Windows Firewall Control (WFC) by BiniSoft.org

Have you check this two post?
https://msdn.microsoft.com/en-us/library/windows/desktop/bb736286(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/ff956123(v=vs.85).aspx

 

That documentation is ancient...

 

I think it was well intended.

 

Just my 2 cents, but MS will for sure be in no hurry to help in any way seeing WFC can and is used to block some unwanted MS apps and services from accessing the internet. WFC has risen in popularity and appears on MS radar as a thorn.
I am sure hindering WFC puts a smile on the faces of some at MS.

 

@_CyberGhosT_ i dont believe so , WFC is a niche geek software, few people is aware of it, so it is not a threat to MS lol
And even, if it was a MS "conspiracy" any others WF apps will suffer the same fate and all privacy tools won't be able to run...
Paranoia is a invisible cancer that often hit security forums members...

 

How about this one?
https://docs.microsoft.com/en-us/search/index?search=Windows Firewall with Advanced Security
More document has come
those are for windows 10
https://docs.microsoft.com/en-us/wi...ewall/windows-firewall-with-advanced-security
Windows Firewall with Advanced Security Design Guide
https://docs.microsoft.com/en-us/wi...-firewall-with-advanced-security-design-guide
Powershell method for WFwAS
https://docs.microsoft.com/en-us/wi...curity-administration-with-windows-powershell
Windows Firewall with Advanced Security Deployment Guide
https://docs.microsoft.com/en-us/wi...ewall-with-advanced-security-deployment-guide
Planning to Deploy Windows Firewall with Advanced Security
https://docs.microsoft.com/en-us/wi...eploy-windows-firewall-with-advanced-security
Identifying Your Windows Firewall with Advanced Security Deployment Goals
https://docs.microsoft.com/en-us/wi...ewall-with-advanced-security-deployment-goals
Planning Your Windows Firewall with Advanced Security Design
https://docs.microsoft.com/en-us/wi...indows-firewall-with-advanced-security-design
Understanding the Windows Firewall with Advanced Security Design Process
https://docs.microsoft.com/en-us/wi...irewall-with-advanced-security-design-process
Evaluating Windows Firewall with Advanced Security Design Examples
https://docs.microsoft.com/en-us/wi...rewall-with-advanced-security-design-examples

 

the only way you have to switch from Powershell instead of NETSH...

 

OK thanks, then this would explain it. Because I'm also using SpyShelter (SS) and Spybot Anti-Beacon, so they are probably doing the blocking. I do believe that SS works independent of the Win Firewall, but perhaps blocked connections also show up in the WFC log, like you said.

 

@alexandrud

I would say you have to switch to Powershell. About the policies: how many users use policies? And also: policies can be changed ...

However: not support those new builds would be REALLY bad.

Alpengreis
Maintainer of WFC DE translation file

 

Not the news I was hoping for

Is there a way to replicate the method Microsoft uses to delete rules from their Firewall gui?

 

I've been getting a lot of duplicate notifications and am trying to figure out why. Most of them come from svchost, which is to be expected.

For example, I have a rule that allows outbound traffic on UDP 53 for all programs and all local IP's and ports to my DNS server. And yet, svchost keeps popping up.

So, I click on 'customize this rule', remove the local port and click on allow. There's now a new rule identical to the other one, but it's limited to svchost. And yet, I still get a popup.

So in frustration I just click on allow. This creates an outbound rule that allow svchost to go everywhere using every protocol and port. Pretty much an allow all rule.

And it still pops up.

This is a fresh install of Windows 10, no other software installed but Windows and WFC. I can click on allow as many times as I want and get a whole series of identical 'allow all' rules for svchost, and it just keeps popping up.

What's happening here?

EDIT: Even when I create a block rule for all outbound traffic fro svchost.exe, it still pops up. And I have all three checkboxes under notifications checked, including checking disabled rules.

 

Good news! WFC is working properly on latest Insider build, 16184!

It would appear MS have fixed their mistakes in the previous build because I can now switch profiles and delete rules successfully.

Hope it stays this way with future builds.

 

Oh, that's indeed very good news! Let us hope.

However, thank you for the message and your time!

Alpengreis
Maintainer of WFC DE translation file

 

Thanks for that reply, knowing me as you do, you know I am not even slightly paranoid by any "stretch of the imagination"
It was just speculation, and fun speculation at that. But make no mistake interfere with MS ability to collect telemetry and
watch how crafty they can become.
PeAcE

 

Does WFC block telemetry by default or do I need to add some specific rules?

 

I am not getting that build. Wonder if my update stopped working again. Is there a download instead?

 

There is but don't know if allowed here to post M$'s direct download links or any other filehost service links. Can a mod comment on this please?

Having second thoughts, this is the forum where you can download, learn everything about Windows 10 releases:
https://forums.mydigitallife.info/t...dows-10-insider-preview-build-16184-pc.74135/

 

hi
how can i disable windows firewall logging in my eventview ?

there is a tutorial on the microsoft page https://technet.microsoft.com/en-us/library/ff428143(v=ws.10).aspx#bkmk_1
but there is no how disable it
i know Windows Firewall Control 4 enabled it
thanks

 

you have to sign up to view most of the posts

 

Please press F1 in any WFC window and read the following topic: Troubleshooting > I receive duplicate notifications.

This is good news indeed. However, the next WFC build will have the profiles changed through Windows Firewall API instead of netsh. Regarding the removing of the rules I will try to see different approaches, including PowerShell, especially if Microsoft plans to remove netsh in the future.

No, it doesn't. If you are concerned about your privacy, install Windows 7 SP1 and disable Windows Update. This is what I did. Back to the subject, check the WFC recommended rules as a minimal starting set of rules.

Go to Connections Log and uncheck those two check boxes. The logging will be disabled.

 

Although I'm grateful for the reply, I've obviously already done that, since I mention that it's a fresh install of Windows with no other software to interfere, and also that I created generic rules in combination with the setting that takes those rules into consideration. I even mention I accept the rule EXACTLY as WFC offers it, and yet it keeps offering it.

Same thing for DHCP-6 for some reason.

I guess I'll have to remove all rules and start from scratch... again.

 

hi @alexandrud
thanks
is there another way?
just because i have intalled on a laptop running w7 and i have uninstalled wfc
and i can't install anymore wfc because it needs .NET Framework 4.6 (i haven't on my laptop)
can i download and install 4.9.6.0 for w7?
thanks

 

Have you tried
auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform Connection" /success:disable /failure:disable
?

That should get rid of the majority, as in the page you already posted (picking disabled instead of enabled):
https://technet.microsoft.com/en-us/library/ff428143(v=ws.10).aspx

Admirable that you actually read the eventlog on anything but a server.

 

Are you able to reproduce this behavior on another machine or in a virtual machine ? Please send me your full policy to support@binisoft.org so that I can try with your rules set to see if it happens on my test machines too.

Do you use an insider beta build of Windows 10 ?

You can download version 4.9.6.0 from here: https://www.binisoft.org/download/old/4960/wfc4setup.exe

Or you can disable Windows Firewall logging by executing the following command in an elevated command prompt:
auditpol.exe /set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /failure:disable /success:disable

 

@alexandrud
thank you so much