another Windows Firewall Control?

Discussion in 'other firewalls' started by moontan, Feb 15, 2011.

Thread Status:
Not open for further replies.
  1. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I like it this way. After adding back the WFC description, I now have all the rules that I want showing up in Manage Rules dialog. I noticed the above in the process which was great because I did have some different rules with the same file path but were named differently. File Name TCP & File Name UDP

    Has the option so sort rules alphabetically been brought up yet?
     
  2. Macolm

    Macolm Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    22
    After installing newest version following your instructions, I got a grayed out "Display" combo box in "Manage Rules" window. Is there any simpler way to read/display WFwAS's rules except exporting/importing "from WFwAS"?
     
    Last edited: Nov 13, 2011
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    I will add suport for sorting them by clicking on the column. It is a little bit difficult to do it because there is no such option for ListView in C#.
    Those combo boxes are available for only to registered users, but I was thinking again, and in the final version, these will be available for all users.
     
  4. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Yes you are right, they are not dependant. What I wanted to say is:
    When WFC pops up, one of the given information is a Process ID.
    With this ID you can identify svchost and the underlying services with Sysinternal's "Process Explorer". I defined "Allow svchost->"whatever service" according to this. Afterwards I set svchost to "hidden notifications". Although everything related to this Process ID was allowed now, there were still connections blocked (same Process ID), as I could read from the event manager. How is this possible?
    In the end I gave up and allowed svchost "all" except the rules predefined by WFC.
     
  5. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    But you can change the name of the rule via WFAS. In this case you have to make sure that the rule still has (any but) a different name, isn't it?
    In another context you explained that if there is as well an "allow" as a "block" rule for the same program the block rule will be stronger.
    How is this related to the "name convention"?
     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    Go to Task Manager and go under Services. You can see that for ID 1252 or 1480, which are all from svchost.exe, there are multiple instances with the same process ID. It seems that for svchost.exe, the process IDs are not unique. So even if you let dnscache for the ID1480, also LanmanWorkstation has the ID1480, but you did not allowed LanmanWorkstation. It is still blocked.

    Multiple rules are applied to the same application path. You can have a rule to allow System32\svchost.exe and multiple rules to block different connections of System32\svchost.exe. They do not interfere.
    If you have the multiple rules with the same name in WFC, when you modify one of them, the command that is executed to apply the changes contains the name of the rule, and the changes are applied to all the rules that have the same name. You can change the names via WFwAS but if you modify a rule in WFC and two rules are named the same, both of them will be modified.
     
  7. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    But I allowed all services related to that ID (CryptSvc, DNSCache, Lanmanworkstation and NLASvc=all instances with the same ID) and still there where blocks listed in the eventmanager with the same ID.

    Understood! Thank you :)
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    Maybe they have some dependencies and need other components to be allowed along them.
     
  9. CGA

    CGA Registered Member

    Joined:
    May 11, 2007
    Posts:
    18
    I definitely cannot get the preview to work, old version installs just fine, preview crashes as soon as it is installed. Even the uninstaller crashes (same error, "This program has stopped working"). Followed every tip in this tread, even changed my AV software, no avail. Oh well, guess I'll wait for the stable version and hope for the best.
     
  10. ibydos

    ibydos Registered Member

    Joined:
    Nov 1, 2011
    Posts:
    5
    I know what the button "[x] Dont allert me again about this program" does.
    But my problem is that I add something like Allow 1.1.1.1:111 TCP and it askes me over and over again about Allow 1.1.1.1:111 TCP again. Even if the program is closed for minutes. I still get popups. I had this behavior with mirc and svchost. I think you need to filter out popups for rules that already exist. If I check "[x] Dont allert me again about this program" sure I do not get popups anymore but I want popups, but not popups for something I already blocked or allowed. Got it?

    My Windows is English. Just my keyboard is German.
    I am using W7_64_ultimate with SP1 and I am in the Administrator Group. UAC is disabled.
     
  11. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Yes I got it. This is exactly the same that happened to me when trying to define positive rules for svchost and it's dependencies. Alex made that clear to me in the resulting posts above.
     
  12. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Just an information for Alex: My Windows 7 x64 is German, 3.100 works flawlessly on my system.
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    Version 3.1.0.0 Preview 2

    I have fixed some incompatibilities and added a few new checks at the program execution.

    Download Link:
    http:/binisoft.org/download/preview2/wfc.exe

    If you already installed the first preview version, just overwrite your wfc.exe with this one.

    Thank you for your support.
     
  14. CGA

    CGA Registered Member

    Joined:
    May 11, 2007
    Posts:
    18
    Now I'm getting this, Firewall service is started (and set to automatic) according to services.msc.

    http://i.imgur.com/GfDcb.png
     
  15. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Last edited: Nov 14, 2011
  16. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    As I just overwrote the old wfc.exe with the new one, I could not see the "few new checks" you added. What did you add?

    Everything working fine so far...
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    "A few new checks" is referring to the code. There is nothing that you could see. The last preview version helped me out to find out what the problem had CGA. I hope this week I will finish the website and publish the new version.
     
  18. CGA

    CGA Registered Member

    Joined:
    May 11, 2007
    Posts:
    18
    If only all developers were as responsive as you alexandrud, nice work solving this.:thumb: :thumb: :thumb:
     
  19. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I agree!
     
  20. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    My only complaint now is that the alert system does not know when a rule has been created for allow or deny. Example: wmplayer.exe wants outbound, create a rule to block specific address and apply. WFC continues to alert for that specific address. Same goes for if you create an allow rule. The buggy part is that the file in question(wmplayer) could have been closed ten minutes or more prior and the WFC alert continues on disregarding whatever rule was made for it. For testing purposes, and using the wmplayer process which I just previous made a block rule for, I blocked it again and get another rule. The rule has wmplayer path but next to it, it will have something like this (qixnvcezoa). <--- that is not an exact match to what is between the ( ) but you get the idea. Ok, that rule has been created but here comes another popup alert, I create another rule for it and the gibberish between the ( ) changes and so on.

    As you can see in the picture below, I've already made a rule for blocking in WMP. I open up WMP and get an alert and make another block rule just above the rule that has been made for some time now. Notice the gibberish that goes along with the path. And as you can see from the alert, two rules have already been made but here is another alert for the same thing. That remote address in the alert is now in both created rules and being alerted to again.

    Untitled.jpg
     
    Last edited: Nov 14, 2011
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    I will try to find a workaround.
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    Indeed, if the last entry from the security log is from ten minutes ago it could be possible to show you again a notification for this connection. I already fixed this, and now, if the last entry is older than 3 seconds it will be skipped.

    Now, about the other thing. If you have a rule to allow a program and the connections details match that rule criteria, there will be no event ID 5157 logged into the security log. This means everything is ok, no connection was blocked, no notification to show.

    If you do have a rule to block a program, even if it matches a rule criteria (there is a rule to block it), even if it has no rule defined, WIndows Firewall will write into the security log about the fact that a connection was blocked, a new event 5157. WFC reads this and shows a new notification. For this purpose is that check box "Don't alert me again about this program".

    To summarize, there are no problems with rules that allow something, there is a problem with rules that block something. To avoid this, choose to not to be alerted again. I'm sorry but this is the only solution right now.
     
    Last edited: Nov 15, 2011
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    Version 3.1.0.0. available

    I have resolved some of the problems, the ones which have a solution. I have uploaded the new website and the final version 3.1.0.0 is available for download. Other problems that could appear will be fixed in a future version.

    http://binisoft.org

    Please share here your opinions about the new version and about the new interface of the website.

    Thank you for your support,
    Alexandru

    P.S. The version for 125DPI is not ready yet. Maybe tommorow I will finish it.
     
  24. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Congratulations, your website looks great!
    Any advice for the update from Preview 2 to Final?
    Or is it just overwriting wfc.exe again?
     
  25. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    993
    In my Maxthon... :rolleyes:
     

    Attached Files:

    • w2.PNG
      w2.PNG
      File size:
      12.1 KB
      Views:
      858
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.