Windows 7 Firewall Control Plus

I was wondering if someone has bought Windows 7 (or Vista) Firewall Control Plus.

The free version is good, but doesn't seem to cover the system area. So basically if something ends up into the Windows folder and manages to execute, it will also phone out without the free version knowing about it.

Do you think the Plus version is worth the money?

With UAC shouting at every step, i think the time i could use firewall with HIPS is over. Besides things run very smoothly with Win7 built in firewall, every internet activity feels so light.

 

Fuzsfas,

I really have not tried it, may be another tip.

Use Windows own

I only use W7FWCtrl free to write down all programs/services and exact paths. Then I use Stem's post to make the Vista FW (or Windows FW) two way.

Then I uninstall the W7FWCtrl free again.

Advantages
- fast
- UAC monitored
- no pop-ups for outbound

Disadvantage
- no pop-ups for outbound

Windows own FW setup 2-way, UAC (W7 has sliders, UAC needs Norton UAC tool to remember choices) and SRP through sully's PGS really raise the bar for malware on an x64 machine.

Download Trial version
It seems that after trial period, you keep some more control features left (compared to W7FWCtrl free)). Have not tested this myself. Since you consider buying, this might be something to try out for yourself.

Regards Kees

 

Thank you Kees. As a matter of fact i have installed the Plus (trial) version and i must say i am very happy with it, with only one small bug.

I have already modified the Win7 built in Firewall rules, disabling anything unneeded ,but the "non pop ups for outgoing" is only a disadvantage for me, which is what pushed me to find this program. I WANT outbound. I have a router for inbound.


Ok, i will answer my own question. Yes, the Plus version is good and probably worth the money. You can edit all zones rules and create also your own zone with rules and then use it , a bit like Comodo does with the "treat as" option.

It's also very easy for novices, because it proposes you on its own the most appropriate zone.

I would call this firewall a hybrid between Kerio 2 and Comodo (without D+).

Here some screenshots:

This as example of editing existing zone and disabling one rule:

http://img164.imageshack.us/img164/949/75891322.png

Here some of the pre-configured zones (there are many more):

http://img12.imageshack.us/img12/1928/37088212.png


Here's an example of custom made zone (which contains my custom rules) for EMule. There is a preconfigured "peer to peer" zone, but it's too relaxed (allow all outbound and inbound):

http://img8.imageshack.us/img8/4024/64286392.png

Here's a pop up, from where you can select the zone (even though it usually proposes you a good one, which is cosy for beginners).

http://img32.imageshack.us/img32/656/95109584.png


The only and most annoying bug, is that there seems no way to "close to tray". The control panel, even if you close it, it's like pinned to the taskbar.

The other good thing, is that if you have setup the firewall rules in Win7 manually (which i have) and you use a zone rule from the program, if something is blockes in the Win7 advanced rules, will remain blocked even if you have set in the program an allow rule. This is something i read in the Sphinx forum. Basically, for something to be allowed, it must be allowed at all levels.


Another interesting feature, is that if the executable of the program is killed (ex via the task manager), all outbound connections of applications for which rules aren't set yet, are denied automatically. This is good, in case of crash or kill of the application from a malware.

Also, you do get a pop up notification in case something is blocked by your default rules, so you can eventually correct your rules.

I think i ll buy it. It's 30 euros, which i think is a bit much for an "add on", but considering that i won't have to worry about system compatibilities and that it runs light, i think it's worth it.

Bye bye 3rd party firewalls. Besides, with UAC on, i don't feel the need for some firewall with HIPS...

I don't know if you get any "extras" once the trial is over, one thing is sure, that you get a nag screen to register.

 

Another good thing, it keeps a simple text file log, in its program directory, with all blocked events and new rules created.

And with p2p, the combined CPU usage of the firewall control and Win7's firewall is ridiculously low...

 

I reccon it is a life time lisence

Thx, now you only have to change your security progs in your signature

 

I believe the license is valid for program updates within the same version. For example now it's in 3.0, you can upgrade all 3.x versions. In v.4 you must pay for upgrade. This, because of this page (bottom):

http://www.sphinx-soft.com/Vista/order.html

Which should be OK, since the current version, apart the inability of "close to tray", should work fine for the life of Win 7.

Lifetime would be better, but as long as it works on Win7, it's ok for me. The only thing that isn't OK with this firewall is... its price. I mean, come on, they charge it more than OA Premium for God's sake and it's just an add-on to an existing firewall.

Yes, i have said farewell to my dear Twister (no x64 version yet and from what "Fairbanks" says, it won't be ready when v.8 is launched either).

I also need an AV that works on 64bit Win7. I am torn between Avast and MSE. Probably it will be Avast... Then i will throw in Threatfire and WinPatrol plus and with UAC it will be enough i think.

Unfortunately, First Defense PC Rescue doesn't work on Win7 x64 and i am hesitant to install Rollback Rx, because it doesn't support officially Win 7 yet and i am also a bit bothered by the limitations (about defragmentation and running Windows inside its own OS, which i don't like as idea. Wi n 7 runs so light right now that i don't want to put anything that might slow it down even a little bit.). First Def PC Rescue was much more transparent and reliable... I miss it already.

 

Found the major bug. You can't ping with this firewall control installed.

http://vistafirewallcontrol.freeforums.org/ping-to-internet-servers-is-blocked-plus-version-t21.html

Which would be of little interest to me. But unfortunately, Avast, tries to ping home every 50 seconds or so, which resulted in neverending alerts about blocked ICMP 8. One can disable the blocked notifications, but i think they are useful. So instead, i uninstalled Avast. I will try Avira.

EDIT: I found out a small ini file hack for Avast that prevents it from pinging to test internet connectivity. So Avast it is!

Anyway, i bought the program and i am glad to see my interned speed finally free of 3rd party kernel drivers.

 

No need for an INI file hack. Just go to settings -> Update (Connections) page and check the "My computer is permanently connected to the Internet" box.

 

Well you could even make it lighter: my son uses at the moment (Vista x64)

- Vista FW (2-way) + your add on W7FWCtrl
- UAC + Norton's UAC (which you do not need since UC has a sensitivity slider in Win7, so you would run leaner)
- Sully's PGS (deny execute user space)
- MSE with (since UAC prohibits writing to windows and program files) windows and program files excluded from on access check
- ThreatFire for x64 (always shutdown, except when he installs programs)

Regards

 

Thanks, good to know for future installations!

My only objection to that is about MSE. I did try it and i liked it. With 2 small objections:

1) That the EULA practically says that you install a big brother antivirus, which will phone home and report anything sees fit. (which isn't so big problem if you think that similar EULA exists for Win itself, so...)
2) That i can't opt out from the "Spy Net", which is big brother's bigger brother... (nice name they chose BTW! Why not Spyware Net!)


Avast is light enough, once the neverending VDRB building is over. I only install the "standard shield".

P.S: Irrelevant to security, but i miss FD PC Rescue and FFDShow decoding everything, like in XP... Sigh. I wish someone makes an heir to First Defense for Win7. And i don't mean Rollback Rx. I prefer the "full copy" approach.

 

Why do you use Win7FWCtrl and the built in Windows Firewall??

That is a bit stupid i think cause the built in Windows Firewall has a higher priority than the Win7FWCtrl.

If you use Win7FWCtrl. simply deactivate the built in Windows Firewall and stop->deactivate the Windows Firewall service.

Otherwise you will run two firewalls on one system. I won't recommend that.


The Programm Win7FWCtrl is not a control of the built in Windows Firewall!

It is a stand alone firewall with a missleading name! It uses the Windows Firewall Adapter but has nothing to do with the built in Windows Software Firewall service!

 

1) The Win7 Firewall Control has incomplete-obscure settings (see ICMP, IGMP). It can only handle rules for TCP and UDP. Rules for other protocols, are "handled" by leaving blank protocol rule, which enables that rule for any protocol (basically, you don't control anything). There might be some hardcoded rules in there too, but nowhere to be seen.

2) Win7 Firewall control and Windows Firewall are perfectly compatible. They are NOT 2 different firewalls. They both use the same Windows Filtering Platform. Basically, they both use the same filtering engine, each of which is capable of applying its rules on that engine. 1 engine, 2 possible control levels and rulesets. So it is NOT like running 2 firewalls. It's like running 1 firewall engine with 2 rulesets. Which is why the rules of the 1 can influence the other. Because they are NOT different firewall cores. They are one.

3)Win7 Firewall control's ruleset takes priority, but NOT in case that the rules of the built in Win7 firewall have deny rules. In that case, the "deny" of the win7 firewall prevails over the "allow" of Win Firewall Control.

4) If either of the 2 services crashes or gets killed, the firewall keeps filtering using the rules of the other "ruleset". It can also function as a safeguard for mistaken reply to pop up. For example, if you launch Torrent, for the incoming connections, you must allow in Win7 Firewall Control but ALSO in Win's built In firewall. In fact you get a popup to allow or not. Otherwise, giving only permission from Win7 Firewall Control, will block inbound connections. I think it's great.


So i wouldn't worry about incompatibility, as a matter of fact for me, one complements the other perfectly. The built in Win7 firewall has far more clear system rules than Win7 Firewall Control. Which on its part, makes outbound control much easier.


Of course, it is obvious, that if someone messes up the built in Firewall rules, to be in contraddiction with the Win7 Firewall Control's rules, he will have many problems, because the "deny" will prevail.


I can assure you that my PC has never felt lighter in every internet activity with both services running.

For more info from the dev:

http://vistafirewallcontrol.freefor...control-vs-windows-built-in-firewall-t16.html

Or: Windows7FirewallControl is completely based on Windows Filtering Platform (WFP), the security core introduced in Windows Vista and does not install any third party kernel drivers. The Built-in Firewall is based on the same WFP as well. The both products work entirely independently. Windows7FirewallControl uses the Built-in Firewall only once, at the first start to grab the initial settings. Due to complete product independence you can switch the Built-in Firewall ON or OFF at your option.

http://www.sphinx-soft.com/Vista/faq.html

They can work one without the other, but the engine is the same and for that, switching one off is purely optional, because the filtering driver is one. The rulesets maybe two, but that doesn't make it 2 firewall engines.


So, the name isn't misleading. It's a controlling application over the windows core firewall engine. Simply Windows has it's own control too, over the same engine. But the engine is 1 and the 2 controls are complemetary in my view.

 

I can see your point Fuzzy.

For me the built in Firewall with advanced settings works good.

 

The built in firewall, is IMHO better, with much more clear rules for all protocols (even some obscure ones), but what i miss, is the ability to have a pop up to alert for outbound. This is my main reason which made me buy the Firewall Control.

From the moment that i bought Firewall Control, keeping also the built in ruleset, for me is a safety valve.

The Windows 7 firewall engine works VERY well.

 

I am very interested in this. I've just started migrating to Windows 7 64-bit. There are some applications that I cannot use; namely Sandboxie, Defensewall, and Looknstop. LnS just behaves a little quirky for me. I have to admit I am very impressed with the built-in firewall in 7. I am very interested to know the opinions of this "addon" application. I understand that it is intended to mainly function as an outbound filtering application, but their website also mentioned the ability to filter inbound connections as well, and I wasn't able to find that much data on just what they meant. I do know, from trialing the pro version, that it does pass a GRC port scan. Any information here would be helpful.

 

It can filter inbound too, because it uses the Win7 native firewall engine. Practically, you can make rules for inbound and outbound or use the presets, which also have rules for inbound and outbound. The difference with the Win7 firewall rules, is that in this Firewall Control you can only set rules for TCP and UDP and that you get pop ups for all connections for which a rule doesn't already exist.


I was also wrong about the presumed "bug" of not being able to close to tray. There was a setting that i didn't think it was relevant , "Win 7 taskbar integration" , which by default is checked , while if you want it to close to tray you must uncheck it.


Personally i am very satisfied with this. The price is IMHO a bit steep, but considering that you virtually won't have to worry for software conflicts because it uses the native windows engine and that this engine is REALLY very light and efficient (i 've never had my PC browse, download, do p2p so lightly), it's worth it.


BTW i verified with the vendor that the license is perpetual but qualifies for free updates within the 3.x version. When version 4.x comes out you 'll have a discounted upgrade option. But honestly, unless MS messes up the firewall engine with some Service Pack (which i doubt), i don't see the need for someone to pay again for a v.4.

 

I have a question about 7 firewall control. What zone should the "Host Process for Windows Services" be set to? I'm getting statistics report of something being blocked with this service and I'm thinking it may have something to do with MSE never auto updating for me.

 

Local + DNS + DHCP + Update (svchost).

The only time i get blocked messages about this, is when i use Utorrent, but it doesn't affect functionality.

AFAIK, MSE uses Windows Update to do its updates and the above zone works fine for Windows Updates.

 

OK, that's what I have as well. Now I'm curious about what is being blocked.

 

Hi Greg,

you might need to set the corresponding Windows update service, wuauserv.exe. Use TCP, remote ports 80 & 443 under the Protocols and Ports tab.

 

To be more specific, here is the blocked log

Code:

1/2/2010 8:41:35 PM IPv4 TCP 192.168.1.100:49585(80) Host Process for Windows Services Blocks all inbound traffic for services who have been network hardened Incoming
1/2/2010 8:41:38 PM IPv4 UDP 192.168.1.100:49458(53) Host Process for Windows Services Blocks all inbound traffic for services who have been network hardened Incoming
1/2/2010 8:41:39 PM IPv4 UDP 192.168.1.100:49458(53) Host Process for Windows Services Blocks all inbound traffic for services who have been network hardened Incoming

Is this something that should be allowed by Win 7 Firewall Control? If yes, how exactly?

 

53 is DNS request (resolving), the IP is your router - but not specific enough to block.

are dealing with win7?

so i can tell you that wuauserv.exe ist NOT in the list for apps which requested
outbound traffic (looknstop firewall)
on win7 its svchost on these ip's erm ip-ranges

65.55.184.0-65.55.185.255;
65.55.200.0-65.55.200.255;
87.248.217.0-87.248.219.255;
213.199.149.0-213.199.149.255;
65.55.27.220;
224.0.0.252

range may a bit wider as needed but LnS has not that much space for each ip.

HTH

 

yes it's on Win 7? My first reply here about the blocks, I was assuming it had something to do with MSE not auto updating properly but from what you are saying, I guess I'm wrong, correct??

 

"Host Process for Windows Services" = svchost.exe

i dont know MSE, dont use it - but microsoft concentrated all windows program updates
in windows update so i guess all requests for updates including MSE may
processed with svchost.

so
>> TCP 192.168.1.100:49585(80)
is the request to the router for outbound traffic - but there is the target ip missing.
so you cant really know if that is false (malicious) or positiv (updates).

bit off i had that problem with jectico so i dropped it.

closer look here - win7 DONT have any wuauserv.exe any longer.
only: wuauclt.exe
The service itself is called "wuauserv" - nothing else.
If you have "wuauserv.exe" on your win7 system it may infected.

looking on Winxp: wuauclt.exe wuauclt1.exe wupdmgr.exe

 

OK, sounds like this one will continue to be blocked then. Thanks