Windows Firewall Control (WFC) by BiniSoft.org

Go to Connections Log and clear the log (optional), then use Cortana to search something and then check again in Connections Log the recently allowed connections. I guess it would be probably svchost.exe.

You don't have to be a firewall rules expert Allow just a few programs that you trust and are really needed (web browser, messenger, etc) and do not allow useless network connections. For example, those inbound blocked connections, leave them blocked if everything works fine. If you try to connect from a remote location to your own computer, and it doesn't work, then you should check the inbound blocked connections to see what was blocked. Otherwise, inbound connections should be all blocked.

Check in the user manual the following topic User interface > Main Panel > Rules > Windows Firewall Control recommended rules for a minimal set of rules to be used with Windows Firewall. Note that there is no inbound rule in that set and all inbound connections are blocked by default. However, if you want to share some folders in your local network, then some inbound rules would be required to be able to access those shared folders. If it is not the case, then all inbound rules can be removed.

 

Thank you, Sir. That does help a lot!

 

yes thanks, found out, by using Process Hacker (i'm quite slow today, should have been using it from the start ^^) , it is :

C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe

Since i manually create rules manually on Windows FW (because i blocked all in/out connections), this one need outgoing connections for cortana to work.

 

Kaspersky users take note

Kaspersky appears to have decided that the service component of WFC is hostile, so until the big K gets its house in order, make sure that all of WFC is excluded from its talons.

Having realised what had happened, I attempted to re-install ("upgrade") WFC but that wouldn't work because the WFC service had been shut down by Kaspersky. By the time I had added an exclusion, the WFC service had already been deleted and uninstalling or even re-installing WFC became tricky as, clearly, a position had been created that the WFC setup program didn't understand – “where has my service gone?”. I recreated the service manually and all was well.

Be warned.

 

Important announcement

After virus definition update from 11.05.2017, Kaspersky detects WFC service as malware and removes it. This is again a false positive. WFC 4.9.7.0 was released on 22.04.2017 and since then, Kaspersky considered WFC clean, until today. With each false positive, out of nowhere, every month, I have to send emails to various antivirus vendors explaining the situation and endless responses to support emails that I receive with the subject "virus in your software".

Please, when you encounter a false positive, report it to your antivirus vendor and help me out with this. With more reports about a false positive, they will fix it sooner. As usual, WFC is clean and safe, as it was in the past 7 years.

Even if WFC is quarantined, blocked, etc., your firewall rules and WFC settings are safe. Let's hope this false positive gets removed soon.

If you will have problems with the re-installation of WFC, follow the next steps to manually remove WFC:

a) Close the process wfc.exe by exiting the WFC tray icon or by using Task Manager.
b) Run a CMD window with Administrator privileges.
c) Execute the following commands:
sc.exe stop _wfcs
sc.exe delete _wfcs
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Firewall Control" /f
d) Delete manually the installation folder.

Now your system should be clean of any WFC installation (note that your firewall rules and settings are still there). You can now start again a clean installation. Make sure that you use the latest version.

Thank you for your support.

 

Just goes to show how poor AV software in general is at detecting safe software. I never have any such trouble with Voodooshield.

 

Judging by your signature, your another Sig-less solution user.
Sig-based AV's are over rated now days, and more and more are seeing this
finally. We won't among the last to the party

 

Question, what are these blocked connections coming from WFC? http://i.imgur.com/3oOmclf.png

I see them everyday, I get no popups about them on Medium profile, and any sort of setting in WFC related to outgoing connections such as "check for updates" are unchecked, so what is it doing?

 

Please read my answer from here.

 

Windows Firewall Control v.4.9.8.0

Change log:
- New: The installer was updated and does not use anymore a second installer file which is extracted in the TEMP folder. The UAC prompt is now displayed for the same file, not for the extracted file from the TEMP folder.
- Updated: The profile changing is now made through Windows Firewall API instead of netsh command.
- Fixed: The user manual file is not deleted at uninstallation if WFC is installed into a folder different than the default proposed one.
- Updated: The troubleshooting section of the user manual was updated.

Download location: https://binisoft.org/download/wfc4setup.exe
SHA1: 7b03adb3e5c318e702ea31e5bbcf0b141555421a
SHA256: a55e4edf712d50277bff208f2bc40980417f95b621deb8d4a616dd0a4deba8a8
VirusTotal: https://virustotal.com/en/file/a55e...980417f95b621deb8d4a616dd0a4deba8a8/analysis/

For Windows Vista and Windows Server 2008 users, the latest version that is supported on these operating systems can be downloaded from here: https://www.binisoft.org/download/old/4960/wfc4setup.exe

Best regards,
Alexandru

P.S.: I checked wfc4setup.exe, wfc.exe and wfcs.exe on VirusTotal and all are clean. No false positives at this time.

 

Cool! My first update since 'donating'.

Thanks for that link. I had to delete a rule because I dangerously assumed I should allow WFC access but was confused why it didn't allow itself.

 

Downloaded twice and always get the same SHA1 which is different from what you posted. MD5 matches to what is posted on the website.

7b03adb3e5c318e702ea31e5bbcf0b141555421a ?SHA1*wfc4setup4_9_8_0.exe
45f258dae3f8a91841b10fa0c865474e *wfc4setup4_9_8_0.exe

 

Me too.

 

Yeah, me too and SHA256 is also not correct ...

 

Awaiting here for correct checksums

 

Thank you. It was the copy/paste, I forgot to update them. The checksums were from version 4.9.7.0.

 

we all have those days brother, no worries.

 

hi
just a question
i have run cmd as admistrator and the command line auditpol.exe /set /category:"Object Access" /subcategory:"Filtering Platform Connection" /success:disable /failure:disable
but under windows event log ->"application and service" -> windows firewall with advaced security " it still logs here why?

even without wfc 4 or other firewalls installed or with eset smart securty installed
http://i.imgur.com/a1xpvdk.png

 

Any plans to add mass edit of a field for any number of selected rules?

 

What you have disabled with that command is the write in this category:



You can disable the logging in that category from context menu:

No, but which is your use case when you need this ?

What you can do is to select multiple rules (or all), export a partial policy file (XML format) then you can modify/replace anything you want. Then just reimport your rules with all the changes that you want.

 

+1

 

I am having a strange issue, the first time was the day of the 4.9.8.0 update that evening a few hours after the update
I thought it was a glitch so I didn't get concerned, but today I restarted my machine and got this alert again,

It only happens after a system restart, are you implementing small fixes or is this thing bugged ?
It has done this after 2 restarts now ?

 

When do you see that ? This dialog is displayed if the installer wfc4setup.exe is executed again. How does the wfc4setup.exe executes on your computer after a Windows restart ? Even the automatic check for updates just informs you if you want to download and execute the new installer, it doesn't do this automatically. I don't see how this process is executed on your machine over and over. Did you add it by mistake in your auto start list?

 

Q: When do you see that ?
A: It only happens after a system restart, (I answered this above)
I will check my startup, but I am pretty sure WFC was added to startup by itself.
I get custom notifications whenever anything is added to startup from Kerish Dr.
I may clear it and see if that helps, Thanks Alexandrud

 

How can you be pretty sure that WFC installer was added to startup by itself ? I confirm that WFC has no reason to add the installer in the startup list of Windows. Also, there are no other reports of such behavior.
1. Please execute msconfig and check the startup items. Do you see there any record of wfc4setup.exe ?
2. When your computer starts, if WFC installer window is displayed again, open Task Manager and find the path from where it is executed. Select the process and from the right click context menu, choose Open file location. Where is it located ?