Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    We are not talking about WF here, we are talking about WFC.

    WFC can prevent a program, even with administrative rights to create rules, so this is not the issue.
    The issue is , from a 1000 requests to allow/deny from svchost.exe , how do I determine which to allow and which do block in order to have a fully functional OS but at the same time not to compromise security.

    Why is so complicate to understando_O?
     
  2. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    -Why is it so complicated, to understand that "Windows Firewall Control" is only a custom interface/gui to easily control/create/delete/modify rules of the "Windows Firewall"?

    -You do not search the 1000s requests. You create specific svchost.exe rules for the specific services that you want to allow and you ignore everything else.
     
  3. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    Your statement defies logic.

    If I do not search each and every 1000s requests , how would I know if a request is not generated by an application I want to allow, maybe after an update something changed and the old "allow" is not valid or enough anymoreo_O

    The internet is extremely dynamic these days, you cannot carve in stone 20 rules and ignore everything else for life.
     
    Last edited: Feb 22, 2020
  4. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    If you cannot identify the service(s) that you want to allow, then Windows Firewall and in extention windows firewall control is not for you.

    Anyway, I'll make an example with windows update. Steps to take
    1. Open the connections log, select recently blocked and press clear log.
    2. Initiate windows update (it is blocked by the firewall)
    3. On the connections log press refresh. Identify svchost.exe and its process ID. On this example PID is 656
    4. Open windows task manager go to processes -> enable "show processes from all users" -> and find the svchost.exe with PID 656. Right click with your mouse and select "go to services
    1.PNG
    5. Identify the service name that you want to allow... and finally
    2.PNG
    6. Create an appropriate svchost.exe rule for that service (in this example Windows update)

    Panagiotis

    ps. if a program changes the way it connects with each update you should consider removing it. Personally I have never seen a program changing its service name after an update.
     
    Last edited: Feb 22, 2020
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    @popescu

    the list of IP addresses w/CIDR blocks I posted in #5362 of this thread worked for me for months. Depending on the region the user is in, they could be different.

    As I mentioned earlier, I've honestly been trying to help, but you are too stubborn to see the forest through the trees. You really have to understand the Windows firewall is packet filtering with program control, and WFC is simply an interface to it.
     
  6. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    "worked for you" means the updates were in the interval specified, but this doesn't guarantee that the interval is not wider than necessary, allowing some other application to slip through.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    The Network portion of the CIDR block belongs to Microsoft. Besides, why would an application "slip through" if you did due diligence and restricted it to some other IP range and port(s)? As @pandlouk mentioned, you should perhaps avoid an application that creates its own rules when run as administrator.

    BTW, and fwiw, I dropped Windows Firewall under Windows 10, opting for a third party program instead. Windows FW does not support the use of wildcards for program paths.
     
  8. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    And which one this would be?

    Firefox creates its own inbound rules, should I abandon it ?
     
    Last edited: Feb 22, 2020
  9. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    You have Windows 7. In Windows 10, 8.1 this does not work.
     
  10. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    230
    Is it possible to change the WFC tray icon on the taskbar?
     
  11. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    I have multiple pcs win 7, 10, linux.
    What exactly does not work in windows firewall in 10 and svchost.exe/service?
    (... I never allow any svchost connections on any of my systems 7 or 10, except when performing updates, since I do not trust them that they'll allow only the desired traffic).
     
  12. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    I think it does not work in Windows 8.1, because I tried to do that years ago and it didn't worked. I checked on Microsoft forums and such and the conclusion was that this was broken in Windows 8.1.
    I didn't tried this in Windows 10 though, so maybe it does work in Windows 10.
     
  13. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Apparently it's broken in Window 10 too. It's one of the reasons I went to a 3rd-party fw when I ran Win10, although the main reason is it doesn't support wildcards in program path names.
     
  14. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    On windows 10 if you want to apply a rule (inbound) to a service, the service must have a SID (security identifier) of RESTRICTED or UNRESTRICTED. If it's SID is NONE windows firewall won't apply the rule to that service.
    https://docs.microsoft.com/en-us/wi...all/create-an-inbound-program-or-service-rule
    I suspect that the same is true for services outbound rules (even though is not documented by MS) and that is what causes the problem.
    https://docs.microsoft.com/en-us/wi...ll/create-an-outbound-program-or-service-rule
    You create a rule for a service with SID NONE = windows firewall ignores the rule. For such services you must set their SID to RESTRICTED or UNRESTRICTED by running the command:
    Code:
    sc sidtype <Type> <ServiceName>
    and then create the rule.

    The problem is that every 6 months (after every upgrade) you'll have to do it again, and again and again and.... (= the insanity of windows 10)

    @alexandrud maybe you can add a SID check command
    Code:
    sc qsidtype <ServiceName>
    when creating rules for services to verify if their SID is not NONE before applying a rule

    Panagiotis
     
    Last edited: Feb 22, 2020
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    What do you mean? Can you post a screenshot?
    I could. On my Windows 10 Enterprise machine service based rules for svchost.exe work by default. I will do some testing.
     
  16. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    230
    wfc.png
     
  17. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    It's good. We have the right to know the truth in this dark forest.
    The color of the tray icon changes when the operating mode changes. For global change icons: wfc.exe and Resource Tuner 2 or Resource Hacker.
     
    Last edited: Feb 23, 2020
  18. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    Same on Win 10 pro. The OS services that I tested have either restricted or unrestricted sids.
    But services from other companies like google,adobe,avast, etc. have their sid set as none.
     
  19. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Interesting info, thanks!
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Do you want to change the icon with what? With a custom icon defined by you?
     
  21. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    230
    No, I just want the icon for the high filtering profile to show in the medium filtering as well. That is, the original black WFC icon of the program in the medium filter profile.
     
  22. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    You're welcome. If you have time you can read also
    https://docs.microsoft.com/en-us/wi...ndows-firewall/isolating-apps-on-your-network
    https://docs.microsoft.com/en-us/wi...ewall/windows-firewall-with-advanced-security
    https://docs.microsoft.com/en-us/wi...-firewall-with-advanced-security-design-guide
    https://docs.microsoft.com/en-us/wi...rewall-with-advanced-security-design-examples
    They are meant for IT personel and advanced users but can be helpfull for those that want to protect their network as much as possible...
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Will not happen. It is too easy to implement. Now, really, this is the thing that bothers you about WFC? :argh:
     
  24. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    230
    :thumb:
     
  25. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    Tried TinyWall with default configuration ( the set of rules which are automatically enabled when you install for first time TW)

    Sure enough, Adobe X will update , even though there is no rule to allow this.
    At this point I can say , with high level of confidence, that Windows Firewall cannot be used to filter OUTBOUND connections in a consistent manner;

    In fact, Windows Firewall was never designed to do that, and using it in this manner will either create holes in outbound traffic or will impair functionality of Windows.
     
    Last edited: Feb 25, 2020
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.