Windows Firewall Control (WFC) by BiniSoft.org

This would be then indeed a cool new "design". Sounds good!

 

Hmm I think medium notification has a good place, and I for one appreciate not been hit by system and svchost notifications, please do not change this unless you add a way to have the same function on the revised code.

I would do this as is good to remember people who are used to the program working in a certian way may get surprised with your changes.

1 - keep high notifications as is
2 - make medium notify for everything "except" the exclusion list "and" add system and svchost to the exclusion list by default, so in other words the change will not break anything.
3 - keep low as it is

 

Alexandru, maybe you do not have to make so drastic changes. What I would do:
- An exclution list as you described
- The notifications system will check the path of the blocked connection, then check the exclusion list, and then check the rules (as it is now). If it finds a hit in the exclusion list it won't display a notification, if it doesn 't, continues and checks the rules (block, allow, generic, disabled) and if it doesn't find a much it'll display the notification. This should also take care of system and svchost.exe ; if the user adds them in the ignore list, they should be outlined in red explaining/warning that "High notification level" won't work as expected.
or if you want to use that list for excluding system and svchost.exe just occupy/block the first two entries in the list so the WFC can automatically insert or remove the two rules according to the notification level(if high level is selected they get removed if any other level is selected medium,low or no notifications they get added). And if a user adds the entries
C:\*
C:\Windows\*
C:\Windows\system32\*
C:\Windows\system32\svchost.exe
system
They should be outlined in red as stated earlier...
- The High notification level remains
- Medium notification level remains
- Low notification level remains
- About the button. Maybe something like this?


Panagiotis

 

I am having less problems with the WFC tray icon not responding now but there is still one situation when it is annoying. Almost all the time it works fine. However, when I install new software and find the new software blocked by the firewall, WFC will not open when I click on the icon. I have notifications off so I need to open it to add a rule. This has happened too many times to be a coincidence. I have to kill the WFC process and run it again. It then always works.

I am running Windows 10 64 bit with Avast free installed.

 

Please check the Troubleshooting part of the user manual which has a section related to this problem.
1. Check the WFC log, check your antivirus, post more details.
2. Are you able to open Main Panel by double clicking on the desktop shortcut ?
3. Have you tried to add wfc.exe and wfcs.exe in the exclusions list of Avast ? Does this help ?
4. Do you still have the same problem if you temporarily disable Avast ?
I also install new software and this does not block WFC from being responsive. From your description, WFC seems to be blocked from being correctly executed.

 

@tcarrbrion

And attention anyway with Avast and WFC.

Last time when I checked Avast, the WebShield (was enabled by default) acted as Software Proxy which is NOT compatible with WFC.

No idea if this is the case yet, but I assume it is ...

 

Nothing has ever been logged in the antivirus or windows logs when WFC has been blocked.

Double clicking on the desktop shortcut does not help, I have to kill wfc.exe with task manager. I do not have to restart the service.

I just readded wfc.exe and wfcs.exe to the Avast exclusions. They got left out when I reinstalled a few months ago.

It is hard to reproduce the problem. I have run wfc.exe numerous times when not installing anything over the last several months and it has always worked. I don't know what is different when I am installing a new program but it is only then that wfc.exe does not appear. It is running and can be seen in task manager but the screen and the context menu do not appear.

It used to get blocked far more often but an update to WFC (it could have been some other change) made it much more reliable. I think the update was early this year.

I was running Appguard as well but have uninstalled it a few months ago as it keeps crashing my computer. Uninstalling it made no difference to WFC.

Avast web shield does not stop WFC from blocking programs. I have my system locked down and many programs get blocked.

 

@tcarrbrion

Sorry for my persistence: but this is not really the point: so if you really locked down your system, it should be probably block all anyway, because the proxy should be integreated in this scenario.

The point is: have you correct WFC notifications for outgoing programs (for example without exist rule) - I mean for the real program path? Then it could be really the case that Avast changed the technique behind. Would be good to know ...

Greetings

 

I don't use notifications but if I turn them on and delete the firefox rule I get a popup for C:\Program Files\Mozilla Firefox\firefox.exe. I have a short list of allowed programs and everything else is blocked.

 

@tcarrbrion

Sounds good! Thank you very much for sharing this info and your time!

 

Windows Firewall Control v.4.9.0.0

Change log:
- Updated: The notifications system was redesigned in order to allow defining exceptions. The High notification level was removed since the new notifications system can be configured to achieve the same results. The existing modes were renamed.
- Fixed: In Properties dialog, the local addresses field should not accept custom keywords like the remote addresses field since this is not allowed not even from WFwAS.
- Fixed: In Properties dialog it is not possible to select "Services only". Opening such a rule result in an empty selection in Services combo box.
- Fixed: Duplicate authorized group names can be added if the case is changed.
- Updated: The user manual was updated to reflect the new changes.

New translation strings:
240 = Define below the programs and folders for which the notifications should not be displayed
241 = Notifications exceptions
242 = Add exception
243 = Remove exception
244 = Define here a new exception
245 = Add to notifications exceptions
246 = Exclude file
247 = Exclude folder

Updated translation strings:
201 = Notifications mode specifies which blocked outbound connections should be displayed to the user
204 = Display notifications
205 = Display notifications for all blocked outbound connections but do not display them for the programs defined as exceptions below
206 = Learning mode
207 = Automatically create outbound allow rules for digitally signed programs and display notifications only for unsigned programs
230 = Rule created by Learning mode
459 = Define here a new authorized group

Removed translation strings:
202 = High
203 = Display notifications for all blocked outbound connections, including the system ones, generated by the connection attempts of svchost.exe and System.

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 766c3f54f9679a5e47e911b77829a1497935e9cd
SHA256: 31b1827bcca2d684dc65405cd7e64799660f705d2d88981827e07dc2a1fbdaf0

Best regards,
Alexandru

 

@alexandrud

Just short info - (I make right now the new german translation)

You forgot those strings:

321 was also removed

is this okay so (because it has nothing to do with notifications)?

Greetings

EDIT: I have 319 instead, well maybe it's a mistake in MY translation file ...

 

German translation is already sent to BiniSoft.org and should be ready soon. Thanks.

 

Hey guys,

Not sure if this has been discussed earlier in the thread, but does anyone know what these "Internet Shearing" firewall rules are in Windows 10?



The system has been creating thousands of it and fortunately, WFC disables them. Seems phishy to have such firewall rules.

@alexandrud Little suggestion, instead of overwriting the group name of an unauthorized firewall rule when it is disabled, just append "UNAUTHORIZED - " to the start of the original group name, e.g. UNAUTHORIZED - Weather. Better yet, don't bother renaming the group, just disable the unauthorized rule. That way, if it's an app that we trust, we can permanently allow firewall rules to be created using its specific group name.

 

321 is still used by the tooltip when Secure Boot is enabled.

So, instead of renaming the group (Secure Rules set to disable unwanted rules), just disabling the rule should be enough. I will think about this.

 

This is a good idea, actually.

 

I think prepending some text is a good idea, it makes it much easier to find all such rules by sorting on Group. It doesn't have to be as long as "Unauthorized-" though, shorter would allow easier viewing of the original name.

 

Important note for the german language users:

Another german translation file was sent to BiniSoft.org and should be available soon. Please ensure that you use this latest file (Date IN translation file is 16. Dezember 2016), because the changes are really important.

Thank you.

In Deutsch:
Wichtiger Hinweis für die deutschsprachigen Benutzer:

Eine andere deutsche Übersetzungsdatei wurde an BiniSoft.org gesendet und sollte in Kürze verfügbar sein. Bitte stellen Sie sicher, dass Sie diese neueste Datei verwenden (Datum IN Übersetzungs-Datei ist 16. Dezember 2016), da die Änderungen wirklich wichtig sind.

Danke.

 

Will Adguard work with WFC?
I noticed this "Windows Firewall is incompatible with software proxies, web filtering modules"
Would this include Adguard?

 

I have AdGuard for Windows installed, and have been using it side by side with WFC for a long time. No issues.

However, I don't use AG as a proxy, since I make use of Acrylic DNS Proxy.

 

Yep, it will work just ok.

 

Isn't Adguard (desktop) a web filtering module?
Thanks.

 

What they mean by "compatibility" issues is that most proxies mask other apps traffic hiding traffic origin from the firewall.
AG for Windows filters traffic on-the-fly on the network driver level and does not change it's origin.

 

but what happens when you select use WFP network driver option in adguard?

 

Thanks for the clarification.