Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    Updated here. Everything seems fine. It works so well that sometimes I even forget that it is there! Thank you!
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Thanks, and yes I think it's a good idea. To clarify, the current options are already good, but it would be nice to also see info about the incoming connections, which IMO should normally all be blocked because of the risk involved.
     
  3. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    Is all this CPU usage normal?

    http://i.imgur.com/oBQTOl4.jpg

    I have a nearly ten year old Q6600, even so, from my security programs it is the most CPU consuming.
     
  4. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Yes, that's pretty normal, 5.2% usage is nothing to be concerned about. If it were 52% usage on the other hand, then that will be abnormal...
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,792
    Location:
    .
    If your pc is idle then it's not normal, for me. Mine is 0% all time, both gui and service.
    I noticed that even torrenting and downloading via IDM, both WFC components are 0% cpu usage.
     
  6. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    Yes, my PC is idle. No torrenting, streaming or downloading nothing. Only Ungoogled Chromium open.
     
  7. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @ExtremeGamerBR

    No, it seems not normal. At least I have also 0% CPU for this service (Win 10 Pro x64).

    Have you tried a reboot already?
     
  8. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Win pro x64, no WFC CPU use on idle Fx open.
     
  9. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    Yes, many times. I use Private Internet Access via OpenVPN. Maybe is it?
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    1. Try to disable the notifications system and see if the CPU usage drops.
    2. Do you have this CPU usage all the time, even when you start your computer ?
    3. If you disconnect your VPN the CPU usage remains the same or does it increase when you connect again to your VPN ?
     
  11. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    1. When I disable the notifications system, the CPU usage stay 0.0%. So it solves the problem. There is a workaround?
    2. All the time, AFAIK.
    3. It stays the same.
     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    When the notifications system is on, WFC is subscribed to packets drop event. If on your system there is a large amount of connections, this may increase the usage of WFC service since all events will trigger WFC to perform some actions. What you can do.
    1. Close any peer to peer, torrents clients, etc, and see if the CPU usage goes down.
    2. From the Connections Log, uncheck the Allowed connections. See if this improves the CPU usage.

    upload_2017-3-6_16-40-49.png

    3. Check on a different machine or in a virtual machine if you have the same problem.
    4. Make sure that your other security products that you use don't scan wfcs.exe each time it access something (Windows Registry, Security Log).
     
  13. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    You could try a "trial and error" (if possible) methode to find out: deactivate program "1" (could be your VPN), maybe reboot, test it ... deactivate program "2", maybe reboot, test it ... etc. - then the same with services too ...

    So you could see, if loaded programs or services has an influence to the Win Firewall resp. WFC service ...

    But it's also possible that the system itself is the reason and/or the .NET (config) and/or and/or ...

    Maybe Alexandru has a better methode or even a suggestion (even for .NET "maintenance" or so), to fix that.

    However: I find it not really normal, but it exist so many systems with different configs with different software etc ... who knows ...

    Alexandru, have you more info about this?

    EDIT: Ahh, I missed his answer above ...
     
  14. ackys

    ackys Registered Member

    Joined:
    Feb 28, 2017
    Posts:
    7
    Location:
    Romania
    I need some help when and if you have the time. Fresh win 10 install, WFC configured with secure rules all default rules changed to windows firewall control group. I cant enable network discovery (file and print sharing) in windows, the checkbox wont stay checked and it wont turn on. Where should i start solving the problem?
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Did you enable File and Printer sharing like explained below ?

    http://windows.microsoft.com/en-us/windows-vista/enable-file-and-printer-sharing

    This will create a new set of Windows Firewall rules that will allow network sharing.

    1. Make sure that Secure Rules will not delete or disable these rules. Disable Secure Rules while enabling File and Printer Sharing.
    2. If these rules are missing at all from your firewall rules, restoring Windows Firewall default set of rules will restore these rules. They will be disabled probably but when you enable File and Printer sharing, these rules will become enabled.
    3. Please check the Connections Log and check the recently blocked connections. It will help you to find which processes were blocked and what rules you still have to create. Check the connections of svchost.exe especially.
    4. If you don't want to reset Windows Firewall default set of rules, please recreate the WFC recommended rules which contain the required rules for file sharing over the local network.

    If some concepts from my post are not familiar to you, please press F1 in any WFC window to open the user manual and you will find many answers to your questions.
     
  16. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    1. I do not have any process that requires too many connections running at the moment.
    2. Not improved, continues the same use.
    3. It's hard for me to do this lately, but I can try.
    4. The only security product that scans any process I have on my computer is WIndows Defender and AppCheck. I closed AppCheck to see if it improved and not improved.
     
  17. godless

    godless Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    19
    Today WFC change update port from 66.198.240.5:80 to 66.198.240.5:443.
    Is this OK?
     
  18. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    I noted this yesterday also.
    @alexandrud pls confirm :)
     
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    This is very OK. Since yesterday, the website uses https (443) instead of http (80). The next version of WFC will have an updated rule for the WFC updater. Until then, please manually edit this rule and add the port 443 too.

    upload_2017-3-12_13-7-56.png

    With this change, registered users will no longer receive security warnings when logging to the website.
     
  20. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
  21. lahan

    lahan Registered Member

    Joined:
    Mar 19, 2017
    Posts:
    4
    Location:
    US
    This might be a stupid question, but what is the preferred way of allowing or restricting traffic to remote / local IPs? For instance, if I want to allow a program to communicate on my local network, but prevent it from communicating to any internet / WAN IPs, what kind of rule should I create to ensure that traffic is blocked as desired and I am prompted or not as desired?

    Let's say I receive a notification about an attempted outbound connection to a remote internet IP for a new program.

    One option would be to use the notification prompt to specify an 'allow' rule and restrict the remote IP to local network IP ranges (ex., 192.16:cool:. If I do this, would it allow the connection that caused the initial notification, even though the remote IP was not in the range? And how would it behave for future attempts by the program to connect to a remote IP not in the range for the 'allow' rule.. would it prompt with a new notification, since no rule was matched? If there is a new notification, and I simply clicked 'block' without specifying a remote IP range, would the new rule override the initial 'allow' rule? If it does override the initial 'allow' rule, then what is the best way to block connections from a program to ALL remote / nonlocal IP addresses, which might be a lot of different ranges to specify?

    Sorry if the question is unclear, I'm just trying to understand the way precedence and local / remote networks are handled in windows firewall and WFC. Thanks for any help, and please let me know if I should ask the question elsewhere. Thanks for the great program, by the way. I have already donated and I love how lightweight and straightforward it is.
     
  22. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    This is for sure not a stupid question :)

    If no block rules exist for that new IP(s) AND you have the notifications setting set to "View" AND you haven't that program in the notification exception list which means do NOT display notifications for that program, then yes, you will receive a new notification.

    Hint: to allow a program for whole Local Subnet you can take the expression "LocalSubnet" instead IP ranges.

    Yes it does overrule the allow rule(s) because block rules have higher priority than allow rules.

    Here you have different possibilities to handle that, two as example:

    1) After creating an allow rule with expression "LocalSubnet", block via block rule all except LocalSubnet IPs: you could make a block rule with the following ranges (it's "IPv4&6 Non-LocalSubnet with (Non-)Local-Transition" (no guarantee that this is really okay, you have to check it yet)) for that program:

    1.0.0.0-9.255.255.255,11.0.0.0-126.255.255.255,128.0.0.0-169.253.255.255,169.255.255.255-172.15.255.255,172.32.0.0-191.255.255.255,192.0.1.0-192.0.1.255,192.0.3.0-192.88.98.255,192.88.100.0-192.167.255.255,192.169.0.0-198.17.255.255,198.20.0.0-198.51.99.255,198.51.101.0-203.0.112.255,203.0.114.0-223.255.255.255,::ffff:0:0-::ffff:ffff:ffff,64:ff9b::-64:ff9b::ffff:ffff,2000::-3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff


    2) After creating an allow rule with expression "LocalSubnet", create a notifications exception which means do not display notifications for that program.


    I hope my english is clear enough ;-)
     
  23. lahan

    lahan Registered Member

    Joined:
    Mar 19, 2017
    Posts:
    4
    Location:
    US
    I see, thanks a lot Alpengreis; it makes perfect sense! :)
     
  24. Hifexar

    Hifexar Registered Member

    Joined:
    Mar 22, 2017
    Posts:
    12
    Location:
    Krasnodar Russia
  25. Hifexar

    Hifexar Registered Member

    Joined:
    Mar 22, 2017
    Posts:
    12
    Location:
    Krasnodar Russia
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.