Windows Firewall Control (WFC) by BiniSoft.org

A wild guess: Maybe svchost.exe doesn't count as "All Programs" some how?

 

@MrElectrifyer

A first idea:

Look for other blocked inbound/outbound rules with higher priority.

Which means, if you have - for ex - a existing inbound rule for blocking the port 3702 for all programs, then you can not "overwrite" a such rule with an allow rule!

Blocking rules are higher priority than allow rules.

Greetings,
Alpengreis

 

Thanks for the suggestions, but still no luck finding the culprit.

The only rules blocking an svchost.exe connection are the following recommended WFC rules, and they're all outbound rules...


All other enabled svchost.exe rules are allow rules...

 

The logging feature in Windows Firewall is updated when you change the profile in WFC, but I assume that you already switched the profiles. Also, if an entry from the log is corrupted there is nothing to display because WFC will fail to process the Windows Firewall log. Try to clear the log first and then try again. To double check that this works, go to Event Viewer and under Windows Logs category, check in Security subcategory if you have events with ID 5156. These events are generated for permitted connections. Events with ID 5157 are for blocked connections.

Regarding the scanner problem, did you enable Network Discovery and File and Printer Sharing on your machine ? This enables a lot of rules regarding Network Discovery in Windows Firewall and creates a lot of new rules for File and Printer Sharing.

If the logging feature will work after you clear the log, you will be able to see what is allowed while your scanner works in Low Filtering profile and then you will be able to create the needed rules for it.

Please let us know if this was helpful.

 

Generic Rules are good for blocking IP-s explicitelly ,as in a Blocklist or for blocking specific port sets or protocols that are not used.I tend to block some ports on inbound rules ,this being applied to all apps installed.This is mostly useful in the infamous case of the Inbound rules automaked by the Windows firewall when it feels like with no questions asked.

By the way the CS:GO inbound rules are still being created in spite of the firewall setting as described in previous posts.The bug is still there
2 updates received the game and i had 8 rules in there for the same exe TCP inbound and UDP inbound, 2 made by me ,2 inactive and 4 active created by the game or Steam or whatever multiplies them insanely.

The addition of the Loging is excellent ,so is the shortcut.Great for troubleshooting.

 

Sorry for the late reply, currently at a home away from home visiting some relatives

Not sure what 'caused it, but it appears to be working now When I cleared the log b4 (at main home, through WFC), it made no difference; no allowed connections were displayed. Now that I had the time (at home away from home), I came here, noticed your quick reply, opened event viewer and navigated to the Security subcategory. Then I opened WFC's connection log screen, switched to the "Recently Allowed" connections and it listed them this time Clearing the log through WFC worked as expected; cleared the log in event viewer. Perhaps it was some permission problem that was fixed when I opened event viewer and navigated to that subcategory? Not sure 'cause I didn't ever check, while at home away from home, before opening event viewer.

Highly doubt it but could it have something to do with what network frequency I'm on (perhaps some driver problem)? At main home, I have a dual-band router (of which I connect to the 5GHz band) and here at home away from home, I have a single-band 2.4GHz router. Will find out when I get back to main home next week.

Either ways, thanks for the suggestion

All my home networks are private and I had configured network discovery/file and printer sharing to be enabled on private networks. Wireless printer is at main home, so, will also attempt configuring the firewall for it next week.

Happy New Year!

 

Ok, finally had the time to check all of the above at my main home and it appears the Allowed connections log is still working (so it has nothing to do with the wifi frequency, as anticipated). So, using the allowed connections log, was able to configure my firewall for my Printer's "wireless scan-to" function and in the process, also simplified the generic rules into 3

Here they're for whoever wants to use them for their printer (or any other purpose); rename the extension to .wpw and import it with WFC
View attachment Printer (HP Officejet 6700 Premium) Partial Policy (7.01.2014).txt

@alexandru Have a little suggestion for usage improvement. Currently, when I'm disconnected from a wifi network and I have a program that keeps trying to access the internet (in this case, it was my printer software), it appears Windows Firewall keeps logging such attempts as a block 'cause WFC continues to show alerts for the program.

Would it be possible to have WFC show alerts only if connected to a network (not necessarily with internet access)? 'Cause that's literally the only reason a firewall exists for; controlling network traffic. Without a network, there's no point of a firewall, hence no point of having alerts for it.

 

The connections that are logged by Windows Firewall can't be changed. Regarding the notifications for svchost.exe from WFC when no network is connected, I will add an additional check that will prevent displaying a new notification if the network is not connected.

 

Windows Firewall Control v.4.0.6.2 - New Version

What's new:
- New: Added the possibility to set the "Interface types" for a rule, which specifies for which network interfaces the rule applies. The new field is available in the Manage Rules columns. If the column does not appear, it is probably hidden. Just set the visibility for it from the header context menu.
- Fixed: Loopback notifications for svchost.exe and System are displayed when High notification level is used but there is no network connection.
- Fixed: When all Columns are displayed in the Manage Rules window, the order and size for the last column is not restored when the user opens again this view.
- Improved: The Manage Rules window is launched also when the user clicks on the Rules Panel menu item instead of only from the Manage Rules menu item.

Installation notes: Just use the updater to update to the new version. That's all. The following translation string were added in this version:

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: e5bb07279f39c9e22135e8a14ff1768a3641f64e

Thank you for your support and your feedback.
Alexandru

Have great weekend.

 

Hi Alexandru

Many thanks for the heads up/notification. Have downloaded and am about to install. Will feedback if there are any issues found.

Have a great weekend yourself.

Regards



Baldrick

 

I used the built-in updater and I notice a different SHA1: eebb18aef3f84f5bbf63e8d991f403faa33dcbd8

Same with using the link provided for download.

What is wrong?

 

Does anyone here know if EMET 4.1 is compatible with Windows Firewall Control 4?

 

Thank you for this. By mistake, I have uploaded a test version on the website.

Please download again the assembly. Now it is the good one.

The correct SHA1 is: e5bb07279f39c9e22135e8a14ff1768a3641f64e

 

I'm confused now. I downloaded again and get

SHA1: e5bb07279f39c9e22135e8a14ff1768a3641f64e

using as well the built-in updater as the download-link.

 

This copy-paste is just .... I have copied from your post instead of my original one when I posted the reply. It is ok:
SHA1: e5bb07279f39c9e22135e8a14ff1768a3641f64e

 

Fine, thank you

 

I cannot reach binisoft.org today>> ??

 

Hi myk1

Just tried from here and no issues...I am getting the main web page just as per usual?

Regards


Balders

 

How do we calculate the SHA1?

I downloaded only minutes after you first posted using the builtin Check for Updates and likely have the test version. When I just now did another Check for Updates AND I downloaded the new non-test version and tried to Update, I was told that 4.0.6.2 was already installed and the new version (non-test) wouldn't install. Do I have to uninstall the test version and then install the non-test version or can I just keep running the test version? Because I've been running it since 7:21 yesterday morning and haven't had any problems (that I know of).

J

 

There are a lot of tools you can use for calculating hashes. Just google for it.

I use "Rapid CRC Unicode" - as it is part of the Portable Apps Suite.

 

Yes, you can still use the test version. You can also uninstall the test version and reinstall the final version. Both choices have the same functionality.

 

Thanks, I did as suggested and selected "hashmyfiles" from nirsoft.

 

Thanks Alexandru,
J

 

Still trying to reach http://binisoft.org/

Thanks..but I get this:

NOT ACCEPTABLE!
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security

An idea?! Thks

 

Strange - no problem here.

What browser do you use? Any JavaScript restrictions?