Windows Firewall Control (WFC) by BiniSoft.org

One of my other programs made a change to poll UPNP every 10 seconds resulting in continual Notifications. Responding to the Notifications to Block didn't stop them nor did it add a new rule.

So I went into Manage Rules and changed the rule there to Block, but the Notifications still kept on coming.

I found the reason, I'd Allowed the program for Private only in the beginning (years ago) but now it was attempting to poll using Domain (or Public) and there was no rule created for that by Blocking the Notification.
When I changed the Block rule to include all 3 (Domain. Private & Public) the Notifications stopped.

 

1. Are you able to switch to No Filtering profile ? It goes back to Low Filtering profile or it stays on No Filtering ?
2. Do you use another Windows Firewall controller ?
3. What other security products do you use on this machine ?
4. If you execute wfc.exe with Administrator privileges and change again the profile, does it work ?

1. Check the WFC log why it did not create a new rule. You should see an error logged with the information why it failed to create the new block rule.
2. The notifications system takes into consideration also the Location. The behavior that you have described is correct, except the point 1) regarding the rule which was not created. Which program was this ?

 

Hi, just upgraded to 4.6.2.2 and having a few issues with some software which was behaving normally on 4.6.2.0
I only run this software when my VPN is running and if is not running then BLOCK

OK, I previously had the rules as....
BLOCK TCP on Domain & Private
BLOCK UDP on Domain & Private
ALLOW TCP on Public
ALLOW UDP on Public
This all worked fine and dandy for ages.
Now upgraded to 4.6.2.2 the software keeps putting up notifications every few minutes but for the life of me I can no longer BLOCK UDP or TCP on Domain & Private. I have even tried BLOCK ALL on Domain & Private but still the notifications appear.

I have deleted all the rules for the software now and tried from afresh but I can not split Domain & Private from Public

The only thing that works is BLOCK ALL on Domain & Private & Public or ALLOW ALL on Domain & Private & Public which I dont want.

Anyone else experiencing this sort of behaviour

 

Been playing a bit and found that I can get
BLOCK TCP on Domain & Private
BLOCK UDP on Domain & Private
ALLOW TCP on Public
ALLOW UDP on Public

BUT I have to have this rule first in the manage rules screen
ALLOW ALL on Domain & Private & Public

Now everyting works as it should. I don't know why I have to allow all traffic and then block for next protocol and network connection


**Update**
I have just loaded PaleMoon Browser onto my PC to see if a new piece of software that has never had any rules defined on my PC. I want to only allow PaleMoon to connect to the internet over my VPN works connection.
SO without the VPN running I loaded up PaleMoon and up pops a WFC notification.
I customise it to BLOCK ALL on Domain & Private and then test. Yep it's blocked so I close PaleMoon
I then start up the works Openvpn connection and I loaded up PaleMoon and up pops a WFC notification.
I customise it to ALLOW ALL on Public and then test only to get another WFC notification, then another and then another and no matter what I rule I create I can not stop the notifications.

I then close PaleMoon down and openbed it again and still notification after notification and the notifications only stop when I create a rule ALLOW ALL on Domain & Private & Public however I now have PaleMoon working on every connection Domain & Private & Public.

I then make sure the first rule in Manage Rules is the ALLOW ALL on Domain & Private & Public and it all works as it should. ie PaleMoon blocked on Domain & Private and ALLOW on Public

Strange behaviour

 

EDIT: After some amateur sleuthing I managed to figure out it was a component of "IPsec" that was missing or broken.

A quick reinstall of Win7 appears to have fixed the issue.

So WFC seems to have a dependency on the IPSec component to function fully.

At this time the issue seems to be resolved, Thanks Alex.

 

There was nothing in the log.
The program is networx.exe

 

What means ALLOW ALL exactly (with/without ports for ex.)?
Would be useful to post ALL your PaleMoon rules here: sort it alphabetically and make a screenshot.

The position of rules is not relevant.

Regards
Alpengreis

 

I have tried your scenario with Firefox. Check my rules below. They were defined like yours, the difference is that I am in Domain network, so Domain is switched with Public from your scenario.
I did not receive any new notification and Firefox is fully allowed for the Domain location. Please post your exact rules like I did below.

The rules order has nothing to do with this. Are you sure that when you connect to your VPN you are on Public location ?

Thank you for your updated feedback on this.

Windows Firewall rules are applied per path basis. You can't define a rule for two or more programs. You can define a rule for a specific file or for all files, not just some.

 

When installing, I just chose the 2nd block option... I think it is block and silence future notifications. This created a block across all protocols and all in and out IPs.
Then I went into Scheduled Tasks and disabled the two tasks relating to WPS.

AdGuard, and possibly other apps try to make callouts during installation too (AG tries to contact Akamai for some reason). Just silenced them as well; installation still goes through unhindered.

 

I tried it, but when re-enable WPS allow rules - WPS attempts to connect to so many IPs that it causes WFC to freeze.

Can't use WFC until a solution is found; frozen WFC happens every time with WPS.

WPS network activity overwhelms WFC.

 

And - as I said - WPS is one example only - I had this effect with SOME other programs too.

@alexandrud
You said, you can fix this behaviour ... how is the stand here?

 

If you enable the allow rules for it, then WFC does nothing. If you enable block rules for it, then WFC just skips the notifications. If no rules are created at all, then you may see several notifications. However, this should not freeze WFC. I installed Kingsoft Office on my computer and there no intense network activity. Just a few connect attempt that for sure do not freeze WFC. Please do this test.
1. Disable the notifications system so that WFC will not freeze anymore due to high amount of notification updates.
2. Launch this software.
3. Check the Connections Log. Do you see there hundreds or thousands of blocked outbound connections attempts for WPS ?

What rules have you created for WPS ?

Not yet implemented.

 

WPS upon installation and activation - each of the of the modules - makes an insane amount of connections. The connect log fills up almost completely with WPS connection attempts.

I can reproduce the issue at will.

The issue occurs while installing and activating WPS with WFC already on the system. In other words, when there are no existing firewall rules in Windows Firewall rules for WPS.

The workaround is to install WPS first, activate it, and then install WFC.

 

A better workaround would be to have WFC switched to Low Filtering profile while installing WPS if this software makes so many connections attempts during the installation. Or even better, to disable the notifications system and keep the Medium Filtering profile as the WPS can be installed from an offline installer. Indeed, if WPS creates hundreds of blocked connections per second for the same program, the mechanism that updates the notification dialog with the new details can freeze WFC notification dialog. However, it is strange that WPS connects this way from your computer. When I installed it on my computer, the installer did not connect at all and after I started one of it's modules, a saw a new blocked connection for that module only. That's all. Why it would try to connect so much intense to the Internet on your side, it's beyond my knowledge.

 

Bug Report: The "Outbound and inbound" Customization Option in Notification Dialog Doesn't Work

- I have WFC configured to by default create ONLY Outbound rules for new rules, in Main Panel > Rules
- I get a notification for an application
- I want to customize the rule to ensure outbound and inbound rules for this specific program are created
- Only the Outbound rule gets created:

​

Suggestion: Make WFC's UI Touch Friendly Like the Office 2016 Desktop Applications

Currently WFC's UI is all around built for just mouse and physical keyboard input. In Windows 10's Tablet mode, it's Main Panel and Manage Rules windows just get maximized but remain only mouse/keyboard optimizes. Could you consider making WFC sense when in Tablet/Desktop mode, and shift it's GUI accordingly? No need to compromise on any function, just make the GUI touch friendly. Similar to what the full-fledged Office 2016 Desktop applications automatically do:

- Desktop mode


- Tablet mode


Whenever we get a notification while in Tablet mode, with Windows 10, it's easy to quickly switch to the WFC notification window (thanks to Task View) and decide what to do with it. With a touch friendly notification UI, we'll be able to act on those notifications more easily.​

 

When open WPS it connects to many databases because of all the templates that are now integrated into WPS.

I have tried the methods you outline; they do not work.

As I have stated, the only workaround is to uninstall WFC, install WPS and use each module, then reinstall WFC.

This issue is reproducible at will on my system. Others have reported similar WFC freezes due to hundreds of connections from softs.

It doesn't really matter to me - either you fix it or you don't.

All I know is that there are never-ending changes to WFC - and these changes always seem to break something or introduce new problems.

In the past, WFC worked fine with WPS, but now it doesn't.

 

I will fix this. Thank you for reporting it.

Windows Firewall Control is a desktop application. I also have Windows 8.1 tablet and is pretty easy to use WFC only with touch support. Indeed, it would be nice to have the touch keyboard showing up automatically when you enter a text box control, but:
1. I can always manually launch the touch keyboard because it is next to the system clock.
2. In Windows 10 you can enable the Tablet mode. With this mode enabled, the touch keyboard is automatically triggered every time any text field gets focus, no matter the type of application
Having enhanced touch support for an application that is designed to be a desktop application does not require only a few lines of code to get the job finished. For Microsoft Office there are several teams dedicated for this. For WFC, is just me. This has low priority.

Uninstalling WFC makes no sense to me. It can be closed if this causes problems while configuring WPS. Anyway, disabling the notifications system while configuring WPS will prevent the freeze of WFC. I will try again with this software to see if I can catch this problem.
LATER EDIT:
I just reinstalled WPS and it generated 118 blocked connections in 15 minutes since I installed it and playing around with different modules. These are not much at all. I have more blocked connections for svchost.exe in 15 minutes. I had Medium Filtering profile enabled and Medium notification level. I did not answer to any notification in this time and each entry from the notification dialog was updated based on the newest entry. It did not freeze WFC at all. After I allowed WPS Presentation, I was able to browse online templates.

 

Yes, I personally use no more the medium filtering while install programs to avoid problems. LOW while installing is no so secure as Medium, of course - on the other side, maybe after a notification and Allow (if necessary), it could be already too late for a correct installation.
The second workaround with temporarely disable the Notification System avoids the frozen WFC BUT I do not like it, because I wouldn't be sure that the installation is really correctly with "all" the blocked connections.

So, at least till this behaviour is fixed (I'm not sure, if this can be fixed at all) in WFC, I personally find the temporarely set the FIltering Level to Low is the better workaround!

Then to problem of the "endless" connection tries:

1) We should not be so fixed to WPS. As I said, WPS is an example only. I had SOME other programs with this behaviour too. Also, I assume, this is not direct related to a program itself anyway - it's highly probaly related to the INSTALLER (or a part of the installer) of a program!

2) I saw that in such a case is not the number of identical connection tries is the problem. The problem is that the installer after a blocked connectien tries with a changed port and/or IP or something like that - to be successful. Alexandru (maybe others too) knows this "effect" already (highly probably).

I assume it's not so easy to fix, without breaking the logic of the WFC Notification System.

Overall: for the moment we have to live with the problem or use a workaround.

Enjoys the (rest) weekend, ALL!

 

Windows Firewall Control v.4.6.2.4

Change log:
- Improved: There are updaters which use a .tmp file to update their installations. From WFC is now possible to create firewall rules for *.tmp files.
- Improved: The update dialog which is displayed when a new version of WFC is available can't be moved and if the taskbar is set to auto hide, the dialog is displayed out of the screen. The update dialog can be moved now by the user.
- Improved: The authorized groups list height is not fixed anymore and will expand with the window size so that the user can see more entries in the list.
- Improved: Added support for "@" keyword in the authorized groups. If this keyword is added as an authorized group name, Windows 10 rules with @{} names will not be deleted anymore by the Secure Rules feature.
- Fixed: Setting the direction to "Outbound and inbound" when editing a the details of a new rule in the notification dialog does not create the inbound rule.

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 6011aa5112ba1821bc5c217cc8dc1db4c732b22d

Have a great new week,
Alexandru

 

@Alexandru
Awesome, thank you very much!

@all
After I had reported Alexandru some details about the @ INBOUND rules for Microsoft Apps (they ARE IMHO necessary to ensure that the MS Apps work correctly (in all things)), he decided to implement the "@" keyword, because it's necessary in combination with activated Secure Rules and @ Inbound rules for Microsoft Apps.

Because this is a bit (too) technical, I decide to not write the details here in the forum.

However: we have this function now which is GREAT

 

Sure, so long as it's something you're considering, take you time on it. If you could use any assistance, I do have an extensive background knowledge in programming in C++/Visual Basic.

 

Suggestion for WFC Connection Log

Normally in WFC: green = allowed, red = blocked.

This could (should) be the same in the Connection Log.

 

Bug Report WFC Connection Log

In Rule Manager the SEARCH field is cleared after switch to other view and back. This is NOT the case for the search field in Connection Log.

Exactly steps to reproduce:

1) Type something in the search field in Connection Log
2) Switch to Rule Manager
3) Switch back to Connection Log

Result: the search field is still active instead cleared.

PS: The word BUG is because it's not logical to have different behaviour for search field in different views.

 

I just noticed that the items from Connections Log are always green. They should have been grey like in the "New Rules Wizard" view. I will update the color converter.

In Manage Rules, the search text is cleared because the rules are reloaded when the view is activated. You can add new rules while you are in Connections Log and it makes sense to reload all the rules to see the new ones too.
In Connections Log, the reload is not made automatically and the results of a search can remain in place. Especially when you use Jump to rules and want to go back to Connections Log.
In my opinion this is not a bug and it works as intended.

 

I've used WFC on and off for a few years, largely successfully. However on trying it recently on Win 10x64 have had real issues.

Around a month ago I tried to install it and the GUI was entirely unresponsive and network access lost. The service and main executable seemed to be running but the GUI would not launch. On trying to uninstall the uninstaller would not launch either. I always image before installing so a quick roll-back sorted me out.

I noticed a new version in this thread and decided to try again yesterday. All was well other than annoying delay in internet availability at start up but then I get that with Advanced Settings used in the naked WF at times as well. I understand it to be a general rather than WFC issue.

However, this morning the GUI has become unresponsive again, double/right-clicking the tray icon elicits no response. Using the short-cut or launching directly from the programme directory similarly result in nothing. Again the service appears to be running along with the main executable but I have no control over the application. Trying to uninstall via Programmes and Features doesn't work either as the uninstaller does not launch. At least this time I have network access so can live with it for a short time to try to find a solution.

I can't see anything in Windows event viewer and I only have HMP A running alongside it for security at present. I've never had any other firewall or controller installed on this machine.

Is this a known issue or does anyone have any suggestions for resolution?

Thanks