another Windows Firewall Control?

Discussion in 'other firewalls' started by moontan, Feb 15, 2011.

Thread Status:
Not open for further replies.
  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,412
    Location:
    Romania
    It was in the same bug. :) It is already fixed. Thank you.
     
  2. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    175
    Location:
    Canada
    Little problem with the Windows Store, again; it appears there's still another IP range to be allowed. I'm able to update and search for apps, but I can't view their details (if I click on an app, it says my PC isn't connected to the internet). Based on the following connections which were blocked when I attempted viewing the metrofied Twitter app, what IP range do you suggest I add?

    View Details in Windows Store is being blocked.PNG

    BTW, changing the profile to "Low Filtering" seems to have fixed it, so it's not a rule that is currently blocking it, no rule has been created to allow it.
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,412
    Location:
    Romania
    The recommended rules that are installed by WFC don't block these IP addresses. If you use Low Filtering profile and you don't have this problem anymore, it means that there is no conflicting block rule. Then create an allow rule for svchost.exe for TCP protocol, remote port 443 and the following IP range: 64.54.165.0-64.54.188.0 . This should solve this.
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,412
    Location:
    Romania
    Version 3.9.1.6 available.

    What's new:
    - Fixed: Profiles and Manage Rules context menu items are enabled in the tray icon after restart of the program, even if the program is locked with a password. This happens if the user uses first the right click on the tray icon.
    - Fixed: The program crashes if the user presses on the "Check this file" button in Recently Blocked view on a connection generated by "System".
    - Fixed: "Please use the refresh button" message appears in Manage Rules if the user switches from a data grid without items to a datagrid with items.
    - Fixed: "Create new rule" tab buttons remain disabled until the user changes the selection again in Recently Blocked window, after the user creates a new rule.

    Installation notes:
    The same as usual. Nothing special. :)

    Download location: http://binisoft.org/download/wfc.exe
    MD5: 1c4bfcefc865637e3eb0252f1e1d071c

    You feedback is welcome. Thank you for your support,
    Alexandru
     
  5. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    175
    Location:
    Canada
    Yup that appears to have fixed it, though the IP range was 65.54.165.0-65.54.188.0 ;)
     
  6. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    175
    Location:
    Canada
    Very minor problem I bumped into: when editing the description of a rule, I noticed I can't perform a CUT of the selected text; pressing Ctrl+X results in a copy, same as the context menu "Cut" option. But, pressing Ctrl+X+X does result in a Cut.

    Another bug I noticed was that WFC currently doesn't recognize "RPC-EPMap" port as a valid custom port. I noticed this when I opened the system created rule "File and Printer Sharing (Spooler Service - RPC-EPMAP)" while on the hunt for generic Metro App rules (they only have the name of the app as their name and description, but don't specify the program location nor Any service) that were created prior to installing WFC.

    BTW, the duplicate notification when I wake the computer still exists.
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,412
    Location:
    Romania
    I can't reproduce the first bug. Ctrl+X does cut the text. Try with the other Ctrl key. I can reproduce the second bug and I will fix this. The last one, I will try to find a solution. Thank you for your feedback.
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,412
    Location:
    Romania
    Version 3.9.1.8 available.

    What's new:
    - Fixed: RPC-EPMap predefined port value is not recognized when editing a rule,making the rule unavailable for editing.
    - Fixed: Various logic improvements for faster loading of the program.

    Other notes:
    This is the latest version of the 3.x.x.x branch. From now on I will concentrate on the next version 4.0 which will have a redesigned user interface, more friendly and easy to use. New features will be also included. The new project is now only on paper and will require some time to implement it. So, any bug fix or feature, in the next version which will be ready probably in June.

    Download location: http://binisoft.org/download/wfc.exe
    MD5: 1bedbfa8abd9bef5830e7892bcf2b123

    Thank you for your support,
    The developer ;)
     
  9. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    I can't believe that WFC will become even more user friendly and intuitive.
    I am definitely looking forward to it...
    :)

    Thank you!
     
  10. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    175
    Location:
    Canada
    Not sure if this a is a bug with the current latest version of WFC or just a bug with Windows Firewall itself, but, I recently created a rule while on a public Wi-Fi network and I customised the rule to only allow connection when connected to a public network (public location). I just got home now and I see that the application I created the public-only rule for is still able to connect to the internet even though I'm connected to a private network, my home network.

    Is this a bug with WFC?

    P.S.: This was noticed on a Surface Pro

    --EDIT--

    Appears like it was partly a Windows Firewall problem and partly a WFC problem. Windows firewall at a later time (like 15 mins after I've been connected to the network) showed me a message about blocking some features of the program, then the program began indicating there was no connection. However, I never got any notification from WFC about the program being blocked, though in WFCs recently blocked connections log, I see several blocked connection attempts by the program.

    --EDIT--

    So, the bug in WFC appears to be that if I create a rule for a program and customize it to only allow on 1 or 2 location profile (Private, Public or Domain) networks, WFC doesn't notify me of connection attempts by the program when on a location profile network other than the 1 or 2 allowed. Mind fixing this in the upcoming v4 of WFC?

    Also, a suggestion for improving the usage of the program is to add the ability to create temporary allow/block rules from the recently blocked connections log. This would be useful for situations like these where you want a program to be able to connect permanently only on certain location profile networks, but you want to temporarily use the program on a location profile network where you haven't allowed it.

    --EDIT--THE FOLLOWING IS A LONG, JUICY SUGGESTION--GRAB A COFFEE

    It appears Windows Firewall doesn't allow the creation of multiple rules to allow a particular program through Windows Firewall for different location profile networks. When you create a rule to allow connections on a specific location profile network, Windows Firewall automatically blocks internet access on all other location profile networks that weren't allowed. As block rules have higher precedence than allow rules, creating a separate rule to allow the connections on other location profile networks is useless.

    @alexandrud You already appear to have implemented an if statement for checking if a rule exists for that program, in order to avoid creating duplicate notifications. Mind adding a nested if statement to check if the location profile of the current network is selected as an allowed connection? Something like the following:

    if (Rule doesn't exist) then
    Display Notification // This notification should have the option to customize the allowed locations (and possibly the type{s} of rule{s} {inbound/outbound/both} that should be created)
    else
    if (Location profile of the current network isn't allowed) then
    Display Notification // This notification should only modify the already in place rule so that it allows the current network's location profile
    end if
    end if

    Nothing new in the first half, just the ability to further customize rules from the notifications. In the case the user choses to block the second notification displayed, WFC could keep track of such incidence using the groups section. The following is are possible solution for every outbound case (yes I'm keen to see these features in WFC :p):

    (with no customization; there won't be any more notifications for the program)
    User allowed first notification
    - Create a rule like you currently do
    User temporarily allowed first notification
    - Create a rule like you currently do
    User blocked first notification
    - Create a rule like you currently do
    User temporarily blocked first notification
    - Create a rule like you currently do

    (with customization; there will be other notifications for the program if the user didn't select ALL location profiles)
    {User allowed first notification and}...
    ...allowed second notification
    - On first notification, create a rule similar to what you currently do, but append the allowed location profile to the group name, like "Windows Firewall Control Domain"
    - On second notification, if the allowed rule still doesn't allow on all location profiles, modify the already created rule and append the new allowed location profile to the group name, like
    "Windows Firewall Control Domain Public"
    - On second notification, if the allowed rule allows on all location profiles, modify the already created rule and change the group name back to "Windows Firewall Control"
    ...temporarily allowed second notification
    - On first notification, create a rule similar to what you currently do, but append the allowed location profile to the group name, like "Windows Firewall Control Domain"
    - On second notification, modify the already created rule and append the new temporarily allowed location profile to the group name, like "Windows Firewall Control Domain TPublic", where the T indicates
    temporary
    - Once restarted, WFC could delete the temporary location profile parts of the group name and remove the corresponding location profile in the rule
    ...blocked second notification
    - On first notification, create a rule similar to what you currently do, but append the allowed location profile to the group name, like "Windows Firewall Control Domain"
    - On second notification, no need to modify the already created rule as Windows Firewall behaves as intended, just append the new blocked location profile to the group name, like "Windows Firewall Control Domain XPublic", where the X indicates block.
    - WFC can then check each blocked connection attempt against the group name to determine if it should display a notification
    ...temporarily blocked second notification
    - On first notification, create a rule similar to what you currently do, but append the allowed location profile to the group name, like "Windows Firewall Control Domain"
    - On second notification, no need to modify the already created rule as Windows Firewall behaves as intended, just append the new blocked location profile to the group name, like "Windows Firewall Control Domain XTPublic"
    - WFC can then check each blocked connection attempt against the group name to determine if it should display a notification
    - Once restarted, WFC could delete the temporary location profile parts of the group name and remove the corresponding location profile in the rule

    {User temporarily allowed first notification and}...
    ...ALL THESE CASES ARE SIMILAR TO THE FIRST, EXCEPT YOU JUST ADD A T IN FRONT OF THE LOCATION PROFILE PART OF THE GROUP NAME THE FIRST TIME YOU CREATE THE RULE, like "Windows Firewall Control TDomain"

    {User blocked first notification and}...
    ...ALL THESE CASES ARE SIMILAR TO THE FIRST, EXCEPT YOU JUST ADD A X IN FRONT OF THE LOCATION PROFILE PART OF THE GROUP NAME THE FIRST TIME YOU CREATE THE RULE, like "Windows Firewall Control XDomain"

    {User temporarily blocked first notification and}...
    ...ALL THESE CASES ARE SIMILAR TO THE FIRST, EXCEPT YOU JUST ADD A XT IN FRONT OF THE LOCATION PROFILE PART OF THE GROUP NAME THE FIRST TIME YOU CREATE THE RULE, like "Windows Firewall Control XTDomain"

    And that's the end of the logic :)
     
    Last edited: Apr 10, 2013
  11. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    179
    Any possibility of adding the PID of the application, in the Recently Blocked programs list. When dealing with svchost hosted processes, it would help to narrow down which are involved.

    Thanks
     
  12. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Hello alexandrud, I sent a pm regarding a forgotten password, but it seems that wfc password lock is broken in the latest version. See pic. Main control panel is unlocked but I still can't open the Windows Firewall, and manage rules.
    -http://www.upload.ee/image/3227861/Untitled.png


    EDIT: Okay, I managed to solve the problem by restarting. But Firewall Shortcut in control panel is broken, any idea how to fix this? See pic, the icon is changed into a folder and clicking it is not doing anything.
    -http://www.upload.ee/image/3227862/Untitled.png

    EDIT2: After several restart (after running sfc /SCANNOW) it managed to be fixed.
     
    Last edited: Apr 13, 2013
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,412
    Location:
    Romania
    That was a long post. :) I will see what I can do. My first aim is to refactor the existing features and the existing GUI.
    This is possible. I can display the PID. From what I know, the PID is generated randomly, so it won't help you to find the service that requested the connections.


    kupo check your mail. All what you have described is normal to happen while WFC is locked. It locks also the access to Windows Firewall.
     
    Last edited: Apr 13, 2013
  14. 123blackjack

    123blackjack Registered Member

    Joined:
    Apr 12, 2013
    Posts:
    14
    Location:
    USA
    @alex,

    Do single svchost.exe contain multiple windows services in it? Is there any possibility for displaying actual processes/services in the rules/connections panes.
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,412
    Location:
    Romania
    No, svchost.exe does not contain any Windows service. Windows services use this file to connect to the Internet. Unfortunately, I can't find what service did the request, so I can't display the caller.
     
  16. 123blackjack

    123blackjack Registered Member

    Joined:
    Apr 12, 2013
    Posts:
    14
    Location:
    USA
    the output of below command , will it provide the info we need?
    tasklist /svc /fi "imagename eq svchost.exe"
     
  17. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    175
    Location:
    Canada
    Now that would be a very handy and completely unique feature of WFC :) Pinpointing the exact service(s) that resulted in the SVCHost connection block.
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,412
    Location:
    Romania
    If I execute this command on my system I receive all running instances for svchost.exe. However, if I look at the PID 1166 (just an example) I see: Appinfo, Browser, EapHost, IKEEXT, iphlpsvc, LanmanServer, MMCSS, ProfSvc, Schedule, SENS, ShellHWDetection, Themes, Winmgmt, wuauserv.

    As we can see, there are 14 services that use this PID. This is not very informative. Is not so simple to find the service name of a specific blocked connection. We need to identify only one of them. From this list of 14 services, I can't identify which one was.
     
  19. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    179
    Having the PID associated with svshost, will at least show which instance was making connections and thus narrow down the options for which individual hosted process was involved.

    Even though some instances of svchost support numerous hosted processes, it's pretty easy to tell which processes are responsible for making the connections, once the PID is known.

    Incidentally, the PID for a Windows system process won't change unless the service is terminated or the system is rebooted. Some system processes retain the same PID regardless, for example System idle (PID 0) and System (PID 4)
     
  20. Kob

    Kob Registered Member

    Joined:
    Dec 13, 2011
    Posts:
    35
    Hoping that the following short articles about svchost will serve as a catalyzer for the great minds of this forum, I humbly submit the following:

    1. Brief overview:
    http://en.wikipedia.org/wiki/Svchost
    2. Then, this linked explanation:
    http://www.happysysadm.com/2010/11/svchostexe.html
    3. And finally, the great utility (from the comment dated January 24, 2011 at 1:52 AM given in (2) above)

    It appears that the info displayed by running (3) may hint on identifyable processes contained in svchost either by name or by the location of the respective service dll.
     
  21. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,473
    @alexandrud
    What is your TODO/roadmap for version 4?
     
  22. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    Anyone happen to have version 3.9.1.2 version they could send me please, Latest version doesn`t run that well for me bsod
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,412
    Location:
    Romania
    Sorry but I can't tell you more right now. It will be a surprise. Anyway, the new GUI is rebuild from scratch and more user friendly. Also, the loading speed is increased. The new version is 20% completed.

    A lot of fixes were done since version 3.9.1.2. I am sorry that you have BSOD but this is not from WFC. WFC is just a front end coded in .NET language and can't generate a BSOD. Never. I recommend you to use the latest version available on the website: 3.9.1.8.
     
  24. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,473
    Do you want to create a hype? :p

    Or there is something "revolutionary" and you don't want to give clues to your competitors before it's released? :D
     
  25. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    175
    Location:
    Canada
    I think he wants to attempt adding the features first b4 getting our hopes up. I wouldn't want to be in that situation where you get your user's hopes up and release an under-expectation product.
     
Loading...
Thread Status:
Not open for further replies.