Windows Firewall Control (WFC) by BiniSoft.org

I have a issue with 4.4.2.1: When I edit a rule and put LocalSubnet in the the field for local IP, this will not be safed. I not receive an error, it just not be safed. Anyone else with this? IP is working.

 

I just installed this software and it works on my computer and the notification below is displayed on my Windows 8.1 x64 machine when I launch this software. It seems that I miss something. Please export a full policy and send it to support@binisoft.org to check it. Also, please send some connections that you see in Connections Log for which the notifications are not displayed.

Please export your full policy and send it to me on support@binisoft.org. Don't delete any rule. Also, please send me some blocked connections from your Connections Log that you know that they should generate new notifications based on your rules set. I will use your set of rules and I will create some connections (from code) based on your input and I will take a look at this problem in debug mode. With my setup I can't recreate this scenario, unfortunately.

I will find the culprit and provide a solution. Thank you for your help.

LocalSubnet is a valid input only for remote IP addresses. I will update the validation rule to detect this as a wrong input for local IP addresses. Thank you for reporting this.

 

Done, thank you for YOUR help! I'm very sure, you find the culprit!

Have a great week all!

 

Already sent you now a mail, thx for your help!

 

Hello all. I have found the problem with the missing notifications, there is a problem, but the problem was in the old implementation.

--- OLD ALGORITHM ---

With the old implementation of the notification system, when a connection is blocked, the notification system works like this:

1. It checks against all existing block rules for the same path. If there is a block rule which denies the local port, remote port, remote address or protocol, then the notification is not displayed.

2. It checks against all existing allow rules for the same path for the same criteria. If there is an allow rule that matches the blocked connection, then a new notification is not displayed. This step is for compatibility purposes because other programs may block a connection, not only Windows Firewall, but all this activity is logged in the Security log.

But the problem with this implementation is that generic rules that apply to all programs are not taken into consideration. This implementation checks only the rules defined for the same path.

This means that you can define a block all rule for a specific remote port and when you launch a program that uses that remote port, the notification system does not check against this generic rule and displays a new notification. Which is not correct.

--- NEW ALGORITHM ---

In the new algorithm introduced in version 4.4.2.1 I have also added at step 1 and 2 all existing rules for the same path and ALL EXISTING RULES DEFINED FOR ALL PROGRAMS.

Now, when WFC is searching for matching rules it will check also against the generic rules to avoid the red problem. For this reason, a lot more rules will match the search criteria. Especially generic allow rules which should be avoided.

So, to cut the story short:

--- NEW VERSION ---

I have added a new check box in the Notifications tab. Check the screenshot below.



A) When this check box is checked, the new algorithm is used. This is the correct algorithm that should be used. This will reduce the number of notifications because more rules will match the search criteria. Some notifications will not appear because of the generic allow rules that apply to all programs. You should consider removing such rules and replace them with specific rules for specific programs. If you are forced to define an allow rule for all programs, make sure you customize it for specific ports, IP addresses, etc. Do not create generic allow all rules for all programs, because in this scenario, any phone home software will be able to connect to the Internet. This is not desirable.

B) When this check box is unchecked, the old algorithm is used. It will work like it worked in version 4.4.1.1. But keep in mind this has some limitations, generic rules are not taken into consideration and some unwanted notifications may be displayed.

But the new thing is that I managed to add support for checking for the LOCATION of a rule. Now, WFC checks against local port, remote port, remote address, protocol and location. Now, we can define new rules for Public location and still get notifications in Private location.

Please download version 4.4.2.2 from the URL below and let me know if this works for you.

http://binisoft.org/download/beta/wfc4setup.exe

Please share your feedback. If everything works fine for you too, I will make this public.

Thank you for your continuos support.
Alexandru

 

Yes, without activate the new option, it works!

PS: I have sent you an email about the generic rules ...

PPS: After few tests, the new recognition seems to be also correct. I had activated the new enhanced mode and received correct a notification for ICMPv4 (because the block rules are defined only for non-private locations) ...

 

This is somehow difficult. I would like to know, if a connection is blocked, this is the main reason, I use WFC. For me it's equal, through Win Firewall or another program.

With this check (if it's positive), the user means, "I receive no notification, all is okay", which this is NOT the case.

Would it possible to deactivate this check FOR ALLOW RULES - at least as option?

We should not forget, that the notification part is probably the most important part of WFC for many users, more important than the GUI itself. It's important, that it's ensured (as much as possible), that a user know, if a connection is blocked, even it's not through Win Firewall itself, but at least it's in the Win Firewall Log ...

With the possibility to deactivate this check, it would be even ensured, that with filter profile low a notification is generated ... so the user would be alarmed about the blocked connection.

An idea would be: integrating this in the notification level - for ex.:
[ ] Show all notifications from Windows Firewall log, regardless if generated through Windows Firewall or not

...

 

Hello Alexandru! Thx for your mail and your help - it works now perfectly for me with the new version 4.4.2.2 and the new enhanced mode!

 

Seems to me if the notification option was moved to the rule level, the user could do whatever they wanted. The default could be on for blocked and off for allow but override able by the user.

 

I was having the same issue of no popup notifications. After updating to v4.4.2.2 and checking the enhanced mode box everything is working fine. Thank you for this small yet powerful program.

 

Please explain this more. I'm afraid that I don't understand your statement. The notifications were always dependent on the existing rules.

 

Hello Alexandru
With this new version works me everything correctly, notifications advanced mode or normal mode

When it appropriate update file language to Spanish

thank you very much

 

I was referring to the above request:

This is somehow difficult. I would like to know, if a connection is blocked, this is the main reason, I use WFC. For me it's equal, through Win Firewall or another program.
With this check (if it's positive), the user means, "I receive no notification, all is okay", which this is NOT the case.

The option would apply to an existing rule. It would display that the connection was allowed or blocked depending on the existing rule but do nothing more. If the option is set off, then the default behavior would apply.

 

I just donated and signed up - thanks for a great tool. Looking forward to being part of taking this forward to beat all those "free" firewalls out there........

 

I also donated and installed WFC.

However I thought by default, all outbound svchost.exe traffic was allowed. Why are these connections being blocked then?

 

See my answer here

 

Windows Firewall Control v.4.4.2.4 - New version

What's new:
- New: Added the possibility to choose between the normal mode and the new enhanced mode of the notification system. The new enhanced mode will take into consideration also the generic rules which apply to all programs. The new setting is available in the Notifications tab from the Main Panel window.
- New: The notification system takes into consideration also the Location. The notification system checks for matching rules based on the following properties: local port, remote port, remote address, protocol and location.
- New: Added a new link button named "View change log" in the update dialog so that the user can open quickly and check what's new before updating to the new version.

New translation string
213 = Use enhanced mode when deciding to display a new notification
608 = View change log

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 7e1be0857bf54378bc3b3738ca2e71a08a576545

Thank you for your feedback and for your contribution to this project.
Alexandru

 

Thanks. The only one I question is the VeriSign dial-out. Is that one not for certificate checking/updating?

 

That's great, WELL DONE! It works now again as wished!

For SUCH a good project, which is one of the most important software on my system, is this not a problem!

Alpengreis

 

Idea to make more clear the new Option (for new users):

It would be good to have an explanation string there, for ex.:

OLD: Use enhanced mode when deciding to display a new notification

NEW: Enhanced notification mode: Generic rules (Program = Any) are recognized when deciding to display a new notification (it's possible, that not all blocked connections generating a notify)

... or something like that ...

I have this already implemented in the german language file (not yet published, but soon (look on binisoft.org)).

Alpengreis

 

Sorry to be dumb but which will give more alerts, enhanced on or off....I want to be alerted to everything.

 

Then it's better to leave the new option unchecked. The side-effect is: you could receive some undesired notifications ...

 

Okay, thanks for clearing that up.

 

Ohhhh, new version/versions... looks like this time I gotta' read up before upgrading... thanks Mr Developer!

 

I am afraid I do not understand this new feature. I use Medium Filtering with Medium Notifications.
What are the pros and cons when setting "Use enhanced mode..." active?
What are the pros and cons when leaving the checkbox for "Use enhanced mode..." empty?

What is a generic rule? The "System"-rules?
Can I have some examples please?

Thank you for your help.