another Windows Firewall Control?

Discussion in 'other firewalls' started by moontan, Feb 15, 2011.

Thread Status:
Not open for further replies.
  1. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    So I did a clean install now.

    What I am missing now is
    - the service name "wuauserve" behind the windows-update rule (svchost)
    and
    - the service name "W32 time" behind the windows-timeservice-rule (svchost)

    Are the rules for that specific svchost rules no longer connected to the services (like it was in 3.3.0.1)?

    Thank you :)
     
  2. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    I also realized that the Firewall rules created with WFC no longer show up in WFwaS. So when I now export the policies, what rules do I export then:

    all rules - including the ones of WFwaS or
    only the rules created by WFC?
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    This apply only for this version. When you have checked for updates you used version 3.3.0.1. When you will use this feature from this version, 3.3.0.2, it will download the new version on your desktop. You will see that it will work when a new version will be available, for example version 3.3.0.3.

    The only remote address where wfc.exe should connect is 50.22.79.60 port 80 TCP, where it checks an XML file for available updates. That's it. Any other attempts should be blocked. They are probably verifications of security certificate and other stuff introduced by Visual Studio or by the obfuscation program used. WFC is safe.

    As you already noticed, this applies only to a clean install when the rules are created. From Manage Rules, when you edit the properties of a rule, you can set a group name for every rule. The rules created by WFC are created in group "Windows Firewall Control". You can change the group to whatever you want.

    Indeed. I will fix this. I don't know why the service name wasn't saved. I will investigate.

    WFC uses the same rules as WFwAS. When you go in WFwAS, scroll down and you will see the rules that you have created in Windows Firewall Control group. They are all there. Also, when you export and import a policy, all rules are imported / exported, including the WFC ones and the original ones. All of them.
     
  4. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Thank you, Alex, for your answers.
    :)
     
  5. highend

    highend Registered Member

    Joined:
    May 28, 2012
    Posts:
    3
    I'm currently using "Medium Filtering" with v3.3.0.2

    I've allowed javaw.exe to work in the private profile but only for the "in" direction, before I installed WFC.
    The two rules are:
    Name: Java(TM) Platform SE binary
    Group:
    Program: C:\program files (x86)\java\jre6\bin\javaw.exe
    Profiles: Private
    Enabled: Yes
    Action: Allow
    Direction: In
    Protocol: 1st rule: UDP / 2nd rule: TCP


    My preferred download tool is jdownloader. It uses the javaw.exe to actually manage the downloads.

    An opened connection (currently downloading looks like this):
    Process Name: javaw.exe
    Protocol: TCP
    Local Port: 62639
    Local Address: 192.168.0.20
    Remote Port: 80
    Remote Address: 178.33.xx.xx
    State: Established
    Process Path: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
    Window Title: JDownloader

    Because only inbound connections for javaw.exe are allowed shouldn't WFC block an outbound connection for it?
     
    Last edited: Jun 3, 2012
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,587
    Location:
    North Carolina, USA
    Hello,

    Ever since the latest update (3.3.0.2), Windows Update is being blocked. I do not see a rule for it either. I can make a blanket rule for all svchost but that is too broad and I do not want to do that. How do I make a rule for Windows Update for svchost.exe -k netsvcs (just for netsvcs)? I am at a loss as how to do this. I also tried learning mode but do not get any pop-up. Any help will be appreciated...
     
  7. cyberrufus

    cyberrufus Registered Member

    Joined:
    Feb 17, 2012
    Posts:
    6
    Location:
    USA
    Easiest way to handle Windows Update is just create a rule for the service itself.
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    With Medium Filtering enabled, JDownloader does not work until you create a rule to allow outbound connections for javaw.exe. Please check your rules, if JDownloaded can connect and download files, there is a rule to allow outbound connections for javaw.exe.

    Windows Update should work through the rule named "WFC - Windows Update". Unfortunately, this rule is generally for svchost.exe and does not include only the Windows Update service. This will be fixed in the next release, which I plan release soon. The new version will be able to set the service name for a rule, from Manage Rules. This problem will be fixed in a few days.

    Learning Mode works only for Medium Filtering profile. Which profile do you use ? And what version of Windows and in what language ?
     
  9. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,587
    Location:
    North Carolina, USA
    Hello,

    Strange I do not have that rule.

    Yes, I can manually add a rule for svchost.exe and Windows Update will work. However if I do a rule for wuauclt.exe (Windows Update), Windows Update is still being blocked.

    Cool !!!

    I am using the medium filtering profile with learning mode enabled. My OS is Vista HP x64 with all service packs and hot-fixes up to date using the English language. As for the learning mode, I get no pop up when Windows Update is trying to update but Update is being blocked. I can verify by allowing all traffic via WFC main GUI.

    On another note, I assume my exporting policies problem was not fixed this release as it is still present. On a side note, whenever exporting policies is failing, any changes I make in "Manage Rules" does not stick either. The changes appear to take but next time I go back to "Manage Rules", the changes did not stick. These two problems seem to go somewhat hand in hand as they both seem to always occur at same time and only a reboot gets things back as they should be.
     
  10. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Alex, I've found another issue:

    Although I created the following rule...

    Block
    c:\windows\system32\taskhost.exe
    Remote Ports: 80,443
    Remote Addresses: 65.55.7.141

    ... WFC still notifies me about:
    taskhost.exe on Port 443 and address 65.55.7.141

    That reminds me of former WFC-versions where we had to activiate "don't bother me again".

    Thank you :)
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    This happens because the ports from the rule must be the same as the new attempt of connection. Your rule contains ports "80,443" and the new connection is made on port "80". They are not the same, and from this reason, you receive a new notification. I will change the program's logic to search in defined ports instead of compare them. Until then, I recommend you to not set the remote ports field for the rules that block programs (Anyway, taskhost.exe will not try to connect on other ports, so specifying the ports is not required). I will fix this in the next release.
     
  12. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Good to know, thank you.
    Are multiple IP addresses treated the same way as multiple ports?
     
  13. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Another issue:

    In the above rule I wanted to delete the ports 80 and 443 from the rule, that means change from "custom ports" to "all ports".
    In the manage-rule window I doubleclicked the rule, changed the remote ports to "all" and applied. 80 and 443 disappeared from the rule in the rules list.
    After closing and reopening the manage-rule window 80 and 443 as remote ports are back in the rule.
    I can reproduce that.

    Addition:
    I was even able to reproduce this with an "allow" rule, which I tried to change the ports from "custom" to "all". They disappear when clicking "apply".
    After closing and reopening the manage-rule window the ports are back.

    In both cases this behaviour occurs either on doubleclicking a rule or on using "properties".
     
    Last edited: Jun 7, 2012
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    Yes, it works the same way. I will fix this too.

    You are right. It works only if you select ANY protocol. Thank you for reporting this error. I will fix this too. In a few days, the new version will be out and all these things will be fixed. Thank you again.
     
  15. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    You are welcome.
    Thank you again, for your excellent support!
    :)
     
  16. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    993
    Tried and is fixed and working like a charm. Thanks.
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    Version 3.3.0.3 available

    What's new:
    - New: The service name can be specified from the Properties window when editing a rule. From a drop down list. (puff-m-d)
    - Fix: Service names are not properly set for the recommended rules when the program is installed. (puff-m-d)
    - Fix: Local ports and remote ports are not saved when modifying the properties of a rule in Manage Rules. (Broadway)
    - Fix: Duplicate notifications for the same connection when the remote ports contains multiple ports. (Broadway)
    - Updated some templates.

    Download link: http://binisoft.org/download/wfc.exe

    Any feedback is welcome. Share your opinions about new features, possible existing bugs, etc. As always, I will try to implement new stuff, if it is possible and I will fix any problems reported that can be fixed.

    Just check for updates and install the new version.
    Thank you all for your help,
    Alexandru
     
  18. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,833
    thanks for the news
    but is there a old version that doesn't need frame 4?
    i don't want to install frame 4
    thanks
    cheers
     
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    The latest version that was using Net Framework 2.0 was version 3.1.0.3.
    Net Framework 2.0 was released 7 years ago. From version 3.2.0.0, I have used Net Framework 4.0 for the development. Net Framework 4.0 was released in 2010 and adds many new features and improvements. My suggestion is to update to the latest Net Framework available. It can't be bad for your system.
     
  20. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Thank you. I just made a clean install and set up my rules. Runs fine so far...
    :)
     
  21. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,961
    Location:
    Location Unknown
    Holy Hell....please tell me this is a mistake. 200 meg for a gui? It's not even the firewall, just the gui for it. I can certainly understand reluctance to further make ourselves dependent on .NET.

    (Yes, RAM is inexpensive. That's not the point. Have people forgotten how to efficiently code?)
     

    Attached Files:

  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    The code is optimized. Every window is disposed properly, any collection, list, dictionary, etc. On my systems, wfcs.exe never had more than 30MB, and wfc.exe never requested more than 80MB. I will try to see what eats up so much memory. Unfortunately, the NET Framework takes to much memory. I will see what I can do.
     
  23. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,961
    Location:
    Location Unknown
    I should clarify....it's not WFC that I dislike. I like it, and I donated to it. It's .NET that I hate. Anything that uses it is going to suffer from similarly high usage statistics.
     
  24. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,833
    i update framwork 4

    is there a way to backup my w7 firewall built in setting manually?
    i mean i want to backup it
    how can i do it Manually?
    thanks
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    You can use "Export Policy" from WFC main interface. This will save all of your firewall rules, which can be imported back, by using "Import Policy". WFC is fully compatible with WFwAS firewall rules and works directly with them. When installing WFC, no firewall rules are deleted. Only, if at installation, the user choose to create recommended rules, WFC will add 8 new rules which can be easily deleted from Manage Rules window. If the user choose not to create recommended rules, no new rules will be added.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.