Windows Firewall Control (WFC) by BiniSoft.org

NordVPN and Windows Firewall are not friends. Search this topic for NordVPN and you will find plenty of examples.

 

Any solution? WFC closes even if VPN is not activated. Is Windows Firewall useless 'just' because NordVPN is installed?

 

The process wfc.exe crashes and disappears from Task Manager when an unsigned software is launched and Learning Mode is enabled? Please check the Application event log and see the reason why wfc.exe crashed.

Yes, because of how NordVPN works. Windows Firewall rules will be ignored once connected to NordVPN.

 

But still no multi rule editing. A new Windows 11 machine has a total of ~1500 rules counting in the hidden rulesets in

Code:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\

Because Windows Firewall matches the most specific rule, it is useless to simply create block rules for any of these, as a matter of fact MS has done it themselves for most (?) of the hidden rules. The only way to achieve effective firewalling is to restrict the IP range of the allow rules. Doing this for a majority of the 1500 rules one at a time is not feasible.

That's why we'd need a possibility to select a bunch of rules and then edit common parameters in them, IP address ranges would be most sorely needed. Others I can think of are protocol, port number, service (useful to copy rules of service A and then change them to apply for service B), program (like the service case).

Please. Pretty please. Vă rog.

 

I can't verify this atm but there seems to be an incompatibility with WFC if Windows 11 Baseline Security has been applied.

WFC shows that at Medium level traffic is Block/Block but actually it is not -- the real setting applied is group policy gpedit.msc
Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security - Local Group Policy Object
and there the default is Block/Allow.

And there Properties popup > Settings Customize > Apply local firewall rules: No !

Only realized this when my new firewall rules didn't seem to have any effect! Without testing might never have noticed.

Applying Baseline Security is the biggest suspect here because I've not touched any firewall related settings in group policy otherwise. Only other possibility is that the manufacturer Windows 11 install image has some weird default settings.

 

I'm currently using Surfshark and wonder if this would apply as well. I was considering switching to Nord. And now that I saw your quoted post makes this proposition appear to be a risky venture surfing around the net with no firewall protection.
This is off topic and the mods will probably do what they do best. Still, it would be nice to know.

 

Interesting, that would really be good to know, if this is a default behaviour of Windows 11 (I still have Windows 10 yet).

 

Windows Firewall has two firewall rules sources. The regular rules are available through Windows Firewall API and these are the same firewall rules that are displayed in WFC and WFwAS.

You can also control Windows Firewall from Group Policy Editor and exclude the regular rules. With this approach you should not care anymore about unwanted rules since they can be totally ignored. There is no easy way to add/modify/delete these firewall rules defined through Group Policy Editor, other than manually do it in Group Policy Editor. Nor Windows Firewall API, nor netsh.exe can't access these rules and settings.

If you decide to use the Group Policy Editor to configure Windows Firewall and set Rule merging to NO:



then Windows Firewall will be controlled exclusively from Group Policy and will ignore the regular rules store. There is no API to interact with these rules and they can't be controlled from WFC.

However, I recently started to wrote an API to access the firewall rules and settings from Group Policy Editor. The good news is that it works. The bad news is that this will not be added to WFC. This is a work in progress and will be integrated in a different software available in the future at biniware.com.

No, not the default behavior. Just a setting in Group Policy Editor.

 

I have no idea since I do not test all VPNs available on the market. Please report back any incompatibility with Surfshark once you try it with Windows Firewall.

 

Would it be possible just to test if the GPO setting is active and warn the user about it? My point is that it's quite terrible that WFC shows the firewall state being block/block, but actually isn't.

Guess I should've read the Baseline Security GPO through, on short notice didn't notice anything about turning on the GPO firewall policy. WFC would be in a great position to warn people about this.

The issue here is that even wf.msc shows the status properly as block/allow, but wfc shows it as block/block.

 

Regularly every six months this registry key is discussed in the thread A long time ago I deleted all the rules from it, there were about 200 of them, without any negative consequences. Now it's empty.

Good news

 

Yes, that is really not good and can confusing the user!

Would be indeed senseful, so a clear +1 from me!

As I said in 1st answer, that's really not good and can confusing the user!

 

I will see what I can do about this. If there is any sign of GPO controlling Windows Firewall, WFC may display a message to inform the user that Windows Firewall is controlled from GPO, not from WFC.

 

Just a heads up: Removing the content of that Key seems to break Microsoft Store. That's the only thing i noticed after removing it, otherwise everything else seems to work just fine

 

That point has taken too much time!

 

@Mr.X

Please quote or write next time the the relevant things too, to avoid that all other interested users have to search for ...

So it means that posting:
https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-209#post-2877475

 

Yes, I know, but still not gonna happen anytime soon. Dark theme in WFC requires many hours of work and is still low priority

 

Hopefully a simple request: when activating Secure Rules, a second prompt may appear:

https://i.imgur.com/hh7g3tu.png

The request is to add a Cancel option and not enable Secure Rules, so we can better verify the rules before adding them or deleting/disabling them. It seems there is no way back after this prompt appears.

 

This option seems redundant, when you enable Secure Rules, select the "Disable" option instead of "Remove", so you can analyze the disabled rule later.
But just a notification when Secure Rules is triggered, without any additional buttons, would be interesting.

 

I think Yes/Cancel dialogs are more or less the norm. The (minor) issue here is that both Yes/No will perform an action/change, so Cancel is not redundant.

These actions are either irreversible (No/Delete Rules), or potentially time-consuming to undo (Yes/Disable Rules etc.).

What you are suggesting (switch to Disable) doesn't make sense (switch proactively to a different default setting, to substitute the lack of a simple Cancel).

 

I think I've confirmed that when deleting a large number of rules at once, or when importing a partial policy file containing a large number of rules (tests done with 240 rules), Secure Profile will often automatically disable itself. At least that's what occurs on my old PC.

 

Of course, if this is really a general problem (on older or slower computers), this should be fixed.

Can anyone confirm this (unfortunately I can't do any such testing here, at least for now)?

 

I can't reproduce it on my side. I just tried to reimport a partial policy file with 400 rules and Secure Rules remained enabled. All rules were disabled as expected. However, the UI got frozen and the process wfc.exe crashed. My laptop is not slow at all, I have a Dell Precision 5555. Once I will have more free time with many other projects on which I'm working, I will try to revisit the WFC code in this area and make some improvements.

 

I was talking about Secure Profile.

 

And I was talking about Secure Rules, evidently about something else I could not reproduce the problem with Secure Profile. But this still applies: Once I will have more free time with many other projects on which I'm working, I will try to revisit the WFC code in this area and Secure Profile area and make some improvements.