Windows Firewall Control (WFC) by BiniSoft.org

When you enable/disable certain features from Windows, the operating system enable/disables some firewall rules. If these rules do not exist, they are created. To avoid the creation of unwanted rules (even if they are legit, the operating system created them, not a 3rd party software) use Secure Rules feature from WFC.

 

I recently upgraded from Windows 7 to Windows 10 (clean install) and I am currently trying to clean up my WFC rules to a tidier configuration that would still allow me to surf the internet, use Outlook, print documents and share folders in the local subnet.

I have a desktop PC using an ethernet connection that is configured to use the Private profile. After playing around with the WFC rules and the Firewall configuration for a while I noticed that i must configure the default outbound connections in the PUBLIC profile to "Allow" to get my normal internet connection to work.

I find that a bit strange and I wonder if there is a logical explanation to this...

So, I have only one physical network connection in use (ethernet, via PRIVATE network profile). If I use Group Policy to change the Windows Firewall with Advanced Security default behavior in the PUBLIC profile to "Block" and boot the workstation, I will have no more a network connection. The network connection in the Control Panel will show up as "Identifying..." for a long while, ending up to eventually showing "Unidentified Network / Public Network".

If I change the network profile back to "Private", it will change back to "Public" in the next reboot. (The workstation is not connected to a domain, so I want to use the Private profile).

Only if I change the PUBLIC profile default outgoing behavior to "Allow", my ethernet connection will stay at "Network 2 / Private", and the internet connection is working as expected.

Is there a reason for this behavior? I was thinking to change the default outgoing behavior in both Domain and Public profiles to "Block" since I saw no reason to leave them "Allowed"...

- -

PS. If somebody happens to have a small and tidy working WFC configuration that enables using printer, web browser, mail client and folder sharing in the LAN, I would be interested in seeing what kind of configuration you have ended up to...

 

To mike83
Public network. By default, any network on the first connection falls into the category of public. For such a network it is meant that it is open to other computers and does not protect the local computer from others in any way.
Private network. Connection to a network that is inaccessible to others can be noted by the administrator as private. This, for example, can be a connection to a home or office network isolated from public networks using a hardware firewall or a device that performs network address translation (NAT). The network never falls into the category of private automatically. This setting is made only by the administrator. Windows remembers such a network, and the next time it connects, it will remain in the private category.
I always make rules that work "for all profiles".

 

@alexandrud
Love the FW but popups created by "dashost.exe" is driving me crazy. Here is the scenario and I hope you can shed light:

Windows 10 (version 1709) build 16299.192 (fully patched at time of writing).

1. My Ethernet and/or WIFI is set to PRIVATE.
2. I use Medium Filtering in WFC.
3. Recently installed Hyper-V service and by default the OS sets the Virtual Switch and vNIC to PUBLIC and there is no way to change this (without a reg hack which I don't want to do).
4. This causes the WFC software to report the connected location as VPN. It was previously PRIVATE. If I disable the vNIC, the location goes back to PRIVATE and the constant pop-ups stop.
5. I have attached screenshots to show you the settings. You can see the FW rule has dashost.exe Allow on both Private and Public and yet it keeps creating popups.

Is it possible address this issue?

https://drive.google.com/open?id=1BWrzw2nkGp6IBQsqDqKXmGIGkkmC4j5f
https://drive.google.com/open?id=13CqpBLJ9RwY6ZhvCjRP6Ys3EObduORo6
https://drive.google.com/open?id=1ro3q5LaWWB5y4NUIEGk6Adlb_4aURTqc
https://drive.google.com/open?id=1mm7tWxCfP1ceEljpngodGy7Lv010htCF

 

Try after creating the rules for dashost.exe adding dashost.exe to Notifications exceptions.

 

What you configure from Windows Firewall Control Panel applet is different than what you configure from group policy editor. In Control Panel, does you Private connection appear as connected ?



I would not recommend to change Windows Firewall settings through group policy editor since these settings may behave differently than expected. Also, firewall rules that are defined through GPE are not available in WFC because Windows Firewall API doesn't expose these firewall rules and WFC can't retrieve them. But, if you are connected to the Private location and you have outbound filtering enabled in Windows Firewall (Medium Filtering profile in WFC) then outbound connections without allow rules are anyway blocked, so what you want to configure is not required.

For a small set of rules, check WFC recommended rules.

Does it help if you set the rule Location to All instead of just Private and Public ? Do you have this problem only with dashost.exe ?

 

Don't go to bingsoft.org without sunglasses guys.

 

Windows Firewall Control v.5.0.2.0

Change log:
- Fixed: After the fix that made it possible to deselect the last selected entry, double click doesn't work anymore as expected in Rules Panel and Connections Log.
- Fixed: Properties dialog of the program is displayed under notification dialog instead of on top of it.
- Fixed: When creating a new rule in WFC, if the 'Name' or 'Description' contain special characters, they are removed even if the same values are valid when creating the same rule from WFwAS.
- Fixed: Sorting by 'Action' column does not work in Rules Panel and Connections Log.

Also important, I changed the website to be faster and more secure. The database was upgraded and all passwords were reset to the default password. If you know it, use it, if not, use the password recovery page. Thank you for your understanding.

Download location: https://binisoft.org/download/wfc5setup.exe
SHA1: 60e5459849ec66b191cd38df29f4929a18aa8e2a
SHA256: da92ab08a4b1d7eb876feb5ac53d8a4c57f020027c1d38dbb86e24ef5e730589

Best regards,
Alexandru

 

What do you mean? Is there too much brightness or something?

 

Updated via internal updater. Thank you very much, @alexandrud

 

This firewall is poor for folks who have little experience with firewalls. Easiest example is, on medium filtering, it will not connect out. Problem is, it shows no rule showing what was blocked and it is not as easy as looking for something with IE in the name. There should be a rule that states what was blocked so you can unblock if need be. I can figure it out but, not simplistic by any stretch. Sad. I must say I have never seen anything like that. I have always, as far back as I can remember, been shown what was blocked when first using a firewall. Glad they make some money but, I hope folks really test this out to make sure they are comfortable and understand this GUI. I hope this helps anyone on the fence and best of luck. I am glad I got to check it out. Thanks Binisoft for the free trial !!

 

Alerts, which application tried to access the Internet, are not shown ONLY in the free version. After Donation everything will show.

 

Except on my machines. Every version (including this latest one) I've tried since v5.x was released (maybe earlier) for some reason stops showing notifications. I have sent logs but they never show any problems so in the end I'll leave WFC for others.

 

Alerts are displayed only for outbound connections and only in the medium filtering mode.

 

I am well aware of that.

I have reported this bug multiple times to the developer and have sent logs multiple times which didn't show anything.

On my machines the notifications cannot be relied upon.

 

And are these options in WFwAS is ON?
- Notify, when Windows Firewall blocks a new application (Private Network)
- Notify, when Windows Firewall blocks a new application (Public Network)

 

@aldist ,

I'm no fool. All setting were correct, OK? This bug apparently only affects my machines but it has affected all three.

I've given up trying to resolve this bug and I wish you would too.

 

Good call Aldist and thanks.

I'm curious however ... if you look at my screenshots that shows the rules for dashost which is ALLOW on both Private and Public on any port, why would the notifications still go berserk ?

 

Together with Notifications exceptions, try these options

 

Thank you aldist. However, these should show when trialing the software. I think this hurts them. I am sure they do okay in donations but, could do better if the software could be tested in any mode offered. Their call. Not mine. Thank you again!

 

I guess there is a misunderstanding regarding the purpose of Windows Firewall Control.
- WFC it is not a firewall by itself. This means it does not do any packet filtering and it is not aware of any active connection or any running process.
- When you enable Medium Filtering in WFC you just enable outbound filtering in Windows Firewall. This means you have to create an allow rule for each program that you would like to allow to connect. You can do this manually if you know the processes that are trying to connect. Additionally, you can consult the Connections Log to see what was recently blocked so that you can make an idea which rules are required. This process can be simplified even more by enabling the notifications system which will inform the user when a program was blocked.

With one thing I agree with you. Non experienced users will require some time to get used with how Windows Firewall works. One thing is sure, configuring Windows Firewall without the help of WFC is not easier. Indeed, the main strength of WFC are the notifications for outbound blocked connections (something that Windows Firewall is missing totally), but WFC has also other features which can be used for free.

 

Thank you

 

@alexandrud

Yeah, you were right! As soon as I configured WFwAS default outgoing access as "Not Configured" for PUBLIC profile in GPO, the problem went away.

Apparently one should not block default outgoing connections in PUBLIC network profiles with GPO, or you'll be in trouble. No problem with configuring PRIVATE or DOMAIN, but as soon as you block the default outgoing access in PUBLIC profile with GPO, things start going pretty weird...

 

Does WFC show popup notification for rule that I changed from Allow to Block. I thought there was a notification even for program rule at Block. I thought WFC showed notification for all blocked outbound connections. 5.0.2.0

 

Scroll down in the options on the Notifications tab of the WFC window. There are some options there that will help with your issue at the bottom.