Windows Firewall Control (WFC) by BiniSoft.org

I have the secure rules activated so is not useful for me and mostly a waste of time.
I'm asking for an optional feature that should be disable by default and it should take few time to implement, so users with secure rules active don't waste their time.
Is stupid to do a manual maintenance of something that can be easily automated.

If you want to keep it "transparent" add the automatically deleted rules to a log

 

That would be delete also standard Win rules (Media Center Extenders rules & Windows Peer to Peer Collaboration Foundation) and this is not desired always.

So IF a such function then only with the possibility to exclude rules.

Greetings

 

That's true but aren't those rules disable by default? Then it could be skipped.
I always delete all the windows firewall rules and start from scratch every time I install WFC and never noticed anything weird

 

Yep ... disabled by default. Could be skipped, that's right.

But what is with portable programs which are maybe still enabled if the portable device is removed?

So or so, IF a such function (personally I find your idea good), then please as option and with the possibility for exluding rules IMHO so we would have a solution for all cases.

 

I'm having trouble with WFC. I reset windows to default rules then installed WFC and disabled everything except some essential core networking and some of the WFC recommended rules. I add individual programs like my browser as I go along.

While configuring rules I discovered on reboot windows auto-enables file sharing on public network, and all associated rules. I have to disable it again every reboot by unchecking it in network and file sharing, or disabling all the associated rules in the WFC rules panel (they are all grouped together as "File and Printer sharing". Windows doesn't create new rules each time, it re-enables the same set, and only for public network.

I couldn't find the cause, so to solve the problem I duplicated the core networking rules I need and saved them as WFC group, then activated secure rules in WFC to automatically disable everything not in WFC or temporary rule groups.

That worked for about two weeks, but since yesterday Windows has been overriding WFC secure rules and re-enabling file and printer sharing for public network every reboot, even though they are in the unauthorised File and Printer Sharing group. They have the U- next to them, but they still get re-enabled.

I ran malwarebytes and spybot etc and found nothing. How can I prevent this from happening? Or at least prevent it overriding WFC secure rules? Do I need to export my rule set and reinstall WFC or is there an easier solution.

 

1. If you remove all Windows Firewall default set of rules and create and use only WFC recommended rules, do you still see new rules in File and Printer Sharing group after a reboot ? Even if they were deleted ?
2. Do you have any security policy enforced through Group Policy Editor ? Usually, if you don't manually check that checkbox from Network and Sharing Center, these rules should stay disabled. If they are deleted, Windows can't recreate them. When you check/uncheck that check box, the operating system just enabled/disables the rules from File and Printer Sharing group. If they do not exist anymore, then the checkbox can't be checked.
3. Did you install recently any new software ? Maybe another software creates these rules ?
4. Secure Rules can intercept only newly created rules. If they exist and they are enabled/disabled then Secure Rules does nothing. Try to remove all those rules from your rules list.

 

@Mannillo

I know this effect, on Windows 7, right?

This means it has nothing to do with WFC itself. Instead check the following things:

- Your Sharing-Options: ensure that the Network-Discovery is OFF for Guest & Public! Check also other settings!
- The HOMEGROUP (not sure if necessary to check but could be) ...

Make also system reboots after changed options!

Good luck!

 

When setting up rules for DNS for C:\windows\system32\svchost.exe and put it on UDP only for port 53..... My browsers would randomly say I had no internet connection from time to time. I did some digging and added another rule for DNS exactly same but put it on TCP. So I ended up with two rules for DNS on port 53. One for UDP and one for TCP.

This has stopped that random problem with browsers for me. Just wanted to share this, in case someone else had the same issue using a minimum rules set.

From the digging I did, sometimes the DNS is a larger size and needs the TCP. (short version)

 

Thanks for the advice, I set secure rules to delete unauthorized rules and that did the trick

 

@Mannillo

But you SHOULD solve that behaviour anyway, something is DEFINITIVE not right with your network settings on your system ... so if you take WFC to solve that, it's just a workaround!

But of course it's your thing, it's just a suggestion ...

Greetings

 

When I try to use Secure Rules, I can set the group for all my rules needed except for one. "Steam" which adds the rules all over once launched with no group for it. I mean it is interfering with rules already in place before turning on Secure Rules. I had all the rules for Steam set and it worked. Then I turn on Secure Rules and it asks to add the other rules before I turn it on. It adds all the Steam rules to the WFC group. Then I launch Steam to play a game and Steam makes all new rules that are disabled. If I leave Secure Rules on, Steam will just keep making rules over and over and over. Is there any way around this?

EDIT: I can set the Secure Rules to auto delete I guess. That stops the new rules.

 

If you modify those Steam rules (set a group name, etc), Steam will recreate them again, over and over. Actually, Steam is the one that made me implement Secure Rules functionality. This aggressive behavior of Steam is just foolish because if you use another firewall, they can't create their own firewall rules on every firewall on the market. But they take advantage of the Windows Firewall design and do bad things. Steam sucks anyway.

 

i want to give my feedback To WFC

i use a software firewall to have some control over apps that phone home. control over what is SEND from my PC.
that is more important for me then protection against attacks from the outside to be honest.

my router has a firewall, i use malware protection and i scan my system every day.
but a sophisticated hacker attack is the least i fear.

so WFC looks like the perfect tool for me.

but i have some issues.

first i think you need better documentation.
i am a long time firewall user (atguard, outpost, comodo) but even i don´t understand how some stuff are setup in your app.

for example. it´s not intuitive how to allow an app access to some internet IP adresses, block others IP´s and allow all local connections.
can i do that in one rule or do i have to create multiple rules to do that?

lets say i want to block the sending of telemetry data of an app but allow the connection to an IP that provides GPS service, and i want to allow all local connections in my own network.

in comodo all the rules would appear under the name of the application.

i guess with the windows firewall and your frontend i have different entrys for all the rules?
that makes it a bit complicated to have an overview over the rules i have assigned to an application.

it would be better if you nest all the rules assigned to an application under ONE entry in the rules table.

 

With a ramdisk (from softperfect ramdisk), sometimes, there is this kind of link in audit events, for example :

Application \device\00000032\temp\curl_x64.exe

Which I guess is supposed to point to the ramdisk but wfc can't make sense of it.

 

Quick question... I noticed when there was a lot of stuff in the blocked logs it took a while to pull the list. If I have logging disabled/notifications off, does all the stuff still get logged anywhere? Just thinking I might need to dig in windows firewall to delete it every now and then. It would be massive from the stuff I have blocked after 24 hours. I can't seem to find any logs in the windows firewall. I might just be blind, idk lol

 

http://imgur.com/4snMJTp

can someone explain in simple words the above options to me.

i am not completely stupid but i am unable to figure out what these options do exactly.
maybe its just because i am not a native english speaker.

 

Thank you for reporting this. Consider it as fixed. The next WFC version will be able to translate paths locate on RAM disks.

No. The entries are retrieved from Security event log of your computer. If the logging is stopped, then nothing is logged.

Have your tried the user manual ? Press F1 in any WFC window and read the following topic from the user manual: User interface > Main Panel > Notifications

 

Thank you for the answer.

 

i actually looked under the wrong "notification" point in the manual....

 

Thank you.

 

@alexandrud

 

I already expressed my opinion about this. I am not a fan of deleting invalid rules automatically. A rule can be just temporarily invalid until a drive gets remounted. They don't do any harm, they don't apply. From time to time you can remove them manually.

 

Windows Firewall Control v.4.9.9.0

Change log:
- New: WFC installer accepts now switches for silent install/update. Check the user manual to see how this can be used.
- Fixed: Connections Log can't resolve the paths for executable files located on RAM disks.
- Updated: The user manual was updated with new topics.

Download location: https://binisoft.org/download/wfc4setup.exe
SHA1: 9b49e8079dd808ae150a3ac1f0e6ae62b5985929
SHA256: 9ab4963fddc6849126081c3d2e040fed77043c086310bc616ca88c11012b3712
VirusTotal: https://www.virustotal.com/en/file/...fed77043c086310bc616ca88c11012b3712/analysis/

For Windows Vista and Windows Server 2008 users, the latest version that is supported on these operating systems can be downloaded from here: https://www.binisoft.org/download/old/4960/wfc4setup.exe

Best regards,
Alexandru

 

Updated and running smooth

 

Zemana Antimalware flagged the installer as malware, I use the Pandora Cloud - Sandbox...I've notified them of the false positive.