another Windows Firewall Control?

It always helps to provide some details on how Alexandru could do this....

Yes, I agree with you, now...

Actually by providing a variable time, WFC will be better than (most?) other firewalls that only let you specify Allow, Block or Ask.

What 'cha doing for the next few days Alexandru?

J

 

Thanks for the details.
I used to be a programmer....30 years ago; this is what I think: there is no bug and no emergency so take your time! Let us discuss further with other users and see the result of our brain-storming -but I like your idea ! -

 

I can include the "Temporary Rules" in the same list with the user created rules. This rules are anyway created by the user.

You have pointed some interesting ideas in your papyrus. They will remain here for the posterity.

But, I really don't see why a user will want to block a program today and tomorrow but hey, it's Thursday, let's allow back this program. This feature will add a lot of complexity in WFC and the purpose of WFC was and is to make things simple. All that you have suggested can be done, but time based rules will make a lot more difficult to manage the rules.

Let's assume that the user creates a few time based rules and forgets about them. After a few days they are deleted automatically. Then, the user will start posting on the forum about his disappearing rules and he can swear that he doesn't remember when he created time based rules.

So, my proposal is to skip any future notifications for a program until the next restart of WFC. I think this is a more reasonable approach.

 

I know, if we could only do away with the user .

I'm fine with the way it's working now and don't mind Managing a few rules when I need to. So burn the papyrus, no need to waste the space...

J

 

Yes I agree, but here is a better way, IMO, of implementing it. At the moment, I believe the "Ask Me Later" option is doing what a "Temporarily Block" option should be doing.

That is, simply copy the "Ask Me Later" actions to a new "TmpB" button inline with the permanently block option (also consider renaming the T button to TmpA ) and then change the current "Ask Me Later" label to "Block for this Session" aswell as it's actions.

 

'Allow' creates a permanent rule, no more notifications
'Allow T' creates a temporary rule, no more notifications until a WFC restart
'Block' creates a permanent rule, no more notifications
'Block T' creates a temporary rule, no more notifications until a WFC restart
'Ask me later' doesn't create a rule, notifications continue to display

 

Am I the only one who is experiencing a lag in the first open of WFC Control Panel in a single session? Only the first open has a lag of 30 sec to 40 sec. Every subsequent open is instantaneous.

 

This lag happens on x64 operating systems, mostly on Windows 7 due to the unresponsiveness of the .NET Framework assemblies. I did not find the source of this behaviour yet. When this happens, other .NET programs have the same problem too. I still investigate this.

 

Yup, I'm on Windows 7 x64. Hope you find a solution soon.

 

I notice that too, but got used to it. And it is by far not 30-40 seconds on my Win7 x64 system - it's less than 20 seconds here.

 

Step one
I have two test computers with a fresh Windows 8 x64 installation on them. On the first computer I disable Windows Update. On the second computer, I choose to install all available updates, around 900MB. Some of them were .NET Framework updates.
Step two
I download and install the latest version of WFC on both PCs.

Guess what ? On the first PC, when I click on the tray icon, it takes 1-2 seconds to show up the GUI. On the second PC, with the latest .NET updates, it takes 20-30 seconds to show up the main window.

Updates to the .NET Framework 4 require a complete regeneration of the Native Image Cache. For some reason, this does not happen and this is why every time you run WFC, the system must rebuild every NET assembly that WFC uses. Once they are build, they are in memory and on the second opening of the main window of WFC, it appears instantly. You can read below about similar problems with NET applications after a NET update:

http://social.msdn.microsoft.com/Forums/en-US/netfx64bit/thread/476e21c4-6b73-4f8e-bfab-a7aaae5b017f/
http://stackoverflow.com/questions/2947118/wpf-slow-to-start-on-x64-in-net-framework-4-0

Please try this Microsoft fix:
http://support.microsoft.com/kb/2570538

 

Win7 x64

(Not sure where things stood from the onset, but ...)

I have two users set up.
Ran the "fix" (manually) from within my normal user account.

In that account, without logging out, first start up is about 5 sec.

On my second account, first start up is around 20 sec., whether I log out, then back in, or whether I exit WFC, restart from short cut & then open Control Panel.

So both are slower then what one would expect, & then there is also the discrepancy between the two User accounts?

 

Hi alexandrud,

I wanted to report two small glitches:
- the "remote address" field in "rule properties" dialog doesn't accept all system names (i.e. LocalSubnet works but DNS and DefaultGateway don't).
- for rules with a protocol different from those provided, "manage rules" window shows the correct protocol while the "protocol" field in "rule properties" dialog shows a generic "Any".

I'd also like to submit as a feature request the ability to duplicate a rule for easy creation and editing of similar rules.

Btw, is there any news about logging feature?

Keep up the good work!

 

Oh yeah, I forgot to mention the same feature request. Duplication of rules. I found it would be useful when I was tweaking some rules.

 

All that seems really good.

 

Good suggestion. In this way, if the user creates a temporary block rule he can review it later and block it permanently. I already have updated WFC to contain this functionality.

I have updated the remote addresses textbox to support more keywords as valid input.
For the rules with protocols that are not listed in the protocols list in WFC, like GRE, the user must modify these rules from WFwAS. There is too much validation logic to support all the protocols that appear in WFwAS. Too much trouble. 99% of WFC users need only TCP, UDP or Any.
The logging feature takes too much resources and makes the program unresponsive. This task is very complex and depending on the size of the security log, it can take up to 5 minutes to process all the data and display it to the user. In all this time, the CPU goes very high. For the moment, the logging feature is not an attractive task.

Duplication of the rules is already implemented in the right click context menu of the rules.

The new version is coming up soon...

 

Version 3.7.4.0 available

What's new:
- New: Added new menu item in the context menu of a rule to allow rule duplication. Multiple rules duplication is supported. (60Watt, skudo12)
- New: Added support for creating a temporary block rule from the notification dialog. In this way, a new notification will not be displayed for the same program until the user will restart WFC and the list with temporary rules will be cleared again. (JW Clements, myk1)
- New: Added support for the following keywords when the user modifies the remote address of a rule in Manage Rules: "LocalSubnet", "DefaultGateway", "DNS", "DHCP", "WINS". (60Watt)
- Updated: When the user filters the rules in Manage Rules, the rules that are in the Temporary Rules group are considered from this version user created rules. (JW Clements)

Download location: http://binisoft.org/download/wfc.exe
MD5: e8da8cb87af981dea50ebdb48931f898

Your feedback is welcome. The list of new features is open. If you will suggest a new good feature and it can be done, I will implement it. As you can see, the newly proposed features are already integrated.

Thank you for your support and your feedback,
Alexandru

 

Hello alexandrud,

I have a small suggestion (it would help me and I hope maybe others). I have a few programs that when they do an update, a temporary file is created that does the actual updating. Because of this, when you are in manage rules and do a search for invalid rules, these rules (although they are valid - just the file does not exist at this moment due to way updating is done) are flagged to be deleted. Would it be possible maybe to have a checkbox in properties to exclude these rules from being flagged as invalid? I find myself sometimes not being as careful as I should be and deleting these by mistake every now and then. An example would be all of the O & O Software products (such as Defrag Pro). Thanks for your feedback and possible consideration of this feature. I realize this is not a common situation but it does exist and an exclusion option from finding invalid rules would be nice. Thanks again as I love your software and great customer support!

 

Unfortunately this kind of checkbox can't be implemented because the rules from Windows Firewall does not have a custom flag which can be set to remember this option. As you already know, Windows Firewall does not even have an option to find invalid rules. The functionality that you want will require an external file (let's say XML) to save the extra info. This file should be loaded on every opening of WFC. Also, this file must be updated and syncronized with the actual rules that resides in Windows Firewall. It is the same situation with the time based rules that other users have requested. It can't be implemented without a negative performance impact. Adding extra properties to the Windows Firewall rules, others than the ones that are by default will require to store them in a separate file. But, again maintaining the syncronization will be very hard. I think you must be careful which rules are you deleting and which rules should be kept. Sorry.

 

IMO, it is implementable just like your Temporary Rules. Here's how:

- In the Group tab there could be a flag (say DND, which stands for do not delete)
- WFC starts scanning for invalid rules, on user's command (by clicking the "Find Invalid Rules" button)
- It comes across an invalid rule
- It could then check the group flag of this invalid rule

- If it's DND, WFC ignores it (i.e. it doesn't select it for deletion)
- If it's anything else, WFC selects it for deletion​

Anything wrong with that implementation?

 

Thanks!

 

This is a workaround. "DND" group rules will not be deleted. A new checkbox is not needed in this case. Just a rename of the group to "DND" will mark the rule not to be deleted if it is invalid. I will think about it.

Hey, all of you, what do you think about this ?

 

If you can get it working properly without any performance hits, then for me at least it would be a nice feature. I do not have to have this feature and I am sure it would probably not be a high usage feature. I just thought of it after deleting a few wrong rules. So I guess IMHO that either way is OK, whatever you think would be best. Easy to do, no performance hits, then why not? I do not think it would be worth a lot of your time and effort unless those criteria are met...

 

I have some suggestions and one question

1 In the manage rules list
- 1.1 Show the icon of the app in the left
- 1.2 When there are several rules (10) for the same app the list is a mess, all this rules should be grouped in a tree view under the main app.
2 Pop ups
- 2.1 Add in every popup a link to check the exe in VirusTotal like SpyShelter - -does
- 2.2 In the popups is shown the IP of the external server, well while this is ok it's quite useless, would be nice to have an automatic whois...?(I don't know the tech. name) to show the server name, organization...
3? Detailed rules creation (Notifications Very High)

3? And the question is, why is not created a detailed rule for each app? I mean if an app ask for internet access using tcp, udp, local port, remote port, remote ip (ANY) ... why don't create a rule allowing only this and ask for every different connection requirement with a popup. A learning mode* would help.

If you give an app full access to internet and is hickjacked it will have access to internet, but if you get a popup from a browser asking for an unusual access to a .cn site... well that is suspicious.

I would "buy" the app with this features well maybe before but with all this would be perfect for me.

EDIT: I have just discover in screenshots that there is a custom rule creation in the popups, so the feature request would be to create a very high notification level where you can create custom rules automatically (without remote ip).
There should be an option to optimize and merge rules, I mean if you have 5 rules with different remote ports, create an unified rule with all the ports.

Regarding the learning mode:

*There is a real learning mode where the rules are automatically created?

 

That would be a neat feature Whenever it performs the loading on startup, it could grab the 16x16 icon of the executable and display. If the executable doesn't have an icon, there could be a default from the imageres dll in the windows/system32/ directory.

I think that would be a handy feature for slightly speeding up the loading aswell; instead of perform the reading of the entire firewall policy rules, the manage rules module could just read a registry entry of group titles and directories to executable files (through which it could also grab the icons).

This one's way out of Windows Firewall's scope; it would require another module like the "Virus Total uploader", which obviously is already provided by Virus Total. I think the user should install that additional load from Virus Total by themselves if it's desired.

This one's also out of Widnows Firewall's scope and would require making phone calls to an external IP on every blockade, not desirable. I think, again, if the user desires such additional load outside the scope of a firewall, they should use a separate program for that.

I think this is already implemented as "Customize Rule" in the notification pop-ups.

Huh? Not sure what you mean here, browser is only one application and connection from the browser to other websites is to be controlled by the browser itself. The firewall just gives the browser access to the internet, but it can be customized to your liking with custom rules and ports.

Uhm, a custom rule can't be generalized for every application, thus can't be automated, so not sure what you mean here.

That would be a handy feature in the manage rules window, just like the "Find Invalid Rules" option, this would be on the users command, thus there could be a warning stating that "the process can take a long period of time based on the number of rules you have and your system performance". That way, the user would know what to expect.

Yeah, this is already implemented.