Windows Firewall Control (WFC) by BiniSoft.org

I will give that a shot. Is it possible to create an allow rule for ALL ports on the local network?

 

Create a allow rule that applies to all programs (don't specify a program in it): outbound, ANY protocol, all ports, specify the IP address range of your local network, for example: 192.168.0.1-192.168.0.255.
It seems you can enter the word LocalSubnet instead of address range.
Enable Medium Filtering mode.

 

Seems even that isn't enough to stop all of the DHCP blocking. No idea what might be going on here.

 

A bit of text cropping here: Windows 10, 100% DPI, "Make text bigger" setting = 125 (obviously caused by this). Resizing the window doesn't help.

 

Noted. This is a new use case. I tested and it works with larger DPI where the whole UI scales properly. In this case, the text just increases the size but not the containers. I will see how this can be fixed.

 

Windows Firewall Control v.6.18

Change log:
- Updated: Revisited the whole UI to properly display when text size is increased from 100% at operating system level.
- Updated: Increased download timeout of a new version from 10 seconds to 3 minutes.

Download location: https://binisoft.org/download/wfc6setup.exe
SHA256: 0057e9d784e600d879e0df70d64587a846aab653274641393fdbc8e1092b7e06
SHA512: c2871c6f136be5e4597fc6ca8f61a8bae01c0f75e83057ad97e0f7249b596c040c494a77618f37290aee9c84594d560dda5bbda72743d5ee0a49a26088554870

Thank you for your feedback and your support,
Alexandru Dicu

@AmigaBoy It wasn't just the notification dialog, I had to update each dialog and window to make sure it displays properly with an increased text size. I tested to look fine up to 175%. I have no display available to test with a higher text size, but it should scale properly now with all combinations.

P.S.: I started working on dark theme support, around 20% is finished. There are a lot of code changes to support dark theme and it takes a huge amount of time which I do not have. But, slowly, it will be done.

 

Thanks a lot for this.

 

Many thanks for your continued work and instant fix of this minor issue. Looks perfect.

 

No rush, I dislike dark mode, take care while programming, that it is all readable.

 

It'd be nice if you could add an automatic light/dark mode, based on OS status. Totally agree that these are low-priority features.

 

@AmigaBoy

Yep, good suggestion, but only as option of course. It should be always possible to switch it manually too.

 

For me dark mode feature has been high priority since ages.

 

Hello, can anyone provide insight on reducing CPU usage and power consumption from the firewall service? It consistently sits at around 15% CPU usage and never goes down. Thanks.

Edit: I think I found it. It seems blocking things that generate a lot of traffic contribute to elevated CPU usage (basically anything that spams the log with attempts). I block a majority of outbound traffic for software that I do not need communicating with the internet, so I will need to figure out some more CPU friendly workarounds.

 

Notifications system generate an increased CPU usage if you have many firewall rules and a lot of blocked connections. Try to add the programs that generate a lot of blocked connections, and which do not want to allow anyway, in the notifications exceptions list. Another solution is to disable the notifications. This will bring CPU usage back to zero.

 

I've only seen this with one particular Logitech program, which attempted a gazillion connections per millisecond unless I allowed it (which I did, there was no alternative). Try checking the Connections Log to see if there's a similarly aggressive process.

You could also try disabling (if enabled) Connections Log/Log connections/Allowed connections.

 

What are the differences between WFC stand alone app. and that included in Malwarebytes tools (currently in beta)?

 

Different developers and a somehow similar vision based on the original WFC solution. Currently, there is no feature parity, but more features will be added in the future. I am not part of the development team of Malwarebytes consumer products.

My work at Malwarebytes is mainly on corporate products where I developed several products and features, including a firewall management plugin which has a very different approach.

 

Thank you for the response.

 

Hi @alexandrud

A few questions about Secure Rules and Secure Profile

1) WFC must be running in order for Secure Profile and Secure Rules to work, correct?

2) When Secure Rules is on, how often does WFC scan for unauthorized rules? I created a test rule when WFC was closed. Then I opened WFC. It did not detect it until I refreshed the WFC rules page, which it then did disable it. Then I manually re-enabled the test rule outside of WFC, and WFC still has yet to detect it and turn it back off. It seems like it's a problem if a program can just re-enable it and WFC can't detect that.

 

Secure Profile works even if WFC is stopped because the implementation of it is based on altering permissions on certain Windows Registry keys.
Secure Rules requires WFC to be up and running. Secure Rules is subscribed to rule added event, so it will automatically disable/delete new rules which are added from outside of WFC. For the existing rules, they are evaluated every 10 seconds. If you change a rule (enable it) from outside, it will take up to 10 seconds until it is disabled back. I will try to update the code to be subscribed to rule modified event too and see how it works.

 

Thanks for the answers!

"If you change a rule (enable it) from outside, it will take up to 10 seconds until it is disabled back."

It looks like this isn't working. With WFC running, outside of it I created a basic allow rule for a random program. WFC disabled it as expected. Then I re-enabled it outside of WFC. It remains enabled.

Edit: WFC re-disabled it only after I manually refreshed the rules list inside WFC, but it seems the 10 second evaluation isn't working

 

Refreshing the Rules Panel will just refresh the rules with the new state which is disabled. Refreshing the Rules Panel will not disable the rule. Try to use WFwAS to check the status of the rule, it is disabled as expected. I just checked again, and depending when the timer runs, the rule will be disabled again. It may happen anytime between 1 to 10 seconds.

LATER EDIT: I see now the behavior. Re-enabling the rule from outside is not detected by WFC you refresh the rules because the cached rule is not refreshed. It is detected only if the change is made through WFC. I will try to implement a fix for this. Thank you for reporting this.

 

No, thank YOU for creating and maintaining this amazing piece of lightweight software that I just discovered.

I was looking at several different firewall software, and your solution is so much better and does everything I wanted and more, while being simple to use and not bloated at all. Cheers!

 

Problem solved. The next WFC version will have an improved mechanism which reacts instantly when a rule is added or modified. I also included in the WFC event log, the name of the app and the user account used to make the unwanted change:

Code:

<EventData>
  <Data>Secure Rules has detected and automatically disabled an unauthorized rule.</Data>
  <Data>Rule: TestApp</Data>
  <Data>Path: C:\Windows\testapp.exe</Data>
  <Data>Group:</Data>
  <Data>Modifying app: C:\Windows\System32\netsh.exe</Data>
  <Data>Modifying user: W1124H2\alexandrud</Data>
</EventData>

 

Can someone explain in layman's terms why a blanket Allow rule for svhost.exe and "NT Kernel & Systems" doesn't work?

Is there something special about these two programs?