Windows Firewall Control (WFC) by BiniSoft.org

Good idea. Better have millions views in one thread. But then change the title to encompass any version/build in the future, I'd suggest.

I like that one.

 

Strange issue. I used Process Explorer 16.20 for long time with WFC 4. Now, after update to WFC 5 i have this notification during Process Explorer start. (i removed source IP)

 

Thank you for the excellent v5 update! Probably already discussed, but here's a question. I'm reading in the manual about the suggestion to add svchost.exe and System to the Notification exceptions. What's the consensus on these two, is it best for the firewall to block or allow them?

 

I have no Notification exceptions.

 

Can you Allow. I had one notification w Process Explorer w WFC5.

 

Saying not activated, not every re-boot but about every 3 days.
Using cleaners Privary Eraser, and the CC, every time I shut down.
So it is random. Yes I have WFC updates BLOCKED, until I see an update here.

 

Thanks, I meant about allowing them or not to connect (not notify).

 

I just tried with version 16.21 and I do not receive any notification. However, that IP is from Akamai Technologies.

Is it best to allow them partially. To be able to browse the Internet, some svchost.exe and System connections must be allowed. Take a look at the WFC recommended rules for a minimum set of rules for these two processes.
Now, you can't entirely block them because block rules have higher precedence than allow rules in Windows Firewall, and the block rules will override the allow rules. You can allow them entirely and nothing bad would happen. Some users don't like these processes to connect at their will since these connections are encrypted and can contain telemetry data. For this reason, after you have defined some minimal working rules for them, it is easier to just ignore them by adding them in the notifications exceptions list. The connections will be anyway blocked but you shouldn't care anymore unless you notice that something does not work as expected. For example, file sharing.

- The activation status is read by the WFC service at startup from Windows Registry. Maybe your antivirus blocks WFC service from reading the activation data from Windows Registry during the boot time? Try to add an exception for wfcs.exe in your antivirus. Try to set the startup type of WFC service to Automatic (Delayed startup).
- If you restart the tray app does the activation status change ? If you restart WFC service, does the activation status change ?
- How do you solve this ? You just restart the application or do you have to enter again the activation code to be activated again? In the second case, maybe your cleaners remove WFC data from Windows Registry.

Anyway, it has nothing to do with the fact that you have disabled the checking for new updates.

 

If you see this in Connections Log, then on your computer this process tries to make an outbound call. Please ask Mark Russinovich why his tool wants to connect to Internet.

 

VirusTotal check ?

Spoiler: Process Explorer 16.21

 

I have a rule for svchost.exe that is set to allow, but I keep it disabled until I run something that needs it (Windows Store and Windows Update). These are the only things I have seen that fail to work properly with the rule disabled. I put svchost.exe in the do not notify box as well. I just enable the rule when I need it. This is in Windows 10.

 

Updated Process Explorer to 16.21, no notification.

 

Q: I appear to create Rule (via Shell) while WFC is Lock.

upon Unlock. I see Rule.

Is normal behavior... to create Rule (via Shell) while WFC is Lock.
Is Lock just Main Panel lock. Does Lock, also lock down rules.

 

The WFC german translation file is sent to Alexandru (the Developer) and should be ready for download on binisoft.org very soon. Sorry about the delay.

Alpengreis
Maintainer of WFC DE-Translation file

 

Thanks.

 

Seems like a bug. I will fix this in the next release. Thank you for reporting this.

Myself, along WFC I don't use any other malware programs nor anti-malware programs. Last time I used an antivirus was a 7 years ago. This in on my Windows 7 machine. However, on my Windows 10 machine, Windows Defender runs in background.

 

Process Explorer will connect to the internet in two cases:
- If you perform VirusTotal checks (Port 443): Hashes of the files are submitted to virus total
- If you enable the verification of digital certificates (Port 80): Check if the certificates were revoked (CRL/OCSP)

 

I never saw such a notification window:



Is it possible to get such a notification if an external Application adds/deletes/modifies/enables/disables rules or the whole firewall profile (allow/block in/out/both)?

 

https://www.ghacks.net/2017/10/05/windows-firewall-control-5-is-out/

 

Question re: U -@ rules

Um, does this mean I should add all my U -@ to Authorize group.
Sorry, I'm having a head scratch regarding

Um, is this correct

and then I need to add all my U -@ to Group @ ?

Um, I think all my U - & U -@ rules are Enabled No
So, do I need to add all my U -@ rules to Group @ ?

 

Okay, I did 'Reset all settings to the default values' & did 'Restore Windows Firewall default set of rules' & did 'Restore Windows Firewall Control recommended rules'.
And now I have no rules names that start with @.
Why no rules names (now) that start with @? with W10 Home. (see #3509)

I do have rules that start with U -- I have not set Secure rules.


rules that start with U

Why I do have rules that start with U -- I have not set Secure rules.

 

I've searched Help regarding 'duplicate rules'.

Um, are duplicate rules normal? Why? What to do regarding duplicate rules?

 

When I search thru NoVirusThanks EXE Radar Pro

default browser opens with search results as normal, as expected & EXE Block Out without notification.

any idea what's blocked?

 

Normally you should see a connection of the service (ERPx64Svc.exe - NoVirusThanks EXE Radar Pro) while you are launching applications which have a digital signature.
The service of ERP is doing an OCSP request, for example one of these ip's in the list of blocked connections is a connection to ocsp.comodoca.com [178.255.83.1]

 

Hmm. Okay.
https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol.
So, is Block okay? Should WFC offer notification?

Edit: at this time, I cannot reproduce Block.