Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    The point has been made and the developer has responded several times to the question.

    There is no reason to continue to post the same point over and over.
     
  2. MShekow

    MShekow Registered Member

    Joined:
    Mar 1, 2020
    Posts:
    4
    Location:
    Germany
    This would be so helpful! The solution of @aldist is not applicable if the port in question is 443, it would tear the system wide open. For now I'm using notifications, and I keep having to tweak the rules. In particular, if svchost.exe makes a request, I have to carefully tune the block-rules to avoid that other svchost-related allow-rules stop working (because block-rules overrule allow-rules).

    On that note, I find it quite funny (and frustrating) that information about all those background Windows processes is so scarce. No official information is available on processes like sihclient.exe, runtimebroker.exe, sihost.exe and many others...
     
  3. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    In order to protect Windows OS, is understandable not to provide info about vital services. In a normal setup (with Windows Firewall in default configuration) all outbound connections are allowed, hence no need for additional info about the services you mentioned above.
     
  4. yoweho8574

    yoweho8574 Registered Member

    Joined:
    Mar 11, 2020
    Posts:
    19
    Location:
    UK
    Hello i have been using wfc for years and i have finally made an account here to discuss about my issues with it. I'm using it on 3 diferent computers and have noticed the same issues on all of them.
    - Secure profile tend to disable itself after some weeks
    - When updating MS store apps new rules are added (i have Unchecked Allow Windows store rules) and traffic go outside (i can see outside traffic in Glasswire) before that the rules are disabled automatically
    -When rules are added by other softwares it can take a while before that the rules are automatically disabled (i have Secure Rules feature ON with Disable unauthorized rules)
    -Sometimes the logs stop and i have to uncheck and check "log connections" checkboxes in the log window to get it working again

    do u guys have workarround? i'm using one version behind (6.0.2.0) i will update yea but i see nothing that worth updating for me in the changelog.

    thanks
     
  5. Plutox

    Plutox Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    22
    A basic question - and I hope that the answer is me being a bit thick :thumb:

    Despite the presence of this rule to permit this particular traffic –

    Firewall Rule.jpg

    Why do I get these...

    Firewall Log.jpg

    block notifications in my log? What am I doing wrong?

    Thanks.
     
  6. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @Plutox

    1) In your rule your local IP should be your remote IP and vice versa.

    2) Nevertheless: it's possible that you will receive further log entries for this Kernel & System "thing". Based on my experiences, this can be also a timing thing - so (for example) right after a wake up from suspend "the network is perhaps not yet ready" (or something like that) and this Kernel & System "thing" will be blocked YET.

    However: maybe on your system, the correcture in your rule is enough ... check it out.
     
  7. Wokok

    Wokok Registered Member

    Joined:
    May 30, 2018
    Posts:
    11
    Location:
    France
    Hello,

    I have an issue with a rule. I want to authorize a software. It is a card game in the universe of the Lord of the Rings, shown in the screenshot below:

    https://i.imgur.com/kGTkykZ.png

    However, it seems that the software cannot connect to Internet, despite the rule. I suspect the issue is due to the space in the file name. It is still blocked as shown below:

    https://i.imgur.com/SsOklZb.png
     
  8. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    If the directory where your software resides changes each and every time (see the end of the path 0k3ss....sv2) you will not be able to create a rule in WFC.

    That's why the original Windows Firewall was set to allow any outbound connection.
     
  9. Wokok

    Wokok Registered Member

    Joined:
    May 30, 2018
    Posts:
    11
    Location:
    France
    Good to know. This would explain why WFC sometimes bugs me about other apps like Microsoft YourPhone or Microsoft Outlook Communications whenever they are updated.

    However, in this particular case, I don't think the directory changes each time the game is run. It is a game on PC Game Pass, and I believe that the weird character chain is the app id on the Microsoft store. I really believe the issue is the space character in the filename. For instance, the other line is for Ori and the Will of the Wisps, with a similarly weird character chain but no space, and the firewall rule works (or at least, it does not prevent the game from starting).

    In contrast, the rule about the Lord of the Rings game does not seem to be applied at all!
     
    Last edited: Mar 11, 2020
  10. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Ths probably is the reason for the program being blocked.

    If @alexandrud is able to come up with an auto-update feature for changing paths, he will be genius for sure. It is nothing short of pathetic that Microsoft has not come up with this feature, or at the very least allow wildcard entries in Path rules.
     
  11. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    Why Microsoft would come with such feature, as long as the intent of Windows Firewall was to allow everything outo_O?
     
  12. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    455
    Location:
    CSA Consulate, Glos., UK
    Few things to try:
    Click the block line in the connection log, i'll pop up an 'allow' rule you can save. you may need to set the ports and destination to 'any, or a range if you know what it uses.
    Or Try using windpws to adda rule instead. see https://youtu.be/LFMPgDGKw3o or try wfc no or low filtering settings while running it, then switch back to a more secure profile. Try deleting the unworking rules and running it after switching to learning mode to force it to 'learn' the connection is allowable.
     
    Last edited by a moderator: Mar 11, 2020
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    Some Windows Registry cleaners like CCleaner will remove the key from registry where WFC is storing this and other settings. This might be one reason why suddenly the setting is not enabled anymore.
    WFC version 5.3.1.0. had a different Secure Rules implementation that was able to block entirely the creation of firewall rules from outside of WFC. It came with some side effects which made me decide to revert Secure Rules to the current implementation. You can read more about those side effects in this thread. Indeed, there is a small (ms) time frame between creation time of the rules and disable/remove time when WFC detects them. To improve this, keep the number of your rules lower, strictly to what you really need. If you check this by refreshing the Rules Panel, there is a refresh delay, which means the rule is disabled/deleted earlier than you see this visually.
    Some Windows updates reset Windows auditing settings to their default values. Since this is not happening very often, WFC does not reapply these settings on each run, but each time when you change the Notifications level or when you manually uncheck/check those check boxes that you mentioned.
    If this a Windows Store application, then open WFwAS (wf.msc) and create an outbound rule for the application package of this game. You leave the Program property set to all, but you define the rule for a specific package name. This might work. However, you must do this from WFwAS since WFC does not provide a way to set the package name for a firewall rule.
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Good grief! that is just its default setting. They allow to block outbound by default and to create specific outbound rules for program paths, so why on earth not allow wildcards to be used or an auto-detect feature of changing paths!? It's not rocket science.
     
  15. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    by default no, you wanted to say "automatically"; when you install Windows, that is the "default" state. Is up to you if you want to manipulate the firewall.
     
    Last edited: Mar 11, 2020
  16. Plutox

    Plutox Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    22
    I've already thought of that – in fact I have two active rules with the source and destination exchanged, just as you suggest. But no dice.

    I've now made an INbound allow rule in which both source & destination addresses are 192.168.2.0/24. Now that really should permit all standard communications on that segment of my LAN (not counting multicast messages or stuff like that) – true?
     
  17. Wokok

    Wokok Registered Member

    Joined:
    May 30, 2018
    Posts:
    11
    Location:
    France
    Thank you for the suggestion! I have followed your advice, and I do not understand why it does not seem to work. It is weird. I don't get what is going on with this game.

    I have even lowered the security of WFC to the minimum in the security tab, to ensure that WFC would not delete the personalized rule because it was set outside of WFC and does not belong to any allowed group of rules.

    I have also tried both to be super specific (TCP protocol, port 443) or super generic (all protocols, all ports).

    Finally, it might be an unrelated issue: I have noticed that WFC sometimes adds a software rule, which seems invalid, for this specific Windows Store game. This rule is added after I click on the allow button of the pop-up window. The file path is weird and the file name is in lower case.

    https://i.imgur.com/QQn40FT.png

    Thanks for the help!

    This works, yet I would like to avoid doing that if possible.

    As for the other suggestions, I have tried them but cannot get the game to connect for some reason. It still appears in the log of blocked connections.
     
    Last edited: Mar 12, 2020
  18. Plutox

    Plutox Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    22
    Yet I still get some block logs relating to internal network traffic as referred to here. Any further thoughts?
     
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    \device\harddiskvolume44 does not look like a local partition that you have. To me, it looks like this game uses a mounted drive to load the files. In this case, you can't define a working firewall rule because Windows Firewall rules do not work for paths from mounted drives. I've seen similar problems with mounted VHD drives. With outbound filtering enabled in Windows Firewall, it won't work. Microsoft should provide a fix for this, WFC can't help here. Anyway, try to ask the game developers how to allow their game in Windows Firewall when outbound filtering is enabled. I would be curious to see their answer.
    How do you try to connect from one device to another, by device name or by IP address ? I remember that when I tried to connect from Windows 8.1 (my tablet) to my laptop with Windows 10 I could not do this until I have enabled SMBv1 on my Windows 10 machine. Maybe it is related.
     
  20. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Yes with your CIDR 192.168.2.0/24 means the IP range 192.168.2.0 - 192.168.2.255.

    Question: you have no other block rules that is related? Because block rules have priority over allow rules. Else, I know problems with Kernel & System rules toos (outbound), if the network is not yet ready or so ... unfortunately, I have not enough knowledge about this process, so I can't help you further at this point ...
     
  21. Wokok

    Wokok Registered Member

    Joined:
    May 30, 2018
    Posts:
    11
    Location:
    France
    Thank you for your attention. I will try to get an answer from them, but I am not sure whether I will manage to.
     
  22. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @Wokok

    Your \device\harddiskvolume44 could be accessible through a drive letter. For example \device\harddiskvolume3 is HERE on my computer drive c: ... so 1st, try out to find out the drive letter for your device (with the game). 2nd: If you have a drive letter - you should be able to change the rule with the related drive letter instead of your \device\harddiskvolume44 - note: it's only possible, if the drive is mounted already. THEN the rule should be valid till you unmount the device - then the rule becomes invalid and perhaps inactive too. However: after next mount, you should be able to set the rule to active again.

    PS: I had some years ago a similar problem with a portable device and had created a process that became automatically active after mounting this portable device (including reactivating the firewall rule(s) with netsh command). It worked flawlessly ...
     
  23. Wokok

    Wokok Registered Member

    Joined:
    May 30, 2018
    Posts:
    11
    Location:
    France
    Thanks for the piece of advice. I will check what I can do. Normally, I only hace C: (hard-drive) and D: (DVD reader). I guess it is Microsoft Store doing shenanigans.
     
  24. Plutox

    Plutox Registered Member

    Joined:
    Dec 28, 2005
    Posts:
    22
    I do indeed have to have SMBv1 enabled to use this device, as it's quite an old NAS unit. But I'm also seeing these...
    WFC log example 1.jpg
    ...in the log. I'm totally mystified as to how this can happen, when I have a rule that allows TCP in with both addresses set to 192.168.2.0/255.255.255.0. I have no problem with this traffic – it is quite normal internal network traffic and I'm trying to create a rule to permit it without creating a log event. I must stress that the device(s) in question do seem to be working as they should; I just don't understand why I cannot seem to create a simple rule to allow this routine traffic to go about its business!

    Your thoughts would be appreciated.
     
    Last edited: Mar 13, 2020
  25. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @Plutox

    1) And you receive this block msg "always" ... not just right after booting your machine or after wakeup or so? Because (as I said) after such processes, it's possible that your network is not yet ready (or something like that) and the connection will be blocked YET ...

    2) And you are sure that there is no other related block rule(s)? Because your allow rules would have no effect then (block rules have always priority over allow rules).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.