Windows Firewall Control (WFC) by BiniSoft.org

A nice addition to the experimental CAPS feature (which seems stable enough by now?), would be the ability to instruct it to create a temporary rule.

For example, the T30 below would be a 30-minute temporary rule. Since this feature is needed for changing paths that are sometimes temporary, it'd make sense to create a temporary rule instead of having to clean them up manually.

C:\PROGRAM FILES\EXAMPLE\%T30%

 

Sorry - also, a combination-only exception:

PATH+PROCESS.EXE would create the rule, ONLY if both conditions are met (process name within that path). This should make it a bit more secure.

 

It seems the experimental feature is now creating two rules (exact duplicates) instead of one. At least that is what's occurring on the two exceptions I use.

 

Hello, allow me to start by mentioning how great of an application this is, really amazing work!

My apologies if this has been asked or discussed before, but is there any way of creating wildcard rules so that instead of an application's full path for a rule, such as "F:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe", I could use just "*\dota2.exe" or "*dota2.exe" ? This would be an extremely useful feature, to deal especially with applications that change locations/paths and for apps that are created in temp folders with different names while keeping the same application name, etc.

 

You could use the experimental feature as described here:

https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-267#post-3130693

or you could switch it to Low Profile (for certain time) for "temp folders".

 

Now looking at 261 identical ms-teams.exe rules, auto-created by the exception:

C:\PROGRAM FILES\WINDOWSAPPS\MSTEAMS_23320.3027.2591.1505_X64__8WEKYB3D8BBWE\

3-4 are created at launch, and then they just keep recreating every few seconds while it's running. The same occurs with a MS-TEAMS.EXE exception.

This is the "new" Teams app Microsoft is pushing to replace the perfectly fine "classic" version. I could be wrong, but I've noticed a few unusual things about this app, see below. Not sure how they are now called... Store Apps? UWP?

1. It does create its own Inbound TCP+UDP rules, but using this string as a group name: {78E1CD88-49E3-476E-B926-580E596AD309}
Added it to Authorized Groups for Secure Rules. "Allow Windows Store rules" is enabled.

2. Contrary to other apps, it does NOT create its own Outbound rule, hence the need for an exception above.

Could this be a new type of Store app, i.e. those acting as a "wrapper" for desktop programs, or it's a WFC issue? No idea.

 

This exception is also creating duplicates, but nowhere near as much. I have 4 now:

C:\PROGRAM FILES (X86)\MICROSOFT\EDGEWEBVIEW\APPLICATION

 

hi, just got an Epson WF-3825 MultiFunctionPrinter.
With enabled "Mid-Filtering" i cant use the Scanner.
Only with disabled FW "no Filtering" Scanner recognises PC to send file.
Windows 11 x64 Pro 23H2
Epson WorkForce Pro WF-3825DWF
Epson ScanSmart 3.6.7
with enabled FW, Windows wont take my settings, no matter, what i do... it stays OFF
https://i.gyazo.com/afb64d8936a2c3d94bb4890050411297.png

what to do? thanks
cheers ^^

 

Let me check.

 

You need an inbound rule to allow the printer to connect to your machine if you are using the scanner to send the file to your PC. Check the recently blocked inbound connections after you tried to connect to your PC and see what is blocked. I do have a Canon multi function printer and I usually scan things from my computer. I just need to create an outbound rule to allow the Canon software to connect to my printer:



This is the only rule I need to access my scanner with Medium Filtering profile. I start the scan from my machine, the software from my machine is connecting to the printer. If you use a hardware button on your printer to scan to PC, then you need an inbound rule because in this case the printer connects to your PC.

 

Thank you for telling me about the experimental feature.

 

No problem, your welcome.

Hope you have success with!

 

Is there a way to automatically create block rules? If not, could it be implemented by using negation such as "!BRUN.EXE" ?

(also, it seems that using this workaround for files that end with the specified string doesn't create any allow rules, it just allows connections to happen, which is probably good as it doesn't crowd the Rules Panel with the automatically generated rules, I just wanted to point this out)

 

What is the use case to pollute the firewall rules list with block rules? With Medium Filtering profile, there is no need to create block rules at all. Just allow rules for some programs that you want to allow to connect.

The experimental feature works by creating allow rules. This works when you are using Medium Filtering profile.

 

Which WFC version are you using? With the latest version I can't reproduce this. It does not create duplicate rules on my machines. Only one per exception.

 

Hi, thanks for fast response, but it wont help at all.

What i like to do, is: sending scans FROM Scanner to PC! Scanner simply cant find the PC. (it does, but only when FW is completely disabled)
Other way, grabbing from Scanner via PC Software is working perfectly.. But that doesnt help me...

I had already allow any inbound from all epson software!

There is a kind of automation with printer and file sharing option from the firewall. it automatically disables this when filtering is on. then it automatically enables it, when filtering is off

these 2 buttons i mean:

https://i.gyazo.com/2abc044e846f36005fafed50d212b4a3.png

the get automatically set by this firewall!

i tried to add manually pre-defined in -and outbound rules for file&printersharing (also smb) and the network identifier from the defender firewall. then set firewall back to medium filtering. but that wont help also -.- No PC can found by Scanner / Printer
https://i.gyazo.com/aad1103b6b4b501e12c9a9b8b5e207e4.png

 

how to remove authorized groups by mistakenly added?

https://i.gyazo.com/f0ad97770f630b48b9d763f5f0fec5af.png

 

i finally reset my windows firewall rules, and now notifications are working again.

 

As I mentioned before, you require a new inbound rule. If you can't find what to allow in the recently blocked inbound connections (Connections Log), you better:
- Export your existing custom rules created by you
- Reset Windows Firewall default set of firewall rules
- Enabled manually all rules from Network Discovery and File and Printer Sharing groups
- Import back your existing custom rules
Now your computer should be connectable from the scanner. If it works you can disable the rules from those two group names one by one until you find which one was the one that you need.

In the authorized groups list you can also use Delete key on your keyboard to remove an entry.

 

I am using the Medium Filtering profile with notifications set to "Display notifications", so while the experimental feature allows me to create wildcard rules for something I always want to allow, I can't do that for apps I want to always block, regardless of their path, without getting notified. Nevertheless, the WFC application is a gem and I am grateful for it, especially after being a long-time Jetico Personal Firewall user, and finding myself lost after it got no support anymore.

 

In this case there is no need to create block rules. Use the notifications exceptions list to automatically dismiss certain notifications. If you always want to silently block firefox.exe, without creating any rule and without being notified about it, add a notification exception "firefox.exe" (without quotes). This will block notifications for any executable named firefox.exe no matter where it is located. The path ends with firefox.exe, do not show it. <= This is the original feature.

If you want to allow any executable named firefox.exe, you would add a notification exception "FIREFOX.EXE" (without quotes). <= This is the experimental feature.

 

Windows Firewall Control v.6.9.9.2

Change log:
- Fixed: It is not possible to create a duplicate of the first rule in Rules Panel.
- Fixed: Remote code execution vulnerability via gRPC named pipes.
- Updated: Standard user accounts are allowed to perform elevated actions without requiring elevation authorization. Starting with this version, if wfcUI.exe is executed as a standard user account, it has only read access for the user interface. The software must be elevated before being able to perform any write actions (CVE-2023-36631).
- Updated: Run button was disabled in the installer to avoid executing the software under an elevated account from a standard user account.

New translation strings:
090 = Request elevation

Download location: https://binisoft.org/download/wfc6setup.exe
SHA1: 531a77a85ac8e169ca757e46de3bcd51fc965da5
SHA256: d1e659dc2a8e6a11280cf4f34a19f053a72039661f8479d5032457f92829ca5d

Thank you for your feedback and your support,
Alexandru Dicu



This context menu and the new button in the Main Panel are displayed only if the software runs under a standard user account and requires elevation. On standard user accounts the system tray displays grayscale icons as an indicator that elevated privileges are required. Once the elevation is provided, the tray icon shows again the colored icons

 

Sorry for the late response, but I never got a notification from Wilders. I was using the latest version, 6.9.9.1 at that point.

 

But when updating from "Main Panel", at the end, the [Run] button - despite being Administrator" is "Not Clickable"?
To start WFC do I have to click on the desktop icon?