Windows Firewall Control (WFC) by BiniSoft.org

Here it works. Have you tried a de- and reinstall already? See for that also the WFC User Guide at binisoft.org, begin with page 43 there (Troubleshooting).

Good luck anyway!

PS: Please delete the non-official download-link - it's not desired from the developer to have binaries elsewhere since binisoft.org is the one and only official place for it. Thank you!

 

Yes, I will definitely try to fix this. I already tried a reinstall, it didn't help. Thanks and have a good one too.

 

Reading the thread was kinda fun! Now I'm outta time to sort anything. RIP morning time.

---

https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-162#post-2747280

Anyway, as I already mentioned, version 5 won't receive any new updates and there is no plan for a version 6. There are two working versions 5.0.2.0. and 5.3.0.0. with two flavors of Secure Rules.

---

Again, if a malware gains administrative privileges on your computer and your antivirus does not detect it and stop it, then it could just disable Windows Firewall service directly.

---

https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-160#post-2746535

With Secure Rules enabled, Windows Store apps won't install or update properly and some Windows Updates wont install properly. But, when this happens you see notifications from Windows 10 that something could not be installed. Then you know that you have to manually disable Secure Rules, let the operating system install what it wants, and then just re-enable Secure Rules. If this is something that doesn't work for you and this is way too complicated, you can:
1. Disable and don't use Secure Rules feature.
or
2. Install version 5.0.2.0 which can be downloaded from https://www.binisoft.org/download/old/5020/wfc5setup.exe Add '@' in the authorized group names and let any Windows Store app to connect to the Internet.

There is nothing to be fixed in WFC. The side effects of using Secure Rues are known and already mentioned in the user manual and this forum.

The real problem is actually Windows 10 which tries very aggressively to install everything it wants, anytime it wants. When Secure Rules is enabled:
- Some Windows Updates fail to install because they can't add new firewall rules. Usually, telemetry rules.
- Windows Store apps install until the last step when they want to allow themselves through Windows Firewall by adding new rules on their own. Why? They should install and should display a message that they can't connect to the network when they are launched, letting the user to add a new firewall rule, if he wants, not because an app wants. The user should have the control, especially when outbound filtering is enabled in Windows Firewall.

Secure Rules does what it is supposed to do. If the side effects are giving you headaches, just don't use Secure Rules or install version 5.0.2.0. which is not so effective, but more flexible.

---

https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-157#post-2744311

1. Secure Rules has a purpose which may not be suitable with all use cases. For example, users that use Windows 7 will not have any problem with it. Only Windows 10 users may experience problems because Microsoft aggressively want you to install everything they want, whenever they want. If the side effects of using Secure Rules give you headaches, you can disable Secure Rules. If security and privacy are more important, then keep Secure Rules enabled.
2. The program is available on the website which is official. Your examples are good if you plan to distribute warez, otherwise, I don't know any software vendor that publish their installers on these web sites.
3. What if GitHub will become the next Sourceforge? Not all projects should be open source projects.

---

https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-155#post-2743108

The purpose of Secure Rules is to ensure that no other software will mess up with your firewall rules anymore. You, as a user define 10 rules, then you can be sure that you have 10 rules, not 20 after you install a new software, or 50 after you open Windows Store. Secure Rules has a purpose and does what it supposed to do. If Secure Rules does not suit your needs, you can turn it off entirely and don't bother again with questions like when you should use it or not. Not all features are for everyone.

---

https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-138#post-2710353

I really hate programs that can't be stopped by the user...

---

~ Removed Off Topic Remarks ~

 

update: disabled forced randomization for images (mandatory aslr) and also updated to windows 10 2004, so far everything seems to be working now with 6.3.0.0

 

Oh, great if it works again, congrats!

 

I think you missed the end of the sentence
- Improved: Detecting invalid rules is now made at service level instead of UI level, meaning that the rules defined for files that are not accessible are not detected anymore as invalid.

In WFC log from Event Viewer search for ID 300 for disabled rules and ID 301 for deleted rules. All available info is logged.

I will bring it back, I am working on an alternative, but coding a custom control like I wanted it to be, seems to be more complex than I expected.

This seems to be a strange behavior. wfc.exe does not require administrator privileges, the notifications logic is in the wfcs.exe service which just sends some callbacks to the UI wfc.exe. If the UI does not display the notification window without having administrative privileges, then it seems there are some permissions problems. This particular window is using some calls to user32.dll and shell32.dll. Please check if your security software does not prevent wfc.exe process from calling these system assemblies.

 

If you take a look at the change log between 6.2.0.0 and 6.3.0.0 there is no change that is affecting the Rules Panel. Did you try to restart your computer ? If Windows Update is installing its endless updates, some of them for .NET Framework, then you may see things like the crash that happened in your video. However, I think it was just a coincidence and not really related to the new version. Did you check the WFC log and/or Windows Logs\Application category that is logging problems of any software that is crashing abruptly?

About scrolling Rules Panel that fast, it does the same on my I7-9750H, around 10% CPU usage. This is because WFC uses the default data grid control from WPF which is not really optimized. I just customized its appearance but its performance is poor by default. The alternative is to use a commercial data grid control from DevExpress, ActiPro, etc, but if I do this, then I will have to add several assemblies to WFC just to have a fancy data grid. Instead of having a small package, then the installer would become 30-40MB. Since we usually don't scroll the rules like in your video, the poor performance of the default data grid control was always the better alternative vs. tens of MB added to the installer.

Anyway, glad that it works now, after updating to version 2004. If you will get some strange, out of nowhere BSODs with this Windows version, it is not WFC I just had a few in the past days on both my laptops Stop code: CRITICAL PROCESS DIED

 

The problem somehow fixed itself... After weeks without showing up, notifications suddenly appeared again yesterday, even when running wfc.exe normally as standard user. The only cause I can think of is that I temporarily swapped the PC HDMI cable from my normal display into another monitor. It kept working after I used my normal monitor again. Strange, and maybe only a coincidence. Or maybe the notification window was somehow "out of bounds" of my normal display, if such a thing is even possible?
In any case, I will watch it closely and hope it stays like this. Thanks to everybody for your input and suggestions.

 

Out of bounds is possible if the display area is extended. If this happens again, delete the following registry value, so that WFC can place the window in the default location:

 

That makes sense. Thank you for the explanation and advice!

 

Here's an update about auto allow feature for programs that have a new path after each update. I've been trying to implement it like this, with wildcards support:



This translates to:
For the first entry, if there is a blocked connection for a path that matches C:\ProgramData\Firefox\*\updater.exe and the action is Auto Allow, then WFC automatically creates a generic allow rule for it.
For the second entry, if there is a blocked connection for a path that matches C:\Program Files\Adobe* then do nothing, do not display a notification, leave it blocked, I don't care.

This implementation partially fixes the problem with programs that change their path after each update. The user has to remove old invalid rules from time to time, so don't expect WFC to remove old rules. If the path changes and there is an allow rule for the old path, the rule will be invalid and will remain in the rules list.

What do you think? Do you see a better or a more user friendly way to accomplish this, leave a reply. Thank you.

 

@alexandrud

At first glance I find it very good - and it's sensfully, that's clear!

I don't know if it would make sense to add an option PER RULE to allow add a time to automatically remove a such rule (for example after 30 days). That would cover the case, if a user knows that he uses the rule just for a certain time (for ex. to testing a program). You could even add an option to automatically clear the whole list (so called reset), if a user is unsure about his created rules and can start again. On the other side, it's probably a bit overhead and it could be enough to delegate the removing to the user itself (as you said).

 

awesome update, thanks for moving the detection of invalid rules to service!

i do not want to add burden on the dev but i wonder about to add a column in rules panel to be able to see for which user the rule is set and also in rules properties to be able to define a user for rules like in original windows firewall UI?

edit about the vote for secure rules, I'm fine with the mode 1, it's nice because it don't have the problems of mode 2 and it allow you to see recently added disabled rules. It's maybe a pain for things like steam which constantly add new duplicates rules for himself at each start and his games after each update but you just need to clean disabled rules once a while. i don't really see the point of mode 2 except maybe for something that i noticed once: even with secure rules on and the "allow win store apps" unchecked after updating an app it was briefly able (and have done it) to connect and receive/send datas from/to internet, not sure why and for those apps it's not possible to define a block rule to prevent any leaks (as you can do with other programs which add their own rules (block rule win vs allow rule)) as their path are changing.

 

This adds too much complexity to this feature. Then someone would like to customize the pattern for these rules, and so on.

Not possible. This is how you select a user in WFwAS and the actual value of BINI\Administrator is O:LSD: (D;;CC;;;NS)(A;;CC;;;LA). It is a lot of work to add the functionality of these dialogs into WFC. Instead of defining such rules, if you have multiple user accounts, it would be easier to add a scheduled task that will import a different set of rules on user login. It makes more sense than editing this property for multiple firewall rules.

[/user]

 

Yes, I can understand that, no problem - I was also not sure about, so it were more thoughts then real suggestions ...

 

hi

i have installed the 6.2.0.0 version.
i use medium filter and From 2 days i receive windows 10 activation required watermark.
After i reactivation the next day the error come back again.
I would know if there is any relevant firewall port that control this and i should open it?

thanks

 

I doubt it is related to the windows firewall interface named WFC.Most probable the proper connection is already being made, thus the message.

 

Just a coincidence. Once activated it should stay activated. What is the method you use to activate the operating system? License key, kms server? The os is a vanilla one or a modified one?

 

license key, after a clean installation.

 

Once it gets activated, the operating system can stay offline for years, therefore, there is no port or specific connection that must always be available. Is not like an anti-virus that is checking the license every few hours to exclude blacklisted keys. Try a few days without WFC installed and see if it is happening again. Anyway, nobody reported a similar behavior since WFC was created back in 2010.

 

ok, i will doing some troubleshoot.

 

Does anyone have the effect of a dancing text? See this GIF.

 

Hey, Just wanted to pop in and say thanks for fixing the issue with the properties panel not working
I'm glad you guys managed to track down the cause..
As a layman, I really appreciate alexandrud and the communities efforts in maintaining this very useful interface..

Again. Thanks guys/Gals!

 

It happens like this if you have increased the text size. Reduce this to 100% and use a different DPI scaling if you want to see everything larger, not just the text. It is expected behavior since the text boxes have a fixed height and a larger text will not fit properly. An increased DPI will enlarge every control by x% amount.

 

Nevertheless, I think that this is a v6.3.0.0 bug, because in v6.1.0.0 the described defect is absent. See this GIF-animation.