another Windows Firewall Control?

Discussion in 'other firewalls' started by moontan, Feb 15, 2011.

Thread Status:
Not open for further replies.
  1. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    202
    Hi all.

    I just installed WFC 3.0 on a non-fresh Windows 7 x86 Ultimate computer. The only security app there is Avast Free Antivirus 6.0. After installing WFC I could browse normally. BUT after chosing "Medium Filtering" I couldn't browse anymore. I had to set "No Filtering" (Firewall disabled) in order to be able to browse. I had to uninstall WFC with the option to restore previous WF settings.

    Maybe somebody could tell me what's wrong with it?

    o_O o_O o_O
     
  2. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    That is how the program should work.
    For enabling learning mode you have to donate.

    Just read
    http://www.binisoft.org/wfc.php
     
  3. ViVek

    ViVek Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    575
    Location:
    Moon
    You must create rule for you browser in medium filtering.

    If you donate 10 $
     
  4. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    202
    Thanks a lot guyz, I should have read before! :argh: :argh:

    I thought it would allow trial features. I'm gonna donate right now, it's too cheap to be real! :thumb: :thumb: :thumb:
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,021
    yes - my bad i mixed it :eek: sorry
    and you got the point
     
  6. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    Can you help me fill in the blanks here? Hopefully I'm understanding correctly. You have pointed out something I have been doing wrong.

    I use Norton DNS servers for DNS with Windows DNS client disabled. The DNS servers can be set internal in router. Is this rule a one time rule made or you make this rule for every program?

    Let me see here, are you saying there should be a inbound and outbound DNS rule? UDP port 53 on local port (not remote correct) and routers side Lan IP address would be if I were to use cmd line and put "ip config" it would give default ip address (this would be remote port).

    Under Local Area Connection Properties>select IPv4 and click properties and on General tab can you use "Obtain DNS Server address automatically" if you already have them set in the router itself?

    Did you do this through WFC or Windows Firewall with Advanced Settings? I have read through this whole thread there is a lot of good info here. This program looks real handy.
     
    Last edited: Sep 22, 2011
  7. wat0114

    wat0114 Guest

    If you control outbound comms with the firewall, you make the rule for every program that connects to the Internet.

    Use "ipconfig /all" to see the DNS servers ip address(es). With Windows Vista/7 firewall, you only need an outbound rule. Example:

    Protocol=UDP
    Program=C:\Program Files (x86)\Mozilla\Firefox.exe
    Local Ip=Any
    Remote IP=your DNS server(s)
    Local Port=Any
    Remote Port=53

    You can leave that as is or use: "Use the following DNS server addresses" then fill in the entries for you DNS ip addresses.

    Yes, I disabled DNS Client service then created DNS rules for all my web-facing applications in Win7 firewall w/Advanced security.
     
  8. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    202
    Hi again!

    Yesterday I donated and successfully activated WFC 3. I switched to Medium Filtering and Learning Mode, so I could choose which apps could go online.

    One of those apps was Website Watcher portable. I have it in my pendrive, in a TrueCrypt container, the path always being the same even after restarting the laptop. I allowed both executables, wswatch.exe and wswie.exe. It worked without any problems.

    Then today I opened up WSW again but it couldn't reach the web. I had to delete both rules from WFC and then it could browse again, asking me to allow both exes again.

    My security setup in this laptop with Win7 x64 Pro SP1 is: MSSE, OpenDNS (DNS manually changed in the computer, not the router), Ad Muncher Premium and RoboForm Everywhere. The DNS service is Automatic and Started.

    I'd like to know if this kind of behaviour is normal on portable apps or while using DNS services or just a bug.

    Thanks! :thumb: :thumb: :thumb:
     
  9. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    When mounting the TrueCrypt-container - did you assign the same drive-letter?
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    Firewall rules are dependant by the path of the executable file. For this reason, "E:\example.exe" is not the same with "F:\example.exe". Like Broadway said, check if the executable was executed from the same path from where you created the first time the rule.
     
  11. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    202
    Yes, I already pointed it out in my post because I thought it could be a problem. Yes, the path is the same.

    Thanks! :-* :-* :-*
     
  12. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    I cannot reproduce your problem with any of my portable apps, either started from a Truecrypt-conatiner or (uncrypted) from any harddrive or USB-drive, sorry.
    Did you specify your rule for your exe, or did you create the rule for any port and any protocol?
    Example: If you allow your exe to access the Internet to port 80, tcp, all attempts related to port 80, tcp, will be allowed. If your exe tries to connect to any other port or via udp, it will be blocked without further notification.
     
  13. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    I don't know why but I cannot reproduce your approach.
    Example: Windows DNS-Service is not running, DNS-Lookup is done by the router. I am browsing with opera.exe and there is no existing rule. WFC is "medium filtering" with learning mode enabled.
    On the first attempt of opera.exe to connect to the internet, WFC notifies me with "Opera.exe, Port 53, UDP, Router's IP (DNS)". When I allow this, a rule "Opera.exe any local port, any remote port, any protocol" is created.
    When I modify this rule to "Opera.exe any local, remote port 53, UDP protocol" any further attempt of opera.exe to get access to the Internet will be blocked. I think this is because of the fact that behind the DNS-Query on UDP 53/Router is a specific attempt of opera.exe to access e.g port 80 or 443 or anything on a remote WWW-IP.
    Or did I miss something?
     
  14. wat0114

    wat0114 Guest

    That rule should work. However, you will also need a rule for Opera to connect to, as an example of a standard one I use for web browsers:

    1. Protocol=TCP
    2. Direction=outbound
    3. Local IP=Any
    4. Remote IP=Any
    5. Local port=Any
    6. Remote port= 80, 443, 554, 1755, 1935

    You will end up with two rules for Opera.exe and any other web-browsing applications:

    The DNS rule you created and the TCP rule I just illustrated. You could optionally add remote ports 81-82 & 8080, but I have found that these ports are sometimes used by malware or malicious sites. Just my brief experience.
     
  15. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    @wat0114

    Thanks for the illustration, you have been a big help. Just a few more questions.

    When you make your rules do you use WFC or WFw\AS?

    Does this WFC monitor inbound and outbound connections to let you know when something is blocked? Sorry, I probably read it and don't remember.

    I didn't know browsers used those other ports 554, 1755, 1935.
     
  16. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Lol, I'm just half way paying attention even though this is very interesting. wat, just to be clear, this is your example for when one disables DNS service and also has a rule for netapp?.exe 53, udp? Work is only allowing me so much forum reading at the moment so I may have missed it.
     
  17. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    202
    Thanks a lot for your input. I allowed it through Learning Mode, so both executables are allowed in any port and protocol.
     
  18. wat0114

    wat0114 Guest

    No I've built these rules using the somewhat painstaking, manual approach :D although sparviero's very helpful post here has been a tremendous aid. That only works, I believe, with higher editions of Win7 like Ultimate and Pro.

    I think it only alerts on inbound attempts.

    Those are for streaming video and Flash.

    The dns rule is created for every app that needs Internet connectivity t ocommon web browsing ports - when DNS client service is disabled.
     
  19. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    Thanks for the link wat, it's very helpful. I'm gonna donate and give this proggie a run in the next few days after I put my new mobo together.

    I did used to use Vista Advanced FW at one time but because of programs getting blocked I stopped using it. Do we need a loopback rule?

    Some folks might find this guide helpful in setting up some programs with windows FW.

    http://npr.freei.me/firewallrules.html
     
    Last edited: Sep 24, 2011
  20. wat0114

    wat0114 Guest

    You're welcome! It's an excellent little program and $10 well spent for the full featured version :)

    For Vista/Win7 fw, no. It's already enabled.
     
  21. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    I just noticed this at his site for system requirements:

    Before using this software make sure that "Windows Firewall", "TCP/IP NetBIOS Helper". I always disable this.

    I was looking to see if this program alerts you when a program needs a inbound connection. Some programs do.

    EDIT

    I donated and got a link to click on and it asks for Installation ID in order to get the activation code. It says link is only good for 24hrs. My problem is I don't have it installed yet. I won't be installing Win 7 for a few more days so I was gonna save the activation code until then.
     
    Last edited: Sep 25, 2011
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    After that page expires, you can anytime login into your account which was created automatically on your donation processing. Please check your email to find your login informations. If not, please use our contact page to request your login info. Your account on our website will be enabled as long the website will exist. :)

    Thank you for your support.
     
  23. roady

    roady Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    262
    I installed it on a netbook with 7 Starter Edition and a wireless adapter.
    Options checked:start with windows,medium filtering with learning mode enabled.
    Rebooted,but the program didn't startup with windows,so I manually added it to the startup folder......this was easy......but my 2nd problem,is that my wireless connection is crippled to allow only local network traffic.....ther's no internet connection anymore as long as medium filtering is enabled.By setting WFC to "low filtering" and a reboot,my wireless internet connection is back.....how can I fix thiso_O
     
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    Updated to version 3.0.0.2

    √ New: menu item for checking for updates, to see if a new version of the program is available for download.
    √ New: customize the rule to be created directly from the notification about blocked connection.
    √ Improved: added support for port range when modifying the properties of a rule.
    √ Updated: due the piracy of the previous versions, we had to improve our activation system again. Due to the new activation process, if you use an old version, including version 3.0.0.0, after you install this new version, you must activate the program again using a different activation code. If you are a registered user, please log in to your account on our website and get the new activation code. We apologize to all of our registered users for all inconveniences created by this process.

    Thank you for your support.
     
  25. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Great new features! Thank you!
    :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.