another Windows Firewall Control?

Discussion in 'other firewalls' started by moontan, Feb 15, 2011.

Thread Status:
Not open for further replies.
  1. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    I've managed to get an older copy in Softpedia so that I can uninstall my copy properly. Just informing you. :D.
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    Selecting the Policies tab does not set the profile to No Filtering. It is possible that your Windows Firewall is off or Windows Firewall Control Service (wfcs.exe) is not running. In this case you will see the slider set to No Filtering.
    To uninstall, run "wfc.exe -uninstall". There is indeed a problem with the uninstaller and I have found it. I will provide a fix later this day. One line of code was commented at compilation time and which prevents the parameters to be read at program launch.

    The old format *.wfc is a zip file. Unzip the file in it and set to the file extracted the extension *.wfw. This file is the policy file that you need.

    It depends on what rule you have set in the first place.
    1. If you dismiss a notification ("Ask me later"), a new notification for the same program can be generated only after minimum 1 minute.
    2. If you set for a rule a single remote IP, it is very probably that the next time the program will try to connect to a different remote IP and a new notification will be generated. Try to set a range of IPs.
    3. Try to not set the local port, because if a rule blocks a local port, then probably that program will try to use a different port.

    Please give an example of a rule that you have set and a notification that should be generated but it does not. There are a lot of scenarios possible.

    Nothing has changed regarding the notifications system. It is the same used in the previous version.

    You can use the Update function. You don't have to uninstall the previous version before installing the new one. Just run the new version and it will update the old version automatically.
     
    Last edited: Sep 24, 2012
  3. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Like the performance of the new version :thumb: But one minor thing I've noticed is that it doesn't recognize the middle click configuration of my touchpad. Under mouse settings, I have configured my Alps touchpad to recognize taps at the upper right coner as a middle click. When I do this on the either of the program's windows, it shows auto scroll instead of closing the window. Although, my Logitech Anywhere MX mouse's middle clicks (which technically doesn't have a middle click button, but I have configured the middle switcher button to act as a middle click button) is being recognized as a expected.
     
  4. tomazyk

    tomazyk Guest

    I have one question about WFC: can it be run under Standard User Account or do I have to be admin to run it?
     
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    Middle mouse click will close the current view. All views from WFC can be easily closed by pressing middle mouse button on them. You will not see auto scroll when you press middle mouse button on Manage Rules window because it is not supported. On this click, the window gets the closing event.

    You need administrative privileges only at installation because it must install a Windows service. After installation, you will need only standard privileges. It works very well on standard user accounts.
     
  6. highend

    highend Registered Member

    Joined:
    May 28, 2012
    Posts:
    3
    v3.7.0.0

    Profile used: Medium filtering
    Notifications: High

    Registered user, so it's running activated.

    I don't get any notifications at all when I start an application that wants to access the internet.

    Windows 7 SP1 x64 Ultimate German.
    wfc + wfcs are both running.

    I get lots of 5157 IDs in the security event log:

    Code:
    Protokollname: Security
    Quelle:        Microsoft-Windows-Security-Auditing
    Datum:         24.09.2012 18:57:43
    Ereignis-ID:   5157
    Aufgabenkategorie:Filterplattformverbindung
    Ebene:         Informationen
    Schlüsselwörter:Überwachung gescheitert
    Benutzer:      Nicht zutreffend
    Computer:      UK-DT-01
    Beschreibung:
    Die Windows-Filterplattform hat eine Verbindung blockiert.
    
    Anwendungsinformationen:
    	Prozess-ID:		5480
    	Anwendungsname:	\device\harddiskvolume1\program files (x86)\internet explorer\iexplore.exe
    
    Netzwerkinformationen:
    	Richtung:		Ausgehend
    	Quelladresse:		172.16.36.40
    	Quellanschluss:		62166
    	Zieladresse:	209.85.148.94
    	Zielanschluss:		80
    	Protokoll:		6
    
    Filterinformationen:
    	Laufzeit-ID des Filters:	83537
    	Ebenename:		Verbinden
    	Laufzeit-ID der Ebene:	48
    Ereignis-XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <EventID>5157</EventID>
        <Version>1</Version>
        <Level>0</Level>
        <Task>12810</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8010000000000000</Keywords>
        <TimeCreated SystemTime="2012-09-24T16:57:43.302661700Z" />
        <EventRecordID>23390</EventRecordID>
        <Correlation />
        <Execution ProcessID="4" ThreadID="104" />
        <Channel>Security</Channel>
        <Computer>UK-DT-01</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="ProcessID">5480</Data>
        <Data Name="Application">\device\harddiskvolume1\program files (x86)\internet explorer\iexplore.exe</Data>
        <Data Name="Direction">%%14593</Data>
        <Data Name="SourceAddress">172.16.36.40</Data>
        <Data Name="SourcePort">62166</Data>
        <Data Name="DestAddress">209.85.148.94</Data>
        <Data Name="DestPort">80</Data>
        <Data Name="Protocol">6</Data>
        <Data Name="FilterRTID">83537</Data>
        <Data Name="LayerName">%%14611</Data>
        <Data Name="LayerRTID">48</Data>
        <Data Name="RemoteUserID">S-1-0-0</Data>
        <Data Name="RemoteMachineID">S-1-0-0</Data>
      </EventData>
    </Event>
     
  7. Juha L

    Juha L Registered Member

    Joined:
    Dec 25, 2007
    Posts:
    48
    I am very happy that WFC is now much snappier in my older laptop. Thanks!
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    Windows Firewall Control v.3.7.0.0 updated assembly

    I apologize for the troubles you have reported with the latest version regarding the auto update and the uninstall. By mistake, I have uploaded a test version on the website, which had a line of code commented.

    From this reason:
    1. The auto update did not work if an old version of WFC was already running.
    2. The uninstall did not work.

    These two were fixed by recompiling the assembly again with that line of code uncommented.

    Installation notes:
    If you already installed version 3.7.0.0, just download the new wfc.exe and replace it manually in the installation folder. If you did not installed yet the new version, the installation process is as usual.

    I have re-uploaded the correct file on the website:
    Download link: http://binisoft.org/download/wfc.exe
    MD5: 7B688377CB529ED91AE8ABF2C2D20D14

    Again, please accept my apologies. Please share your feedback about the new release.

    Thank you for your support and your patience,
    Alexandru Dicu
    BiniSoft.org Team
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    Please go to Event Viewer (run "eventvwr.msc"). Under "Application and Services Logs" you will see a subcategory named "WFC". Here you can see all the errors that were logged by WFC. On the right, there is a button named "Save All Events As...". Please use this button to export an *.evtx file to your disk. Please send this file to: support@binisoft.org in order to find the problem that you have.

    1. Make sure that the following Windows services are running: "Windows Firewall", "DNS Client" and "TCP/IP NetBIOS Helper".
    2. If you change the notification level, the problem persists ?
    3. If you restart wfc.exe, the same result ?
     
  10. PabUK

    PabUK Registered Member

    Joined:
    Sep 11, 2012
    Posts:
    18
    Just updated to 3.7.0.0 and am experiencing a small GUI bug on the profiles tab. Every time WFC is started (or the window is re-opened) the slider reverts to "No Filtering". The actual last selected profile appears to still be in effect, as indicated by the system tray icon and by testing an app I haven't unblocked, so it looks like it's just resetting the slider every time the window is created.

    On a different note, would it be possible for WFC to remember the position of the main window? I'd like to have it at the bottom-left corner of my screen, but at the moment it always defaults to the bottom-right every time the window is opened.

    Other than that, nice improvements in the new version. Pleased to see memory use going the right way. :)
     
  11. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Running fine, no problems here!
    Thanks - great improvement! :)
     
  12. Hillsboro

    Hillsboro Registered Member

    Joined:
    Jul 21, 2006
    Posts:
    86
    Location:
    CH/USA
    Alex,

    It there anyway to have the DNS client disable and still use the full registered version? WFC is the first WFW add on application (that I am aware of) that requires the DNS cache client to be enabled. The problem with this is even when an application is blocked in the rules it can still call home as a child via/the system and circumvent the block when the DNS cache is enable. Through the years I have used different firewalls and all functioned with the DNS cache disabled.

    Thanks for your time and a great product
     
  13. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Just FYI, in this new version, closing the window with the middle mouse click appears to be working only on the main window, not the Manage Rules window.
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    I will check the problem with the slider. Maybe on some systems, the initialization of the slider is faster than getting the value and it remains to the default value. I will make the main window to remember the last position. This is easy to do because the mechanism is already implemented.
    How it works. Windows Firewall generates some events in the security log when a new connection is blocked. Based on some filtering levels, some of these events are captured by WFC and redirected to the user as notifications. These events contain the remote IP address where the connection was initiated. If DNS Client service is enabled it can resolve the remote IP and the event will contain the remote IP. If DNS Client service is disabled, then, instead of the real remote IP you will see the IP of your router. If you don't have a router, you will see the IP of the gateway from your ISP. WFC works with all it receives from Windows Firewall. Learning Mode can work without DNS Client but you will not see the real remote IP. This limitation is not from WFC. It is from Windows Firewall. I know that other firewalls don't need this service to be enabled, but this is because they use their own network filters and they resolve DNS with their set of tools. I can only use what the operating system offers to be used.
    Probably I have override that method and forgot about it. It will be fixed.
     
  15. Ring0

    Ring0 Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    66
    Allo! there anybody home ??

    I'm sorry, no fun anymore, would say sad, very sad.
    This does not deserve any more comment, nonsense like this? it's waste of time.
    Those who understand will understand, who do not understand it does not need to understand.
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    I really do not know what you actually want. You are against of all my posts, but you never say black on white what is wrong. You're just behave like a cynical person who actually don't say anything useful.

    "Those who understand will understand, who do not understand it does not need to understand."

    I am one that do not understand. This forum is about helping each other not to brag yourself how clever are you and how stupid are the others who don't understand you.

    If you have a better explanation for Hillsboro's question, please offer an answer, otherwise don't get smart around this forum.
     
  17. Ring0

    Ring0 Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    66
    Allo! there anybody home ??

    I will start from behind, LOL.

    Hillsboro's question? Windows firewall does not need DNS cache enabled, and can resolve any IP with the DNS cache disabled, no additional tools needed to resolve any IP. Minimum knowledge is needed, you are a software developer, or what ?? take time, there are no shortcuts, go read to understand these things.

    I'm sorry that you do not understand?? Gladly to help simple user, but no one who claims to be paid for their "works" you are software developer, or what ?? This is no longer just your problem but also problem of all WFC users, would be necessary for you to understand.

    No, I'm not against of all your posts, I am against stupidity like this "This limitation is not from WFC. It is from Windows Firewall."

    So, I have to say unless this is clear to yourself, learning further would be rather inefficient.
     
    Last edited: Sep 25, 2012
  18. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    A post full of arrogance. And please stop saying "Allo! Anybody home?". It's annoying, it doesn't make you look cool. The developer is answering the question of some members and yet there will be comments like allo anybody home. You didn't even explained anything. Imma report you know.
     
  19. hornet77e

    hornet77e Registered Member

    Joined:
    Jun 19, 2012
    Posts:
    5
    For guys like you there is a very simple solution.
    Sit down and make your own program !!!!!!!!!

    This is a gui for the windows firewall not a standalone firewall !
     
  20. Ring0

    Ring0 Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    66
    Hello guys and futher ♥ ^__^.

    Please do not kill the messenger just because he said that someone is naked.

    For simple user should be answered a little 'more detailed.
    But this does not solve the problem, problem remains, because one who pretends to controll windows firewall writes and thinks so;

    This shows ignorance in the field.

    With GUI like this (paid version of wfc) average user has to have chance to improve their privacy and security. Disabling DNS Client in part you can do this. Avoid blocked apps call home and hopefully solving a few more malware problems.

    Windows firewall does not need DNS cache enabled, and can resolve any IP with the DNS cache disabled, no additional tools needed to resolve any IP. So, this can not be an excuse to not have this posibility. I stop here,it's not my problem, I do not need gui for windows firewall.
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    Nobody said that Windows Firewall needs DNS Client service enabled to run. It is obvious that it can run without it. But if this service is disabled, instead of the real remote IP of the connection will, Windows Firewall will record events of blocked connections with the remote IP of your router on UDP protocol on port 53. You can check this if you go to Security Events after you disable DNS Client service. You will see there a lot of connections to the same IP on port 53, protocol 17 (UDP).

    WFC uses these events and extracts data from them to display a notification to the user. If the data logged in the Security Events log do not contain the real remote IP address, WFC can't guess them. And, again, this is a limitation of Windows Firewall, not of WFC. WFC just reads data from your system and displays them. WFC does not filter anything.

    There is no problem. It is stated on the website under System Requirements:

    √ The following Windows services are required to be enabled for the notifications to work: "DNS Client" and "TCP/IP NetBIOS Helper".

    So, if a user sees this and he agrees with this and installs and uses WFC, where is the problem ? Just because you like to disable DNS Client, this does not mean any user should do it. By default, Microsoft left this service to start automatically. Probably they had a very good reason. If this was such a major security breach, they probably never would have created it.

    Disabling DNS Client can slow network searches down or browsing for other computers on your network, because it will have to build the list every-time. DNS Client service simply acts like a cache. This will not improve your security (this is why, we use a firewall, an antivirus, an antispyware, etc) and your browsing experience may be worst.

    See the first answer.

    Like hornet77e said, do your own software if you don't like this. If you don't even use WFC because you think it is so bad, why you are losing your precious time with posting in this thread ?
     
  22. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,587
    Location:
    North Carolina, USA
    Since I cannot get the learning mode to show all notifications (notifications are random at best), I have had to remove wfc for the time being. I will try the next release to see if I still have the problem. I have been using wfc for quite a while now and now how it works. I have never had this problem until this release. For the record I have tried doing a repair to my windows firewall and resetting it to default. I am using wfc set to medium filtering profile and medium notifications (Vista HP x64 with current with all service packs and hot-fixes).

    It depends on what rule you have set in the first place.
    1. If you dismiss a notification ("Ask me later"), a new notification for the same program can be generated only after minimum 1 minute. I am aware of this, it does not matter if I wait one minute or one hour.
    2. If you set for a rule a single remote IP, it is very probably that the next time the program will try to connect to a different remote IP and a new notification will be generated. Try to set a range of IPs. This is exactly the problem, once a rule is generated for either an IP or port, or both, no further notifications happen for that port, however if a new port is trying to access, I do get a notification. Some apps I do not get any notifications for at all..
    3. Try to not set the local port, because if a rule blocks a local port, then probably that program will try to use a different port. I am trying to generate rule by port and IP, almost all of these are allow rules. But as mentioned above once a rule is generated it limits what notifications I receive after that point.

    Please go to Event Viewer (run "eventvwr.msc"). Under "Application and Services Logs" you will see a subcategory named "WFC". Here you can see all the errors that were logged by WFC. On the right, there is a button named "Save All Events As...". Please use this button to export an *.evtx file to your disk. Please send this file to: support@binisoft.org in order to find the problem that you have. Nothing is showing in the event viewer.

    1. Make sure that the following Windows services are running: "Windows Firewall", "DNS Client" and "TCP/IP NetBIOS Helper". These three services are running and set to auto along with the windows firewall driver running and set to on demand.
    2. If you change the notification level These three services are running and set to auto along with the windows firewall driver running and set to on demand.l, the problem persists ? Problem persists with any notification level.
    3. If you restart wfc.exe, the same result ? Restart has no effect.

    I will wait for the next release to test. All previous versions have worked with no issues like this. I love your software and keep up the good work. I do not want to sound complaining but the learning mode not working properly has mad wfc non-usable for me at this time. I look forward to the next release.
     
    Last edited: Sep 26, 2012
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    On Windows Vista the recorded events are 5152 instead of 5157 in Windows 7 and 8. Also, these events are less.
    If you get a notification for Firefox.exe and you allow it on port 80, you will never be notified again for port 80 because it is already allowed. But, if Firefox.exe tries to connect to port 443, you will be notified again about it.

    This means that there is no error generated while WFC is running. This is ok.

    I will install a real machine with Windows Vista and I will test it live to see what is happening on Windows Vista.

    Thank you for your feedback.
     
  24. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,587
    Location:
    North Carolina, USA
    Here is example of what I see: Say the first time xyz.exe tries to connect a rule is generated for port 80 and IP 1.2.3.4 to be allowed. Now IP 4.3.2.1 on port 80 tries to connect to xyz.exe, connection is blocked but no notification. This is what is happening and since I cannot approve the new IP on the same port, xyz now loses its connection. I can delete this rule and the process will repeat itself but always no notifications after the first rule. I am trying to accomplish rules for particular softwares that connect always on the same port but may have 3 to 5 different IP's that they connect too.

    I HTH and makes what I am trying to say a bit clearer and understandable.
     
  25. JimboW

    JimboW Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    280
    I'm getting this too with this release. Other than that, nice update.:thumb:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.