Windows Firewall Control (WFC) by BiniSoft.org

Windows Firewall Control v.4.9.4.0

Change log:
- New: The context menu of Rules Panel has a new entry named "Authorize group". This will add the group of the selected rule in the authorized groups list and will enable the rule.
- Fixed: In Connections Log, for inbound connections, the Source and Destination IP addresses are swapped.
- Updated: The copyright info still display year 2016 instead of 2017.

New translation strings:
467 = Authorize group

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 841722a6f87e6d9c76c51f07cad4f7bd25a69b92
SHA256: b61485bf096bed52e465bb797f65bd441ea5590d631655a224d648410ae9af24

Best regards,
Alexandru

 

One of the best PC investments I have ever made
Thanks for the heads up on the update.

 

Same for me, indeed!


For the German language user: // Für die Benutzer der deutschen Sprache:

The translation file is already sent to the developer and should be ready on binisoft.org very soon! // Die Übersetzungs-Datei ist bereits an den Entwickler gesendet und sollte sehr bald auf binisoft.org bereitstehen!

Greetings.

Alpengreis
Maintainer of WFC DE-Translation file

 

Awesome! Thank you very much alexandrud!! This software just keeps getting more and more handy with every update

Ps. Sent another donation

 

Hey guys,

Does anyone know of what specific firewall rules are needed to allow the Windows 10 mail app to work while medium filtering is enabled? So far, I've just come across the following article with a bizarre solution of fully allowing the SVCHost app 24/7 through Windows Firewall:

https://answers.microsoft.com/en-us...mail-app/595528c0-ffaf-480e-b6d5-bd5f85dca91a

Anyone know of a more precise solution?

 

None that I have had to apply in Win10 x64 Pro
Just make sure MS mail is not showing in the Blocked list.
Also make sure "Sync" (MS feed sync) for the apps is not blocked that could be your issue.

 

Thanks for the quick response. I have all Outbound connections from Microsoft Feeds Synchronization (msfeedssync.exe) @ C:\windows\system32\msfeedssync.exe allowed for all network locations, so that's definitely not the problem. When I attempt syncing my inbox, I get the following error message:



Only thing showing as blocked in my connecions log is SVCHost.exe:



Setting Windows Firewall Control to low filtering fixes the issue and the mail app begins syncing, so, there's definitely no block rule for the mail app.

 

Is there a chance you acct info has a typo in it ?
Also I no SVC host in my block list, can you trace that one with what it is associated with ?
If not allow it and test your mail, if it does not solve it you can always re-block it.
EDIT: also came to me, put the firewall in "No Filtering" mode just long enough to test the connection to be sure WFC is the issue here. If you do, have all your browsers closed for limited exposure. If it connects you know for a fact its a WFC rule somewhere , if not you know to focus elsewhere.
EDIT: from what I can find on that error code that SVChost block may very well be your problem, allow it.
Good luck and let us know

 

You're showing both allowed and blocked connections. You have to filter only for blocked connections. Look at the right-hand side -- Allowed and Blocked are both ticked.

Set WFC to Learning Mode until the issue is resolved...

 

The SVCHost block is the problem, stated that from the start but as I stated when asking the question, allowing that entire process is bizarre as that process is managing connections for a lot more than just the mail app. That solution is like living your front door open in order to avoid having your roomate get locked out. I'm looking for a more precise rule just for the mail app, or in terms of the analogy, a key to give that roomate.

No, that's the option to log those connection attempts, under the display section, you can see it is set to only display blocked connections.

 

svchost.exe needs network access. Each instance of svchost.exe manages a different subset of services.

Block svchost.exe and you're going to have a lot of issues.

Research it.

 

Only on specific ports and protocols, and to specific IP ranges. Allowing it on every front is like living your front door open. Research it.

Precisely why I'm asking for a specific rule to allow SVHost connect for the Mail app's needs.

I didn't block the entire process, I simply haven't created a rule to allow it on every front, only specific rules, and I'm looking for such for the mail app.

 

Clear your block log, with your mail app closed, then start your mail app,
the svc that shows up in the now empty block log will be the one you need to allow.
I have used this method before to find app or game related blocks before.
Good luck

 

Windows Mail can't synchronize folders

This applies to Windows 10 while Medium Filtering profile is used in Windows Firewall Control.

1. To allow the Windows Mail application to connect and synchronize your email accounts, you must create an outbound rule for svchost.exe.
2. To send an email you have to create an outbound rule for C:\program files\windowsapps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\hxmail.exe
3. To be able to add a Google account you have to create an outbound rule for C:\windows\systemapps\microsoft.accountscontrol_cw5n1h2txyewy\accountscontrolhost.exe and one for C:\windows\system32\authhost.exe.

When the notifications system is used make sure that you can be notified about blocked connections of svchost.exe process. If svchost.exe is added in the notifications exceptions list, then the notification will not be displayed.

Source: F1 WFC user manual.

Blocking svchost.exe in Windows 10 breaks too many Microsoft related products. Anyway, my opinion is to use another mail client. In my case, even with WFC set to No Filtering I had problems with synchronization of my emails on Windows 10 email client. Many emails were just missing even if the software showed that everything is synchronized.

 

BTW, I already asked this, but I really think the Win Firewall settings from the config screen, should be clearly visible in the WFC GUI. The current profiles don't really reflect the current settings.

 

Please be more specific. Are you refering to the Windows Firewall window from Control Panel? Which settings?

 

Ok, so, I just went with creating the following specific rule for the Windows 10 mail app to function as I'm not very confident with the idea of fully letting the svchost process to connect:

Program: C:\windows\system32\svchost.exe
Name: Windows 10 Mail Sync (svchost.exe)
Group: Windows Firewall Control
Description: Outbound rule to Allow Windows 10 Mail to sync
Location: Domain, Public and Private
Protocols and ports:

• Protocol: TCP
• Local ports: All Ports
• Remote ports: 993

Local and remote IP addresses:

• Local addresses: Any
• Remote addresses: 67.195.125.1-67.195.125.255

Service: Apply to all programs and services
Direction: Outbound
Action: Allow
Interface Types: All interface types

So far, all is working good without living my front door open

----------------------------------------

@alexandrud Sorry if this is overwhelming, but here's a suggestion for adding a little more precise control to Secure Rules. Shouldn't demand any significant increase in system resources...I think

At the moment, Secure Rules just checks to see if the group of an automatically created rule is in the list of authorized rules. If it is, the rule is kept, if it isn't, the rule is disabled (or deleted, depending on user's preference settings). My suggestion is to give users the option to add other check points to the Secure Rules besides just the group name, keeping just group name as the default checkpoint. That way, there wouldn't be much resource being demanded by default.

For example, at this moment, I've authorized the Twitter group, as it only automatically creates an outbound rule for the Twitter app. However, as this app updates, who's to say they won't one day create an inbound rule for whatever privacy-invading ad reason. In this case, I would authorize only Outbound rules to be automatically created for the Twitter group. That way, an inbound rule for the group is automatically disabled, while an outbound rule remains untouched. Here's a concept of how the Secure Rules section can be further enhanced while still remaining simple as it currently is by default:



What do you think?

 

Adding extra criteria for which automatic firewall rules are acceptable or not is beyond the WFC scope. Automatic rules shouldn't be created at all in the first place. This adds a complexity layer which will not be implemented.

 

Yes, I mean the Control Panel. The current filter settings don't really tell me anything about incoming connections? Stuff like "All incoming connections are blocked" should be visible.

 

Hi,
Does WFC detect hidden ICMP etc outbound techniques?

 

WFC profiles only change the outbound filtering in Windows Firewall. I will think about your proposal.

WFC is not a firewall by itself, therefore it does not detect anything.

 

well put.

 

"WFC is not a firewall by itself, therefore it does not detect anything."

Thanks.

 

Windows Firewall Control v.4.9.5.0

Change log:
- Fixed: Context menu doesn't work on text boxes with watermarks if the watermarks are visible.
- Fixed: In some scenarios the system tray icon may become unresponsive.

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 22967fec82d8c535ddbceca89d59736b365895a8
SHA256: a3f2d9d1c2fe8854c768f36379c604d3e49d1abb11b0678dfd7f8957612ce419

What do you think about redesigning the Profiles tab to include Inbound and Outbound info similar to the options which are displayed in Windows Firewall CPL ? The new design must be simple and must include options to disable/enable the firewall, change inbound preferences, change outbound preferences, all in one page, system tray icon, etc. I am open to your suggestions.

Best regards,
Alexandru

 

I think inbound connections should always be blocked by default, but having an option of how they're treated for the low and medium filtering profile would be great.

I'd suggest having an in-line drop down menu for both the low and medium filtering profiles, where the user can select how they want inbound connections to be handled when the selected profile is enabled. For example, add the following sentence after their descriptions "Inbound connections should be ____ by default on this profile".

In the case of the no filtering profile, of course blocking inbound is off, in the case of the high filtering profile, blocking inbound filtering is obviously on.