Discussion in 'other firewalls' started by moontan, Feb 15, 2011.
This comes in handy!
Thank you for this great tool. It is definitely worth a donation!
In learning mode - what is the consequence of the "Ask me later" button?
Is it "allow once" or is it "block this time and ask next time"?
If it is not "allow once" may be "allow once" could be added?
Second I notice the process taskeng.exe being active with wfc.exe. As far as I understand this is necessary because of wfc being started as a task from the task scheduler. As I cannot remember taskeng.exe being active on my system before using wfc I wondered if it could be terminated after starting wfc. I'm using Win7 x64 home premium.
Third: Whenever any program wants to pass the firewall to the WWW I get the notification that the Destination Address is my router's local IP on Port 53, UDP protocol.
On the one hand this does make sense because my PC is behind a router that is the gateway to the WWW. On the other hand I am used to get notifications from third party fw's under Windows XP that indicate the remote IP and the remote port - even if the PC uses the router as a gateway. What is behind this issue?
"Ask me later" means that the current connection remains blocked, and on the next attempt of connecting of the same program, a new notification will show up about the new connection. This can occur 5 seconds later or 10 minutes later, depending on the program that is trying to connect to the internet. The program will remain blocked until a rule is created.
"Allow once" can't be added because Windows Firewall Control is just an front-end for the default Windows Firewall. It cannot manage what means "allow once", because it just creates a rule into the Windows Firewall, it is not like in other firewalls that have this option. Windows Firewall does not have this option, our program can't add this, but I will try to find out a way to implement such a feature in a next version based on a Windows service, which may provide additional functions than the current versions.
Task Scheduler Engine (taskeng.exe) can be killed through Task Manager after wfc.exe is launched, but you will not see any performance improvement because it uses only 1.5-2MB of memory, and no CPU. You can manually add wfc.exe to Windows Registry into the Run section, but this will launch the process with adminitrative privileges only on the Administrator account.
Please check your router settings. We also use routers at work and also at home, and other users too, and the remote port and IP adress are not the router, but the real ones. Remote port and remote address should be different than your router internal settings. You are the first one to report this problem.
Please let us know if you solved this problem.
Thank you for your answers and your efforts.
I did not change anything with the router. What I changed is one of my notebooks. The old one was run with Windows XP. The ethernet card was configured manually (DHCP off) with a unique IP and the router's IP as gateway as well as the DNS (router's IP) via the TCP/IP settings of the ethernet card. Firewalls reported the external IPs and external ports then.
The new notebook runs with Windows 7 and I configured the ethernet card manually the same way than I did before on XP. And I use WFC for the first time. Maybe this is a Windows 7 issue? Maybe there is another way to configure the ethernet card behind a router manually... I don't know... do you?
Thank you very much
Thanks to Broadway, we find out that if DNS-Client service is disabled, the remote IP will be reported as the local router's IP, port 53 and UDP protocol. Even on the Security log these informations are registered in this way. Even this service is not required for DNS lookups, it seems that Windows Firewall uses this service to resolve remote lookups. The router will find all these informations for itself but will not pass them to Windows Firewall, and Windows Firewall will need to get these info by using DNS-Client.
Thank you, Broadway.
I'll give it a try.Thanks!
So, are we saying that we should have the DNS service running on the PC for Windows Firewall to work correctly for outbound control? Or that the info reported may not be correct (but won't hurt anything?)
As far as I found out you should enable DNS service if you are going to specify your rules. If you always allow or deny traffic for ALL local ports, ALL remote ports and ALL protocols you will be fine with DNS service disabled as the correct information/specification will not be of interest for you in this case. But what does WFC really "learn" then?
So if you are interested in WFC as a really "learning" application it seems that you have to enable DNS service.
I've started getting these on Win 7 64.
Dear Greg, please update to the latest version 126.96.36.199. This error seems to appear randomly when the security log is empty. Did you cleared the security log manually, or did you reinstalled your operating system ?
"Learning Mode" reffers to the Windows Firewall, this will store your rules. WFC is just an front-end which just adds more functionality to the default Windows Firewall. WFC by itself will learn nothing.
DNS-Client service is needed only if you want to see the real remote IP, port and protocol, instead of the address of your router. This has no impact on the firewall rules, this is only needed to view on the notification pop-ups the real remote destination. So, you can disable DNS-Client service, then create a rule and customize it to custom ports, and this firewall rule will be still active for the customized ports. If you don't mind to see on all notifications the local router's IP as destination addres, port 53 and UDP protocol, you can disable DNS-Client.
Thanks Alex. The 64 bit is on my work laptop. My personal laptop is the one which gave you fits,lol. I did not clear the security logs but I imagine they were cleared by the system when the limit is reached. I will update it. I'm still out of town working and haven't had time to update. Thanks
Updated to new version after last reply. Today
Greg, I didn't forget about your error, it seems that it is generated when there are hundreds of inbound connections, in a short time, towards svchost.exe. After I have received that error too, but with a different index number, I have checked the Security log, just to find out that there were more than 300 (enourmous) inbound connections blocked by Windows Firewall towards svchost.exe in the last 30 seconds, preceding the appearance of the error. I will try to find a way to correct this in WFC to avoid in the future such errors, and then I will publish a new version.
Thanks, the index number does change with me also. If I can help in any way, let me know.
Updated to version 188.8.131.52
What's new in version
√ Fixed "Index is out of bounds" error.
√ Added support for Learning Mode for Windows versions that are in russian.
Currently, Learning Mode works for the following languages and localizations:
english (en-US, en-GB, en-CA), danish (da-DK), dutch (nl-NL),
french (fr-FR, fr-CA), finnish (fi-FI), german (de-DE, de-AT, de-CH),
italian (it-IT), polish (pl-PL), russian (ru-RU), spanish (es-ES, ca-ES),
swedish (sv-SE), traditional chinese (zh-TW, zh-HK).
Thank you for the Update. But I fail to install it.
I downloaded it to D:\Downloads.
WFC is installed in C:\Windows\System32
When I doubleclick the downloaded file (the one in D:\Downloads) nothing happens, either doing this as admin or as user.
What am I doing wrong (Win7 x64 HP)?
Please make sure that the file downloaded is named wfc.exe not wfc(1).exe. If this will not work, please overwrite manually the old executable with the new one. Also you can try to uninstall the old version and to choose to keep your settings, and after that try to install the new version.
Wow, that was fast! Thanks.
Your answer gave me the key:
I did not think about the fact that a program-file cannot be overwritten when running. So what helped was to quit WFC and then doubleklick the downloaded file.
Thank you again
Edit.. Nothing, I saw the small print about FireFox when donating..
Hmm, I have learning mode enabled, but I dont get any pop ups. Adding programs manually works though. I wonder what is the problem, software is correctly registered to me.. English Win Vista 32bit, and finnish localization (åöä). Is that the problem? No learning pop ups.
Other security software produce pop-ups usually too much, this I cant produce any.
Is this something new?
This is a new notification which replaces that error complaining about "Index is out of bounds". That error appears when a big number of inbound connections are blocked in the same time. When you get this new notification you can also check the security log where you can find that in the last few seconds, there were hundreds of inbound connections that were blocked. If this notification is too annoying, I will consider to remove it in the future.
Not a problem for me. Just curious about the new notification.
Fixed through email. There was a problem with the finnish language localisation.
Good and fast support. Thank you.
Separate names with a comma.