Can anybody tell me how WFC is able to modify the Windows control panel firewall rules from a standard user account without admin rights? Windows firewall needs admin access into advanced settings to modify the firewall rules so how does this work? Am I only controlling user based firewall rules? My second question is about secure rules. From what I've read this can be used to prevent Windows from resetting the firewall. Just exactly when and what does Windows reset in the firewall? When I try to enable secure rules it says every rule that is not in an authorized group will be deleted. This would delete all of the core networking rules and Microsoft store app rules. Am I supposed to add core networking and other groups to the authorized groups? Could anybody explain this further?
1. WFC has 2 parts, a GUI app (wfc.exe) which requires only standard privileges and a Windows service (wfcs.exe). The service is the one that works with the Windows Firewall rules, not the GUI part. In Rules Panel you see all rules, not just user based rules. 2. Secure Rules detects when a new firewall rule is added and can disable/delete it. Read more about how it works here: https://binisoft.org/pdf/guides/Malwarebytes-WFC-User-Guide.pdf#page=25 Yes, if you want to preserve the default rules, you should first add their group names in the Authorized groups list, otherwise Secure Rules will disable/delete them.
Hi, Thanks for your reply. So how is it that the wfcs.exe service can modify rules in the Windows control panel firewall (which requires admin privileges to open) from a standard user account without without any admin privilege's? Is the wfcs.exe already running with administrator privilege's?
Actually, the wfcs.exe service runs under SYSTEM account which has all possible privileges in Windows world. SYSTEM account is on top of any administrator account.
Yes. The updates are not installed for a specific user account but for the whole system. Just because a standard user account is logged in, it does not mean the updates are installed under that user account.
So is secure rules basically a way to prevent malicious tampering of the firewall? Are there other types of rules I might to prevent? How can I prevent certain Windows store app rules from being created? These seem to get re-created regularly.
Please take a look in the user manual. It answers a lot of questions about WFC and Windows Firewall, it also explains how Secure Rules works: https://binisoft.org/pdf/guides/Malwarebytes-WFC-User-Guide.pdf