demands a connection. I then discovered AVG Internet Security had something similar, but was also an all-in-one security solution (which Comodo Firewall wasn't at that time) AND had a malicious website blocking feature (not sure if Comodo even has this today). Finally, I discovered Windows Firewall Control. As Microsoft Security Essentials had been out already, I decided it's time to ditch those system-hogging third party security software. From there on, I use the native Windows Firewall and MSE (now built-into Windows 8 as Widows Defender) as my main security software. To compensate for AVG's website blocking feature, I use Malwarebytes Anti-Malware Pro (with the real-time scanner disabled).

As for Microsoft being trustworthy when it comes to the firewall, I trust it for blocking none-NSA connections as much as I trust any none-US firewall developer. For blocking NSA connections though, I doubt ANY firewall will be of any use when the OS is still Windows :| Unfortunately, all these US giants are in bed with that official spyware.

 

Brand new to the Windows Firewall Control software and think I have it about figured out. However I ran into an issue today when installing a VPN.

I installed privateinternetaccess vpn service and once I install it and activate it I constantly get pop up for these two services in windows 8.1. When I accept the rule it just keeps popping up consistently until I disconnect or turn off firewall rules.

http://prntscr.com/3zx65z and http://prntscr.com/3zx69d

How can I fix this so when I am using the VPN I can still be protected by firewall rules? and stop the popups?

 

Yes, that would be a possible and really smart way

 

The only HP program I've allowed is HP SoftPaq Download Manager. It's like an on-demand Windows Update for HP software, drivers and BIOS. The easiest way to check for HP updates
http://www8.hp.com/us/en/ads/clientmanagement/drivers-bios.html

 

Hmm, did you by any chance set the notification level (at Main Panel > Notifications) to "High"? If so, that is the reason why you get notifications for those blocked system connections generated by the connection attempts of "svchost.exe" and "System". I would recommend setting it to medium, so that you get alerts for every blocked connection attempts generated by other programs except those 2.

Interesting, gonna give it a shot

 

^This is what I'm meaning. Basically an abstraction layer that converts the equivalent of what a wildcard would be.

 

Can you add an option (eg. "Block All on startup/shutdown") which, when enabled, will store the current filtering level and automatically set it to "High Filtering" on shutdown, and on start, switch back to stored filtering level.

This is to solve the problem that @Sm3K3R highlighted here, by blocking all traffic on boot (and shutdown)

 

Not sure if this is a bug, but when using Zoom Player Pro 9.1 with the option "Prefs->System->Enable External TCP Control (port)" enabled, I get a "Windows Firewall has blocked some features of this app" alert dialog when ZP is started. Should I still get Windows Firewall alert dialogs when using WFC ?

Also, the first time I noticed this the WFC tray icon stopped working (ie.tooltip and context menu would not display). Terminating WFC from task manager and restarting solved the problem. On 2nd attempt I did not have this tray icon problem.

 

NOTE: no rule exists for ZP. After creating the relevant rule, I no longer get the dialog.

 

Very strange, a couple of days in a row the Appguard rules were added, but now already 2 days they ain't.

My Guess (Just a speculative guess) is that when WFC starts before Appguard (or any other program) it can block the firewall rules, but now the question is, how to test that ?

 

I will add a new column for this and make the duplicates work correctly for these kind of rules.

A new entry for creating a blank rule will be added. The second thing must be analyzed more.

1. You can switch easy with Shift + 1 (Manage Rules) and Shift + 2 (Connections Log). I will try to add also Ctrl+Shift.Tab.
2. This is not supported by Windows Firewall so it can't be added.
3. This can be a very long task depending on the size of the log. It is better to leave it manually.
4. The same answer as at point 3. The Connections Log was not intended to be a live connections log.

I will fix these.

Not possible because many conversions will be required and the result will be only for displaying purposes.

This is an idea. But if WFC will not run, then your connection to the network will be disabled until WFC startup.

WFC displays notifications for outbound blocked connections. Windows Firewall displays notifications for inbound blocked connections for digitally signed programs. These are different notifications with different meaning.

 

Bug-Report

[Notify-System] The notification system does no more work correctly.

I made a restore of the default Win FW Setting. Now -WITH Notify-Level = HIGH (and Profile Medium) - I don't receive a notify for Win Updates (svchost). This seems also the case for other svchost blocked things.

Edit: ev. this is also the case for SYSTEM (I haven't checked (yet))?

Greeting
Alpengreis

EDIT: I know of course, I can restore to the WFC recommended rules for no problems with Win UPD - but this is not the question here - the question is: why do I not receive notifications for svchost with HIGH-Level Notify setting and Medium policy?[/S]

EDIT2: I believe it was an local problem with my settings, SORRY!

EDIT3: No, it wasn't a local setting problem - no notify for Win-UPD svchost, if there no allow-rule ... why?

 

Couldn't you just allow * wildcard for creation, but don't bother converting it back to * wildcard when viewing rules. This should be relatively simple to do (ie. first validate that IP address with * is valid address and then if * detected in IP address, just create a range using the same IP address, but replacing the * with a 0 for start of range, and 255 for end of range). Another minor usability feature that educes typing for the user.

Just put some text below the option explaining that this coud happen. If the user has the start WFC with Windows option disabled, you could also maybe display an alert dialog informing them that next time they boot they will have no Internet connectivity until they either start WFC or disable Windows Firewall.

The gains (ie. much more secure system on boot) far outweigh the downsides, IMO.

 

But for input only, you can take the CIDR notation - an example:

192.168.1.0-192.168.1.255 = 192.168.1.0/24

Only 3 chars more than 192.168.1.*

But IF, it would be enough to make a wildchar valid only in the last segment of the IP. And don't forget the syntax for IPv6 IPs (should probably be exempt maybe).

Ok, if the implementation for Wildchars is an easy thing for Alexandru, it's of course ok.

For me personally, the CIDR notation is enough comfortable.

Greetings
Alpengreis

 

Interesting, didn't know this (regarding digitally signed programs). So does this mean non-signed programs don't pop an alert, and just get rejected silently?

I'm not sure why, but programs are somehow still able to set their own rules, even though I've disabled such from happening in WFC. Some recent culprits are Teamviewer, Visual Studio 2013, uTorrent, VMware, IntelliJ IDEA, Team Fortress 2, Battle.net, etc.

How come WFC isn't automatically removing these? Is it because I'm working from an administrator account?

 

Bug Report

[Apply or Change PREDEFINED WFWAs rule blocks sharing functionality]

At least with the following rule is this the case (Win 7 Prof. 64 bit, de_CH):

- de_CH ...
Name = Datei- und Druckerfreigabe (SMB ausgehend)
Group = Datei- und Druckerfreigabe (File and Printer Sharing)
Program = System
Location = Private
Enabled = Yes
Action = Allow
Direction = Outbound
Remote addresses = Lokales Subnetz (LocalSubnet)
Remote ports = 445
Protocol = TCP
Interface types = All

- en_US (self translated) ...
Name = File and Printer Sharing (SMB outgoing)
Group = File and Printer Sharing
Program = System
Location = Private
Enabled = Yes
Action = Allow
Direction = Outbound
Remote addresses = LocalSubnet
Remote ports = 445
Protocol = TCP
Interface types = All

Of course, I had enabled the Sharing for the Private Profile already.

It's enough to open this rule with WFC and press "Apply" (changes anyway), the network sharing is restricted after! This means, if I open the "Network" shortcut, I recieve a yellow marked failure line in this window. Also, I can't reenable the sharing - this means: click on the failure message with admin-rights does not reenable; manually reenable in the relevate setting don't go; and last but not least, a try with disable/enable the rule direct within WFWAs fails).

The only way, to fix this is then: I MUST reset the WFWAs policy!

Within WFWAs GUI itself, I haven't such behaviour. For example, I can change something (set to LAN only and back), and it work's further!

I cannot say, WHY is this behaviour. Even if I compare the rule before and after with netsh, I don't see any changes! It must be something other: hidden, internal, changes in the "background", or whatever ...

I hope, you can determine this mystic behaviour!

Alpengreis

 

Bug Report

[WFC does not take the regional Group Names for predefined rules]

On my Win 7 Pro 64 bit de_CH system, predefined rules have german labeled names for most groups. For example:

"Datei- und Druckerfreigabe" for "File and Printer Sharing"
"Heimnetzgruppe" for "HomeGroup"

This means: If I take an original WFWAs policy, then in WFWAs GUI I have the german names, but in WFC I have the english names.

If I open such a rule in WFC and press "Apply" (after make a change), the english name is taken - also for WFCAs GUI!

Then the "chaos" is perfect. Mixed english and german labeled group names, this also in the "Allowed Programs" Window ("Systemsteuerung, Alle Systemsteuerungselemente, Windows-Firewall, Zugelassene Programme)!

So, WFC should respect the regional language settings to avoid such (and other?) problems!

Alpengreis

 

Question: Does the "Control Panel > Internet Options" apply to the explorer.exe process?
I just checked my connection logs history, and I noticed that Windows Explorer today has been making loads of connections to various IP addresses (as shown in the attached screen snipes).



After doing some research, I came across this Comodo Forum thread with some user stating that those connections are generated by explorer.exe verifying digital certificates and they can be controlled by playing with the following Internet Options > Advanced options:

- Check for Publishers...
- Check for server...
- Check for Signatures...​

Can anyone confirm this? Does the "Control Panel > Internet Options" also apply to the explorer.exe process? I used to think that was just for internet browsers For now, I've just created the following allow rule for the explorer.exe process:

Program: C:\windows\explorer.exe
Name: Windows Explorer (explorer.exe)
Group: Windows Firewall Control
Description: Outbound rule to allow Windows Explorer (explorer.exe)
Location: Domain, Private, Public
Protocol: Any
Local addresses: Any
Remote addresses: LocalSubnet
Service: Any
Direction: Outbound
Interface types: All interface types​

Suggestion: Add a rule like the above one to your recommended rules list
Perhaps with remote addresses of known and trusted signature verification servers...

Suggestion: Add an Option in the Main Panel for Backing-up the WFC Settings
As more and more extra-ordinary settings are being added to this amazing program, it calls for a method for backing-up such settings.

Suggestion: Add the "Open file location", "Check this file", "Start a WHOIS query" & "Verify this IP address" commands to the Connections Log context menu
Just like you did for the Manage Rules context menu.

 

Hi, just a question is this correct ? Shouldn't be the other way around ?? So Local is LocalSubnet and Remote is any ?

 

Correct me if I'm wrong, but to my understanding, local is referring just to the local area network (other devices on your network), whereas remote is referring to internet devices/servers. I set the local to any 'cause I still want to be able to see other devices on my network and I want other devices on the network to be able to see my PC, for the sake of having access to shared folders and a network drive.