Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    [... snip ...]
    YESSS!! This was important! Very good news :thumb:
    And this is very good too!
    Had reported this long time ago (then it was "normal" behaviour) - now you have a fix, wow, great!
    Also important!

    [... snip ...]

    Also the other points are good! Thank you VERY much, well done!

    PS: DE-Translation is in work ...
    PPS: DE-Translation is finished and sent to Binisoft.org ...
     
    Last edited: Jun 21, 2016
  2. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,792
    Location:
    .
    Do you have someone to translate strings to Spanish on a regular basis? I could do that if you like, every time you release a new version of course.
     
  3. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @alexandrud

    One thing yet: at least because the binary can't be downloaded with a SSL (https) connection and SHA-1 is no more recommended, it would be senseful to add a Hash > SHA-1 from now.

    All serious sources change to SHA-2 or even SHA-3 (recommended is already SHA-3 but it seems rarely IRL), so WFC as GUI for WFWas should make this without a doubt too.

    So the current SHA256 Hash for v4.8.0.0 is:
    93ba278921d6fb98de8cb28985777db8b5aebb024547fa10c72a7edfd2e45085

    And the current SHA384 Hash for v4.8.0.0 is:
    cf914871318716ecad60431be94e4e1de3e569ba21816a46853cad223bb39bde8621d116f09da582df40ebe69fee442b

    It make not really sense to make this on binisoft.org too, because it's the same server where the binary is, but here in forum it would be well definitely!
     
  4. mike83

    mike83 Registered Member

    Joined:
    Mar 9, 2016
    Posts:
    35
    What would be the best way to prevent access to WFC user interface from a specific end user account (e.g. a "Visitor" account)?
     
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Use the lock feature to lock WFC and also to restrict the access to the integrated WFwAS console and the Windows Firewall control panel applet.

    upload_2016-6-27_12-45-14.png
     
  6. mike83

    mike83 Registered Member

    Joined:
    Mar 9, 2016
    Posts:
    35
    I understood earlier that the network location "Private" equals "Home" network and "Domain" equals to "Work" network, but then I found this sevenforums article which seems to teach that "Private" equals to "Work" network...

    I'm a bit confused now... how should I understand the sevenforums article's explanation in the context of WFC?

    I mean, WFC has "Private / Public / Domain" locations and the sevenforums article defines "Home / Work (private) / Public / Domain" locations. How should they be mapped with each other?
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Usually in an enterprise environment there is a domain server which is administrated by a network administrator. This is why I said "Domain" = "Work". Consider Home/Work as Private if you do not log in into a domain.
     
  8. mike83

    mike83 Registered Member

    Joined:
    Mar 9, 2016
    Posts:
    35
    Ok. Thank you for the explanation! :)
     
  9. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Hey alexandrud or anyone. Probably been asked but do not have the time to go through 100 pages.

    Does the rules work from top to bottom. If I first make a rule to allow explorer.exe to a specific IP address port 80 then make a rule to deny all explorer.exe to all IP address port 80 will the last rule take precedent? Or do I have to deny per IP address to have the allowed IP address to work?

    Thanks,
    Robert
     
  10. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    Just received update 4.8.1.0

    I'll let @alexandrud officially announce this :)
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Windows Firewall Control v.4.8.1.0

    Change log:
    - Improved: The start-up mechanism of wfc.exe was updated for faster launch.
    - New: Added a confirmation dialog before restoring WFC recommended rules.
    - Updated: The WFC recommended allow rules were updated based on the feedback received in the past months.
    - Removed: The WFC recommended block rules were all removed since they are useless when Medium Filtering is applied. In some cases they also created connectivity issues with Windows Update.
    - Removed: Shell Integration does not allow creating multiple rules for the same file.
    - Removed: Shell Integration dialog that appears on desktop when a new rule is created was removed. The creation of a new rule can be checked in Rules Panel.
    - Fixed: Shell Integration does not work properly. If multiple files are selected in Windows Explorer, new rules are created only for some of them.
    - Fixed: The Exit menu item of the tray application does not work anymore if the service is stopped.

    New translation string:
    423 = Restoring the WFC recommended rules will recreate these rules again. The current existing rules will remain unchanged. Do you want to continue ?
    Updated translation string:
    418 = WFC recommended rules were recreated successfully.
    419 = Please refresh the rules in Rules Panel window. Thank you.

    Removed translation strings:
    014 = An identical rule for this program already exists.
    015 = Operation aborted !


    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: ff8c2ed9ce95d5e117b539d21ba741f039cf7fd8
    SHA256: a4485d412cea2b54d5346914664f7aa8b98acbb2785bc20ae2a573afc9187393

    Best regards,
    Alexandru
     
    Last edited: Jul 1, 2016
  12. Shamshi Adad

    Shamshi Adad Registered Member

    Joined:
    Mar 16, 2016
    Posts:
    40
    Location:
    Eastern Shore of Maryland, USA
    So COOL! Thanks very much, Alexandru.
    Peace. Alan
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    The order of the rules doesn't matter. Block rules have higher precedence than allow rules in Windows Firewall. This means if one block rule matches the same connections as the allow rule, then the block rule will be applied.

    - If you use Medium Filtering profile and you want to allow explorer.exe only to a specific IP or range, it is enough to create an allow rule for your desired IP/range. Let's say you want to allow explorer.exe to access only 86.10.10.150 and you already created an allow rule for this IP. To stop the notifications for explorer.exe for other IP addresses, create a second block rule and include two IP ranges that do not interfere with the allow rule. Define a block rule with the remote IP addresses like this: 1.1.1.1-86.10.10.149,86.10.10.151-255.255.255.255. Your first IP is not blocked by this rule and you will not receive duplicate notifications for this program anymore.

    - If you use Low Filtering profile, then explorer.exe is allowed by default. It gets blocked only if you create a block rule for it.
     
  14. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Yeah that's what I thought and makes sense. Already started what you wrote. Will not use Low Filtering as what's the sense of using your product or any firewall protection software IMO.

    Thanks, alexandrud.

    P.S. Nice new version.
     
  15. backwards_sdrawrof

    backwards_sdrawrof Registered Member

    Joined:
    Jul 12, 2015
    Posts:
    4
    Thanks for your effort, and constant development. In a time when "telemetry" has become the norm.


    Suggestion: Defense against Rogue Packets.

    During startup, check with Systernals , Loadorder.
    During shut down.

    A quick inspection with Loadorder, and we find that Windows firewall is loaded late.
    The services (BELLOW) are loaded ahead of the Windows firewall (W7):

    Dnscache
    Dhcp
    Tcpip
    Spooler
    NetBIOS
    NetBT
    Plug and play...


    Reference article for Load order grouping, here:
    https://support.microsoft.com/en-us/kb/115486

    IF possible I'd make it so WFC could turn off (multiple?) LANS during shutdown. At startup; I'd still keep the high filtering. WAIT for about 20 seconds, before enabling the LANS. The ability to set a timer would be helpful, when dealing whit different boot speeds.


    my current solution, meanwhile (sorry, it's a mess!). This will disable "YOUR LAN", "Dhcp" and "NetBT" services. Close down script will also, shutdown your computer.

    Close Down Script:
    @Echo off
    echo ***DISABLING LAN***
    echo.

    netsh interface set interface name="YOUR_LAN_CONNECTION_NAME_GOES_HERE" admin=disabled
    echo.
    timeout3
    echo.
    sc config "Dhcp" start= disabled
    echo.
    timeout 3
    echo.
    sc stop "Dhcp"
    echo.
    timeout 3

    echo.
    sc config "NetBT" start= disabled
    echo.
    timeout 3
    echo.
    sc stop "NetBT"
    echo.
    timeout 3
    echo.
    echo.
    echo.

    cls
    echo ***NETWORK...DOWN!!!***
    echo.
    pause
    Shutdown /s

    Start-Up Script:
    @Echo off
    echo ***ENABLING LAN***
    echo.

    netsh interface set interface name="YOUR_LAN_CONNECTION_NAME_GOES_HERE" admin=enabled
    echo.
    timeout 3
    echo.
    sc config "Dhcp" start= auto
    echo.
    timeout 3
    echo.
    sc start "Dhcp"
    echo.
    timeout 3

    echo.
    sc config "NetBT" start= enabled
    echo.
    timeout 3
    echo.
    sc start "NetBT"
    echo.
    timeout 3

    cls
    echo ***YES, MASTER OF NETWORKS?!!!***
    pause
     
  16. Shamshi Adad

    Shamshi Adad Registered Member

    Joined:
    Mar 16, 2016
    Posts:
    40
    Location:
    Eastern Shore of Maryland, USA
    Hey NSG001, you look different. Did you get a hair style or a new hat or something?:confused:
    Peace. Alan
     
  17. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    [... snip ...]

    Both useful.
    The right decision!

    [... snip ...]

    Thank you for update!

    Greetings
    Alpengreis

    PS: Thanks for new Hash!
    PPS: DE-Translation is available now on BiniSoft.org ...
     
    Last edited: Jul 2, 2016
  18. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    OK got it to work. Had to test and wait to see if the rule is being applied as created.

    Just a great written product that keeps evolving into a better firewall plus with, at least to me, a clean, simple but feature rich interface.

    Thanks again alexandrud,
    Robert

    P.S. Plus the experience users that contribute/suggest towords making WFC what it is today!
     
  19. PrinceYann

    PrinceYann Registered Member

    Joined:
    Nov 29, 2015
    Posts:
    38
    Bug report for 4.8.1.0. Crash error when launched with command line switch for Rules or Log (e.g. "C:\Program Files\Windows Firewall Control\wfc.exe" -rp).

    Details are on the attached file.
     

    Attached Files:

  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Indeed, it works only if wfc.exe is not started, but if it is started, then it does not launch the view. Consider it as fixed. In the next version it will work again. Thank you for reporting this.
     
  21. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    some positive feedback, occasionally I have come across applications which are written badly and they will very rapidly retry to connect to the internet when they fail. These programs caused chaos when using windows firewall notifier which I was using before moving to this.

    Well a couple of days ago I installed unigine graphics benchmark and that was trying to open a connection to the internet dozens of times a second, whilst my cpu was heavily utilised with the prompt updating, the OS remained responsive as well as the windows firewall control interface and so it handled it quite well. :)
     
  22. Andytay70

    Andytay70 Registered Member

    Joined:
    Sep 20, 2015
    Posts:
    23
    Thanks for such a great piece of software alexandrud!
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Windows Firewall Control v.4.8.2.0

    Change log:
    - Updated: The recommended WFC rule "WFC - Windows Update" rule is now by default enabled and the rule "WFC - Windows Store (svchost.exe)" was removed.
    - Fixed: Revert profile does not set the desired profile after the time elapses if it is activated and the profile is not changed. If Low Filtering profile is already in use and the revert profile is activated, then nothing happens.
    - Fixed: With the latest improvements, the launch of wfc.exe with parameters does work only on the first run. This affects also the uninstaller which on the first run attempt does not display the uninstall dialog.

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: d6836cbd35949e1842b37d813c94b6e1738385e5
    SHA256: 863b5b0c68c4ae996708e180b79a38bf70ac2e925a8573527cc631c02f2e0c56

    Best regards,
    Alexandru
     
  24. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    @alexandrud
    What was the reason for these changes :doubt:
    Thanks
     
  25. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Additionally, the following has changed (non-official report from me):
    - Updated: The recommended WFC rule "WFC - File and Printer Sharing (NB-Name-Out)" has now the following restriction: "Remote addresses = LocalSubnet" (instead no restriction before)
    - Updated: The recommended WFC rule "WFC - File and Printer Sharing (Spooler-Out)" has now the "Protocol = Any" (instead TCP only before)

    And thanks for Update, Alexandru!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.