Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Hi, noob question here.

    Does Host Process for Windows Tasks (Taskhostw.exe) C:\Windows\System32\Taskhostw.exe require outbound internet connection? Should I allow or block it?

    Thanks.
     
  2. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    I have the file name you are asking about blocked and have not had any issues what so ever with my PC.
     
  3. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    It needs loopback (localhost thing in and out).
    Doesn't seem to need to go out. I've seen windows filtering platform (base filtering engine) block all outbounds. I don't have windows firewall enabled, so it's really at the base level. Don't ask me why.
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Is there a problem with the WFC Update server? I just tried to check for updates and get this pop up.

    WFC Update Check Fail.PNG

    I have WFC Updater rule the comes with the Recommended Rules allowed and I successfully checked the other day. There is no blocked connections for the Updater either.

    I know I am using the latest version 4.9.9.2 but I should still be able to check for updates.
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Never mind. After a restart and changing my wireless adapter I can now check for updates.
     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    I can't accept this suggestion as a good one since many users expect to find a "Learning mode" in the program. But as you already find out after reading the description under the checkbox :) this is really a learning mode that will not just allow everything.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    I just installed the latest versions of Opera and Sandboxie on a Windows 10 x64 machine. I executed Opera sandboxed and I was notified about a blocked connection for: C:\Program Files\Opera\47.0.2631.71\opera.exe
    I have created an outbound allow rule and the browser could connect. I deleted the rule, then it was blocked again. At this point I created a new rule by clicking on program's window. Opera started to connect again. It works correctly on my side.

    Please give more details about this. What other security products do you use ? Do you use any window enhancement software that adds extra buttons to existing Windows controls ?
     
  9. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Greetings! I want to say thanks for a wonderful program. I've tried it all day and it seems flawless. I bought donated to get the donors edition and I really like the notification feature. Kind of wish it wasn't a donors feature though.

    Are there any known issues with Simple DNSCrypt, I wonder? It's working fine for me but I figured I could ask anyway.
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    That feature pays for the website hosting, software licenses and continuous development.
    There are no reports about any issue with this one.
     
  11. ferenczy

    ferenczy Registered Member

    Joined:
    Feb 21, 2014
    Posts:
    13
    Location:
    Czech republic
    Hello guys. Hopefully there will be someone able to help me with the following issue which lasts for very long time (and many WFC versions back):

    I have outbound connections forbidden by default unless there's an allowing rule. From time to time it happens that I get a notification about a blocked outbound connection of application which actually has an explicit allowing rule and which has been working fine before. If I add a new rule to allow the connection (from the WFC's blocked connection notification), the same rule is created again, but it's still blocked and next time I'll get the notification again. Therefore I have many duplicate rules created:

    https://image.ibb.co/dOUTu5/wfc_issue.png

    I have to allow all outbound connections or reboot my system. Since it would take long to interrupt my work and reboot (I usually reboot only once in a few weeks at most), I have to allow all outbound connections until I reboot, which is bad.

    Also, it's happening for some applications only, many others can make an outbound connection without any issue. It's most likely an issue of Windows Firewall I guess, but maybe someone else had the same issue here.

    I did some investigation by analyzing the XML created by Windows Firewall Platform capture ("netsh wfp capture start/stop"), which is a terrible job BTW, and it was looking like when the issue was happening, the firewall didn't find any explicit allowing rule for those blocked connections so they have fallen into the default rule which is "Block all outbound connections unless explicitly allowed". Hopefully I didn't do any mistake in my investigation.

    To summarize it, for some example application app.exe it's happening the following:
    1. app.exe has an explicit rule to allow outbound connections and everything is working fine, it can establish an outbound connection (so firewall is matching that rule)
    2. something happens and the firewall starts to ignore the allowing rule for app.exe, instead matching the default rule, which is blocking that connection. Many other allowing rules are still working, only some of them are ignored
    I have Windows 7 Ultimate 64-bit, WFC on the latest version currently (4.9.9.2).

    Thank you.
     
    Last edited: Aug 31, 2017
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    Press F1 in any WFC window to open the user manual and read the following topic:
    Troubleshooting > I receive duplicate notifications
    It is related to the behavior that you encounter. If you still can't find the culprit after reading this, please let me know.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I don't think it's caused by other software. It can only be caused by Sandboxie, so I guess I will have to upgrade both SBIE and WFC. I've tested it a bit more, I get this problem with Opera and Free Download Manager, but it doesn't happen with Pale Moon, so it's weird. Keep in mind that all of these apps are installed inside the sandbox. What I forget to mention is that the rules are made, but they show up in red, what could this mean?

    https://www.palemoon.org/
    https://www.freedownloadmanager.org/
     
  14. Kob

    Kob Registered Member

    Joined:
    Dec 13, 2011
    Posts:
    39
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    Rules displayed by red color are rules that are invalid. An invalid rule is considered a rule for a specific executable file which is not found in the specified path of the rule.
    Thank you. It was a good reading.
     
  16. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    I installed and registered WFC today. I do like what I have seen so far. Well done!:)
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Then it's certainly weird, because obviously the executable does exist, and it only happens with certain apps. Perhaps Sandboxie is somehow blocking inter-process communication.
     
  18. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    205
    Many thanks for the exceptionally well-written and effective WFC! I have some custom rules that are not being detected as duplicates, only differences are some upper/lower case discrepancies in the file path - could this be it?

    In the 'Show duplicate rules' list it'd be cool if you could auto-select all duplicates and leave only one de-selected. Don't know why the Windows Firewall allows many duplicate rules itself (I admit to not having studied this thread much).

    Duplicates.jpg
     
    Last edited: Sep 4, 2017
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    Thank you for reporting this. Indeed, the behavior is like this because of those different upper/lower characters. I will fix this in the next WFC release.
     
  20. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    When WFC pops up, there are three options to choose from:
    - Allow this program
    - Block this program
    - Block for now and ask me later

    What about adding a fourth option:
    - Allow for now and ask me later
     
  21. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    205
    You have these options, check to the right of the pop-up window. You will see some extra options that come up with left and right-mouse clicks. It's quite cool. Perhaps they should be a little more apparent, I assume most new users won't find them immediately (I had to look up the excellent manual).
     
  22. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Thank you. I re-read the manual and found out how to manually block programs. Nevertheless, I do think this option should be easier to find, so adding a fourth one-click option would be nice.
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,413
    Location:
    Romania
    The notifications are displayed for blocked connections, not for paused connections. It is not possible to resume a connection at Windows Firewall Control level because it doesn't do any packet filtering. This is why there is no "Allow for now and ask me later" button. You can instead create temporary rules that will be automatically removed by WFC when they expire.
     
  24. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    OK, no problem. :)
     
  25. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    205
    I am seeing this as well, although it's more subtle. Wfcs.exe, 2% CPU about every 5 seconds on idle, Intel Q9650, even right after startup. No connection-hungry programs in the background. Guess it must be negligible on newer/faster CPU's.

    It goes away only when disabling notifications. I hope you can further optimize this, although I understand it might not be possible due to the way WFC needs to communicate with Windows.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.