Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    I tried WFC on the same Windows 10 build a few days ago without any problems. d3d9.dll is a DirectX assembly used by Windows Presentation Foundation (WPF) to render the graphics of WFC.

    Please install your video card driver from your vendor and see if this solves the problem.

    upload_2017-4-6_11-0-15.png

    I also have this installed on a real machine, not only in a virtual machine and it works just fine.
     
    Last edited: Apr 6, 2017
  2. Kob

    Kob Registered Member

    Joined:
    Dec 13, 2011
    Posts:
    39
    Feature request (I asked for this a long time ago, but thought to surface it again):

    In the Security / Secure Boot option to add a textbox for a list of IP addresses to be excluded from the lockout on boot, preferably in the form of z.z.z.z, y.y.y.y, ...
    A wild card ability like z.z.z.* would be great.

    This will let me block any public outgoing connections on boot, but still allow me to reach and manage the machine through the local LAN.

    P.S. WFC V.4.9.6 works beautifully on Server 2016 R.1607
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    This is already possible. Please read the following article from the user manual:

    User interface > Main Panel > Profiles > Is it possible to allow LAN traffic when using High Filtering profile?

    I know the current approach is not very straight forward and requires more attention, but your suggestion is not possible. You must specify the excluded IP range like this: 1.1.1.1-192.168.0.0,192.168.0.255-255.255.255.255, and the allowed IP range would be 192.168.0.1-192.168.0.254.
     
  4. Kerrison

    Kerrison Registered Member

    Joined:
    Jul 14, 2015
    Posts:
    9
    Sure enough, that fixed the problem-- thanks!

    Very weird, because games played fine. I guess the games were DirectX 11, not DX9.
     
  5. Andrew1a

    Andrew1a Registered Member

    Joined:
    Apr 6, 2017
    Posts:
    3
    Location:
    Earth
    1. Can someone tell me why WFC is not remembering my choices when I block a program? Or point me to a post that can help me diagnose this problem.

    2. Can WFC block incoming traffic on a medium setting, ie besides the universal block designated by high filtering, to block everything coming in and out?

    3. Also, I have a process call ntoskrnl.exe that is called "System" in Process Explorer and in WFC. Obviously this must be the system file but in Process Explorer there is nothing under Description, Company Name, or Verification. Its PID is 4. Does this sound normal? Also when clicking on it in Process Explorer it states it is "NT Authority/System."

    Thank you very much
     
  6. Kerrison

    Kerrison Registered Member

    Joined:
    Jul 14, 2015
    Posts:
    9
    So Nvidia just released new drivers today. I installed them, rebooted, and now WFC is crashing again. Same crash, on d3d9.dll. I guess I'll reinstall the same drivers on top of themselves?

    Completely bizarre.
     
  7. mike83

    mike83 Registered Member

    Joined:
    Mar 9, 2016
    Posts:
    35
    Would it be possible to get the wfc.exe command line interface extended to include also profile selection (i.e. switch to High Filtering, switch to Low Filtering etc.)?
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    1. Give us more details. Which program do you block ? Is this program still allowed after you create a block rule, or do you see duplicate notifications for it ? In either case check the user manual. It will answer you a lot of questions.
    2. By default, all inbound connections are blocked in Windows Firewall. Only if there is an explicit inbound allow rule, it will be applied, otherwise, if no rule is defined, all connections are blocked.
    3. This executable exists on all Windows versions and it is digitally signed by Microsoft. It is a safe process. SYSTEM is a keyword used in Windows Firewall which defines this process. You don't create an allow rule for ntoskrnl.exe but instead for System.
    It would be possible but I will not do it. You can change the profile by using the netsh command line in an elevated CMD window. If I add these parameters to wfc.exe the profile could be changed without elevated privileges, which is not a good idea. You can see below how you can change the profiles through netsh.

    Medium Filtering
    netsh.exe advfirewall set allprofiles state on
    netsh.exe advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound
    Low Filtering
    netsh.exe advfirewall set allprofiles state on
    netsh.exe advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound
    No Filtering
    netsh.exe advfirewall set allprofiles state off
     
    Last edited: Apr 7, 2017
  9. nimd4

    nimd4 Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    23
    Location:
    Belgrade
    You're joking, ofc. I'm just going through some of the posts in the thread... The actual developer is taking the time to provide (free!) user, customer and technical support and then there's a problem which involves a 3rd-party software which - by the way - is in direct conflict with a firewall; as, most modern firewalls (i.e. Comodo) will include such a component, to control file execution (as the two are, often, closely related anyway).

    Excuse the off-topic spam, but Jesus Christ. Are we expected for them to hold our hand, or to be able to work on perfecting this highly essential program - which has been missing from Windows, ever since the beginning: when the operating system had been conceived as a corporate botnet tool, for the masses.
     
  10. Kob

    Kob Registered Member

    Joined:
    Dec 13, 2011
    Posts:
    39
    This worked like a charm, and since the set ranges do not change that often, this is a perfectly good solution. Thanks.
     
  11. Kerrison

    Kerrison Registered Member

    Joined:
    Jul 14, 2015
    Posts:
    9
    For anyone following along in my fascinating epic saga of WFC crashing on d3d9.dll after upgrading Windows 10 to the 1703 update, I tracked down the problem-- MSI afterburner. In particular, the RivaTuner server that is installed alongside MSI afterburner to provide an on-screen display.

    To fix it, open RivaTuner and set "Application detection level" to None.
     
    Last edited: Apr 7, 2017
  12. WarGames

    WarGames Registered Member

    Joined:
    Mar 13, 2017
    Posts:
    20
    Location:
    UK
    After ditching comodo after it total crashed my windows 7 when upgrading to version 10 (thankfully I had macrium reflect) I donated to wfc4 and it's much better.

    A few things if anyone can help.
    How to you block ips and domains in wfc4. I am assuming you have to use HOST file to block domains, but what about ip?

    Also anyone get any tips on hardening it up or general advice they have learned whilst using wfc4?
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Thank you for your feedback.
    Windows Firewall can only block IP addresses or IP ranges. To block domain names you should use a custom hosts file. To block ou want to block these IP several IP addresses or IP ranges just create a block rule. If you want to block these IP addresses for all programs, create a block rule for all programs, if you want to block IP addresses only for a specific software, create a block rule for that software only.

    When you enable outbound filtering in Windows Firewall (Medium Filtering profile in Windows Firewall Control) all outbound connections without an allow rule are by default blocked. In this case you have to create a few allow rules for the programs that you really want to allow to connect. There is no need to create block rules.

    Check this post for a minimal set of rules:
    https://www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-85#post-2563841

    You can create these rules by restoring WFC recommended rules.
     
    Last edited: Apr 8, 2017
  14. Plutox

    Plutox Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    22
    Sorry, I really wish I understood what this post was actually moaning about.

    In a world in which PC security has become big business, nearly every commercial security package aspires to be "the only security you will ever need". Unless you believe this (and confine yourself to a single package), there will inevitably be conflicts.

    In this particular situation, the nature of the conflict was that WFC's saving/restoring of a full profile is achieved using the NETSH command line. Once this simple fact is known, it is not difficult to comprehend the problem I experienced.
     
    Last edited: Apr 9, 2017
  15. Plutox

    Plutox Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    22
    Alexandru -

    A thought regarding the use of phrases within rules such as "LocalSubnet". Would it be possible to make this type of entry NOT case critical and to ignore spaces so I could enter, say,

    "local subnet" or possibly
    " local SubNet "

    I presume you use a parser of some kind because I note that WFwAS uses the syntax "Local subnet", so some extra tolerance of human error would be nice. Alternatively, some kind of selection mechanism (a drop-down box, for instance) of available pre-defined expressions to prevent incorrect entry.

    Thanks.
     
  16. WarGames

    WarGames Registered Member

    Joined:
    Mar 13, 2017
    Posts:
    20
    Location:
    UK
    I have two more questions, as I am really started to get into using WFC4 now.

    1..If a notification times out, example:you don't click anything. Does it allow,temporary block or permanently block the connection?

    2..Is there anyway to export the connections log from wfc4 interface?
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Windows Firewall API accepts only parameters without empty spaces. Regarding LocalSubnet and other keywords, they are case sensitive and are not accepted in other forms by the Windows Firewall API. To avoid unnecessary processing of the parameters in WFC code, WFC provides only an error mechanism, not a correction mechanism. Anyway, even if you insert local subnet and let's assume WFC would convert this to LocalSubnet, when you refresh the rule it will return again the value LocalSubnet. To answer your suggestion, the answer is no.
    1. The dialog just closes and nothing happens. You see a notification for a blocked connection, the connection was blocked, it is still blocked and no rule is created for it.
    2. Select the entries that you desire (Ctrl+A to select all), right click on the data grid and from the Copy... context menu, choose what you would like to copy to your clipboard. Then you can just paste the content in any text editor, text box, etc.
     
  18. guest

    guest Guest

    It's worth to keep the wf default rules? Or can I simply delete them and start fresh?
    Will I permanently block something or I will get popups if anything in windows needs those rules?

    I have it set on medium filtering, outbound traffic. So I don't get any inbound rules, are these blocked by default? If an app needs and inbound rule will I get a popup or do I have to create the rule manually?

    Is there a way to sort the rules by creation date? if you could you please add it?
     
    Last edited by a moderator: Apr 11, 2017
  19. Plutox

    Plutox Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    22
    That, I was fully expecting. I was just hoping for greater tolerance of slightly incorrect syntax on initial entry OR the possibility of some kind of selection control such as a drop-down box.
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Please press F1 and read the following topic from the user manual:

    User interface > Main Panel > Rules > Windows Firewall Control recommended rules

    You can delete all default Windows Firewall rules and use these as a starting point. Some svchost.exe and System connections are always required for web browsing.

    Inbound connections are by default blocked in Windows Firewall unless there is a specific allow rule for this purpose, otherwise, everything is blocked. However, if a software wants to open a port to listen for incoming connections, Windows Firewall itself will display a new notification. Check the following topic from the user manual:

    User interface > Main Panel > Notifications > How does the notifications system work?

    Windows Firewall rules don't have a creation date property and WFC can't add this info. New rules are always displayed on top of the list in Rules Panel because this is how they are returned from Windows Firewall API.

     
  21. guest

    guest Guest

    Understood, thanks :thumb:
     
  22. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    Just download, donated and activated using the latest Windows 10 Pro Release Preview build and updates, working nice so far. Had do exclude wfc in RivaTuner though, something in the new version of Windows causes RivaTuner to crash certain applications.
    Haven't gotten the account email yet, though.
    Edit: Email sorted by staff. :)
     
    Last edited: Apr 12, 2017
  23. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    A quick question, this software plays nice with other firewalls right? I mean if you use another 3rd party firewall and that one plays nice with Windows's own, then this won't cause any clashes ether right? I was thinking of picking this up to just help manage the Windows rules it auto creates.
     
  24. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    How do I allow an application to have intranet connectivity but block internet? Basically I want to allow the application to connect to 10.220.0.16 but block it from connection to anything else. Currently I have one allow rule for 10.220.0.16 and one block rule for Any to Any but it blocks all traffic to 10.220.0.16 too, I don't understand how I make the allow rule have a higher priority?

    Edit: In advanced windows firewall thingie I edited the block rule to instead be active for "Internet"... but I can't find any definition for that so far, does "Internet" in this case mean everything outside of the local subnet or is it stupid and only count the web?
     
    Last edited: Apr 14, 2017
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    What means to you that a 3rd party firewall plays nice with Windows Firewall ? Usually a 3rd party firewall will have it's own set of rules and the rules from Windows Firewall will be ignored. Which other firewall do you use and why would you like to have two software firewalls ?
    In Windows Fiirewall block rules have higher precedence than allow rules, so you can't create an allow rule which will overwrite a block rule.

    You create just an allow rule for your specific software and the remote IP 10.220.0.16 and that's all. All other connections are anyway blocked if you use Medium Filtering profile, so there is no need to create a block rule. If you don't want to see new notifications for this software anymore, just add the exe name in the notifications exceptions list.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.