another Windows Firewall Control?

Discussion in 'other firewalls' started by moontan, Feb 15, 2011.

Thread Status:
Not open for further replies.
  1. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    To all,

    I am a new registered user of WFC. I have the latest version installed & activated on Windows 7 Ultimate, on "Administrator" account.
    My purpose in using this software is to have knowledge about which software demands internet access - and decide for myself their permissions.

    In this regard, I have a question about the option "Disable the ability of other programs to add firewall rules".

    If I enable this option, will I still be able to use a program like "Utorrent" properly?

    I am a novice torrent user. But I know that this program needs to "open ports" and possibly perform other firewall modifications. So my fear is that the option to "Disable the ability..." will prevent the program from functioning correctly.

    If I enable this option, is the WFC notification system (allow/block internet access) enough to allow Utorrent optimal download/upload internet access?
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,040
    Location:
    Romania
    This setting does not conflict with your current existing rules. Anyway, to allow uTorrent connecting, you must create a rule to allow outbound access for utorrent.exe. That's all.
     
  3. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    Thank you for the response alexandrud. Great product!
     
  4. bwild

    bwild Registered Member

    Joined:
    Mar 8, 2013
    Posts:
    2
    I don't know if this has already been answered, I searched and found nothing.

    On the website:

    "Learning Mode is incompatible with BoxCryptor and TrueCrypt software"

    How is it incompatible? What is the issue?

    With WFC, does Windows Update work by default? If not, is this planned in the future?
     
  5. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Not sure, but I think it's implying you won't be able to run WFC on a system that has been encrypted by either of those HDD encryption softwares.

    If you create the system recommend rules during setup, Windows Update will work by default. You can add the system rules (if you had the option unchecked during installation) by clicking the text under the "Restore Default Policies" option @ the "Policies" tab in the main window.
     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,040
    Location:
    Romania
    The issue with BoxCryptor and TrueCrypt is that you can't define rules for executable files located on encrypted drives/folders with these software. The reason is that the path is encrypted and can't be resolved by Windows Firewall and Windows Firewall rules are applied per path basis. This means that even if you will create some rules for files from these encrypted locations, they will not work. The incompatibility is also with WFC because it can't either resolve the real path.
    Yes, Windows Update works. But, this depends on what rules you have. The installer will create a recommended rule for Windows Update.
     
  7. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    @ Alexandrud,

    I seem to have just recently began having some DNS related issues with Windows Firewall. Just recently, I noticed that Windows Firewall began blocking SVCHosts.exe UDP connections to my DNS addresses (on remote port 53) when Windows Firewall Control was set to medium filtering. This seems to now be causing Google Chrome to result in a DNS connection error when attempting to navigate to any webpage:

    Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address.

    Not sure what recent system change caused this to happen, but my recent firewall rules (before it began) have only been dealing with the files of applications I installed; none of which were security/firewall related, those were installed months ago and since then the computer has been working fine. Also, changing Windows Firewall Control's profile to low filtering fixes the problem.

    Any idea of what system change could be causing Windows Firewall to be blocking the DNS connections?
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,040
    Location:
    Romania
    Please check the highlighted rule from the screenshot below. This rule should be enabled. It may be possible that some tweaking program disabled this rule or maybe it was deleted accidentally. If you don't have this rule, please create it manually. Note that, this is a default rule of Windows Firewall and it is enabled by default in all profiles.

    Capture.PNG
     
  9. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Just noticed that almost 400 firewall rules had been removed from my Windows Firewall (both enabled and disabled firewall rules), 1 of which was that rule :eek: Luckily, had a backup of my 486 Windows Firewall Rules (most of which were system created).

    Starting to suspect this program I installed (Soluto) for walking around Windows 8's UAC must-run restriction in order to use Windows Store apps and allow some unsigned start-up programs (like Peerblock) to run. No recent malware problems have been reported by either Windows Defender nor MalwareBytes Anti-Malware Pro, perhaps it was just a recent Windows Update that screwed it up as I was having no problems until this Monday after some Visual studio/basic Windows Update.

    Eitherways, thanks for pointing that rule out :thumb: Now everything is working as they should.
     
  10. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    alexandrud,

    I have a small feature request.

    There is a context menu (right-click) option called "Allow through Windows Firewall".

    Unfortunately, this only works with *one* file at a time. It does not work when multiple files are selected. Hence, if I have a folder with multiple files that must be "allowed through Windows Firewall"...I am forced to do those one-at-a-time.

    I know that the WFC "Manage Rules" window has an option called "Browse to allow". This lets user select multiple files & apply rules at once. I do not wish to use this method because it requires so many steps. The right-click context menu option is far more convenient.

    Could you allow the "Allow through Windows Firewall" context menu option to work with *all* selected files?
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,040
    Location:
    Romania
    I will see what I can do. Like it is now, this is not possible because the current shell extension is implemented by using only Windows Registry keys. To be able to implement this feature, a new approach is required.
     
  12. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    Thank you for explaining the situation. I assumed it was a small oversight. But now I understand it is more complicated.

    No worries. I will use the alternate batch method if the context menu solution is not feasible. I would rather you focus on the core functionality - than these petty issues.
     
  13. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    @alexandrud There seems to be some rule that needs to be created to allow file sharing over a local network. I'm trying to access my Surface Pro's public folder from my old laptop (trying to transfer some files). With WFC set to medium filtering (on my Surface Pro), my old Laptop keeps showing the following error when I double click my Surface Pro at "Network" screen:

    "Windows cannot access \\SURFACE-PRO"

    and the following connection attempts are blocked:
    Windows Firewall Blocking Private Network File and Printer Sharing.png

    With WFC set to low filtering (on my Surface Pro), my Laptop then shows an authentication Window, which is expected as I have "Password Protected Sharing" enabled. When I enter the authentication for my Surface Pro, I'm able to browse my Surface Pro's Public folder as expected. Would you happen to know which firewall rule (Service, Protocol, Ports, and IPs) for svchost.exe needs to be created? Thanks in advance

    Actually, all that needs to change, IMO, is the command in the registry or the way WFC interpretes it. Just like Anti-Virus programs, these "Take Ownership" registry entries which I have merged into my registry are able to perform the command on multiple selected files, this is so because the Windows command is able to handle multiple selections; the registry entry just displays a link for such command in the context menu.

    View attachment Add_Take_Ownership.txt

    BTW, not sure if this is a bug, but it appears that the Windows Store application is able to create rules even with the "Disable the ability of other programs to add firewall rules" option enabled. While updating the weather app, it created an allow all rule named "@{Microsoft.BingWeather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}" with no specific program (which kinda worries me). Is this a bug, or are Windows System processes intentionally allowed to create rules?
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,040
    Location:
    Romania
    To allow File and printer sharing over the network please follow the steps described in this forum post.
    Is not that simple. If you select multiple exe files in Windows Explorer and use the Shell Extension feature only the first selected file is send as parameter. This must be rewritten with a real shell extension not with registry shortcuts.
    What Notification level do you use ? If the answer is Low, then it is normal to be like this because the file is signed and WFC automatically creates the rule for you. If you use Medium notification level, then it may be possible that you already had this rule. By default, Windows Firewall from Windows 8 has a lot of rules for some modern UI applications. If you remember, if you don't create a rule for Windows Store to allow outbound connections, it can't connect. I doubt it can create rules for specific programs but not for itself.
     
  15. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    alexandrud,

    I have just thought of another suggestion. Forgive the frequency of these.

    During any activity notification, there is an option called "Block For Now - But Ask Later". This blocks a specific communication, without creating a permanent rule for the particular software.

    Is it possible to offer an option that offers the opposite? This option could be called "Allow For Now - But Ask Later". It would allow a specific communication, without creating a permanent rule for the particular software.

    There are many instances where I would like to authorize a specific communication, while discriminating against others. Such an option would allow me to do this.
     
  16. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    I do have those rules in place; when I open the manage rules window (without sorting by anything), it displays that rule far down past the first firewall rules created by WFC (during installation), which implies they were created earlier before WFC was installed. Though, it was still showing me that connection error until I set WFC to low filtering, it then showed the authentication window on my Laptop, through which I was able to login to my Surface Pro and access its files.

    Although, after the authentication, I change the profile back to medium filtering and I was still able to browse my Surface Pro o_O It was breaking connection randomly, then it eventually got stable with medium filtering...perhaps its due to my recent change in my Microsoft Account password (which is linked to my Windows password)...oh well yet another self-solving Windows mystery.

    It was always set to medium notification and the rule appeared at the very top of the list when I opened the Manage Rules window, which indicates it was just recently created.

    That's what the "T" button besides the allow access button does; it creates a temporary allow rule that gets deleted the next time WFC starts up. The "Block For Now - But Ask Later" makes sense as it will alert you again when the program attempts making a connection. Whereas in the case of the opposite, it becomes kinda irritating when you use it cause Windows can't predict how long you want to to allow it for (some programs make only 1 connection attempt in a session, others make multiple connection attempts in a session).
     
    Last edited: Apr 29, 2013
  17. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    I didn't notice the "T"...thanks for pointing it out. Though that is not really useful in the real-time context I imagine (a sequence of notifications, where I decide which I like).

    Perhaps I misunderstand the mechanics. I thought it was as simple as "Software to IP1 = allowed" & "Software to IP2 denied".
     
  18. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    If you're that familiar with the range of IPs a program connects, you could always click the "^ Customize" button and allow the program to connect to only that specific IP.

    Usually programs tend to connect to a wide random range of IPs and it would initially be irritating to be continuously getting notifications for the same program, but it would make it more secure (based on the program); if you're that strict about security.
     
  19. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    @alexandrud - Little suggestion, mind incorporating a shortcut in the notification window to perform a google search for the file name? The space beneath the file icon could be useful; a hyperlinked "Google Search" text could be placed there.
     
  20. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    600
    Location:
    Wallachia
    Yes ,and add some Facebook and Twitter to while at it.Make it bloated to the max :)
    Just joking. :)
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,040
    Location:
    Romania
    Right now if you press on the right button click on the exe filename in a notification it will open a page on VirusTotal that will show if the file is ok or not. I don't think that searching for a filename in a search engine is something that should be implemented because is very easy to do it manually. On the other hand, providing the SHA256 hash for a file to check it on VirusTotal is not that handy.

    I promise you that the new version will be more user friendly and more intuitive.
     
  22. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    185
    I seem to be having a problem with the 'Recently Blocked' function, in that, when selected, it sits at 'Please Wait' for an indeterminate amount of time, then shows an empty screen.

    I have checked the Security event log to ensure there are entries to see and I've tried clearing the log/list to no avail. I can, however, 'fix' the problem with a remove and reinstall of WFC. This has happened three times now.

    Any ideas?

    Windows 7 Ultimate x64.
    No other security products installed.
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,040
    Location:
    Romania
    I can reproduce this if I press on the Refresh button in New rules wizard and then I switch to Recently Blocked because the background thread from the first view is still running. But in other scenarios I can't reproduce this. But, even in the first scenario, if I press on the Refresh button again, the data grid gets populated like it should.

    1. When you open Manage Rules window does your rules load ?
    2. If you switch to Recently Blocked for the first time you should see "Please use the Refresh button or press F5 key to load data" message. Does this message appear ?
    3. If you press on Refresh button in Recently Blocked a Please wait... message should appear. Does it appear ?
    4. Depending on the number of the entries from the Security Log, loading data in the data grid takes from a few seconds to a few minutes. How long does this task run on your computer, until the Please wait... message disappears ?
    5. Is now the data grid empty ? If so, it may be possible that there are no entries in the Security Log to be loaded.
    6. Press on the Clear Log button. Then run a program that you know it is blocked. If you press again on Refresh button, does the new blocked connection appear in the data grid ?
    7. What profile do you use in WFC ? Only on Medium Filtering connections are blocked and logged.
    8. There is no need to uninstall/reinstall WFC. This has nothing to do with the problem.

    Looking forward to hear from you.
     
  24. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    185
    They do

    It does.

    It does, however, I've found that sometimes, using F5 works, whereas selecting 'Refresh List' doesn't. Regardless, when the problem described in my first post occurs, neither produce the desired result.

    I have cleared the security log and regenerated a few block entries to test the possibility. Regardless, it still displays an empty screen and the 'wait' time, varies, even with a small number of log entries.

    I have verified, when the problem occurs, that blocked entries exist in the security log. I had to reinstall WFC again today.

    See above.

    Currently, Medium with only Outbound.

    Perhaps not, but it works and whilst it's not an issue to to this - it takes seconds - I'd rather not...

    Thanks for the help :)
     
  25. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    I guess so, then you have the problem of which search engine to use as not everyone takes google as their favorite search provider (just like Sm3K3R indicated). Although, a little function to copy the file name to the clipboard would be much simpler and time saving in some situations.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.