Windows Firewall Control (WFC) by BiniSoft.org

Adguard provides two types of drivers, TDI and WFP, both are doing pretty much the same.

WFP is a newer tech, while TDI is old and MS promised to remove it eventually. Also it is the only way to filter modern apps (MS Edge for instance). On the other hand, WFP is pretty problematic when it comes to compatibility with some AVs (mostly Kaspersky and Eset).

 

ah that explains why those are not being filtered in adguard.

 

Is their a repository for older versions of WFC?...4.0.9.0.0 is driving me mad deactivating itself back to the free version!....I've never had this problem on previous versions and I'm not using any new registry cleaners or the like, just ccleaner.

 

I think I had this problem once, not on my main machine. I tried every type of integrity repair for the system, but the problem only stopped after I upgraded from the 7 to the 10 (I assume a in-place install of the 7 would also resolve the problem).

 

Not WFC's fault, but someone may know: I noticed that even if a program is blocked for all protocols, DNS queries it makes are still sent to the DNS resolver. Is there any way to prevent that?

 

- The activation status is read by the WFC service. If it fails to retrieve the activation status then it may also fail to read other properties too. This is the only problem that you have observed ?
- If you restart the tray app does the activation status change ? If you restart WFC service, does the activation status change ?
- In the last version the licensing schema was updated. This means that the activation status should be preserved in case of an update. However, if you uninstall any previous version and install the new version, then WFC must be activated again.

How did you notice this ? Post some screenshots please.

 

Windows Firewall Control v.4.9.1.0

Change log:
- New: Added "Freeze first column" option in the header context menu of Rules Panel and Connections Log. When enabled, it will always keep the first column visible.
- Updated: When Secure Rules is set to disable unauthorized rules, WFC will automatically disable these rules and will add the "U - " prefix to the rule name. The group name is not changed anymore and the "Unauthorized Rules" group was removed.

A note here: Changing the rule name is a better approach than changing the group name because some functionalities of the operating system are achieved by enabling/disabling a specific group name. If the group name is changed then this would not work.

- Fixed: Secure Rules delay when removing/disabling inbound rules with Edge Traversal set to "Defer to user".
- Updated: The user manual was updated to reflect the new changes.

New translation strings:
642 = Freeze first column

Updated translation strings:
455 = Enable protection against firewall rules that are not created in the authorized groups defined below. This applies to the newly created firewall rules and to existing ones.

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 1fbd1f0c6a29646955655f38157fff4e3e84d198
SHA256: 9c56610f265c196988cbb7b458514d7f012d794113df0a4a5572a95c11c4be0c

Best regards,
Alexandru

 

Thanks for this one @alexandrud - I really appreciate this feature.

 

There is no plan for getting a digital certificate. A decent code signing certificate costs some hundreds of dollars a year. This is not a priority.

 

I put a DNS resolver at 127.0.0.1 and made it log all request. Using Firefox, I tried to load some random page and the domain was logged, even while Firefox was blocked at the firewall.

Edit: dang, that should have been obvious. 127.0.0.1 is not filtered. Non-issue. Guess I will try moving the resolver to 127.0.0.2.

 

[Secure rules] currently provides 2 options: 'deleted' and 'disabled'.

I prefer setting it to 'disabled', to have a clue about the U-prefixed rule and who created it, but it becomes annoying when countless duplicates overwhelm the log.

Would it be possible to introduce a third option like 'replaced' that overwrites the previous entry if that exists?

Thanks!

 

Yes, cool and useful new feature!

PS: New german translation file is sent to the Developer and should be ready soon on binisoft.org ...

 

I have a feature request.

Would it be too much trouble to add the time/date based on Operating System time to the rules panel so we can see when a rule was created or last modified.

 

The logging is made by Windows Firewall itself and WFC has no control over it. Those are not duplicates but new connections which are blocked or allowed. Windows Firewall logs them, WFC displays them in a more user friendly way than the Security log of the system. A 'replaced' mode for Connections Log is not possible. A 'replaced' mode for Secure Rules, I'm afraid I did not understand exactly what this should do.

It is not possible to add such info because a Windows Firewall rule does not have a property for this. What I can do, but I don't know if this would be helpful, is to add the date into the description of a rule.
Currently, when WFC creates a new rule, the description is something like this:

"Outbound rule to allow TestTrack Client (testtrack client.exe)"

which may become:

"Outbound rule to allow TestTrack Client (testtrack client.exe). Created on 23.12.2016 at 14:23:50."

Since WFC can intercept when a rule is created, it could append the date to any newly created rule, even if it is created from outside of WFC.

A new column with the creation date is not possible to implement.

 

Sorry, my bad. Meant to say 'rules' but I mistyped 'log'.

A 'replaced' option to overwrite the previously U-prefixed rule if exists, to avoid duplicates overwhelming the Rules Panel?

Thanks!

 

I don't see a scenario were you have so many duplicates that will overwhelm the Rules Panel. Maybe if you are in such situation, you probably do something wrong.
There can be multiple rules that may target the same connections. WFC can't detect the rule that you may want to replace, so to answer you, a 'replace' mode is not possible.

 

Scenario choosing 'disabled' option for Secured rules.
http://oi67.tinypic.com/qs14s4.jpg
Would be great if a repeating entry can automatically overwrite the earlier instance.

Thanks!

 

Hello,
I have question because after install WFC I lost to connect network disk.
How can I resolve this situation ?
Regards

 

@alexandrud

Bring back the read only mode please

After use WFC with some non-API-supported things, I must say, this has absolutely no advantage. No, vice versa, only disadvantage!

After edit a not supported rule through API, for example one with the new expression ("Internet" or so), the rule is broken.

I know, after restore a COMPLETE policy, it's no problem, but what is, when I have maked even other changes between, then a complete restore is not desired.

Also, you can't expect from not experienced users that they all study the FAQ first or so and even not that they UNDERSTAND those things fully.

So - my suggestion is clear:

Make ALL non-API-supported things READ-ONLY and give a hint to edit this in Original Windows Firewall Advanced Security (WFwAS). Make for ex. a special background color (yellow or so) for easely identifying.

I mean following rules:

- Windows EXTRA rules (with extra properties)
- ICMPv6-Type rules
- Defer-to-user rules
- Rules with new expressions such as "Internet"
- (Maybe I forgot other yet?)

Such rules are maybe not really often to edit, but IF - most users will run to problems sooner or later!

Such rules should be editable only in WFwAS!

This would avoiding all potentially such problems. WFC for all "normal" rules is enough!

So, please bring back the read-only mode!

Kind regards
Alpengreis

 

@alexandrud

Bug with Column setting

If I enable one of those columns here in Rule Manager ...



after restart it's disabled again.

This bug must be relatively new (maybe even since v4.9.1.0) ...

PS: The new freeze setting remains after changing ...

 

@alexandrud

Translation Suggestion

Could you add the following strings to the translation file too?

 

This is no surprise. Steam is the reason why I have implemented Secure Boot and Secure Rules. WFC can't overwrite an earlier instance because the rules are not created by WFC but by Steam. Because Steam is so aggressive, you must set Secure Rules to delete unauthorized rules. As I said many many times, what Steam does is very bad programming practice. If their software is blocked they should display a message box informing the user that he must allow Steam in his firewall before using Steam and good bye. Instead, they mess with your firewall rules which is very unprofessional from my point of view.

Did you enable File and Printer sharing like explained below ?

http://windows.microsoft.com/en-us/windows-vista/enable-file-and-printer-sharing

This will create a new set of Windows Firewall rules that will allow network sharing.

1. Make sure that Secure Rules will not delete or disable these rules.
2. If these rules are missing at all from your firewall rules, restoring Windows Firewall default set of rules will restore these rules. They will be disabled probably but when you enable File and Printer sharing, these rules will become enabled.
3. Please check the Connections Log and check the recently blocked connections. It will help you to find which processes were blocked and what rules you still have to create. Check the connections of svchost.exe especially.

Indeed. I will fix this in the next version.

Thank you for reporting this. I forgot about these two. I have updated the English translation file and I will mention them in the next version. They are:
840 = Apply to all programs and services
841 = Apply to services only

 

Setting Secured Rules to 'disabled' has the benefit of knowing at a glance who created what unauthorised rules, so it is preferred over 'deleted'.

Since WFC has the ability to disable or delete an unauthorised rule, would there be any chance of handling it conditionally, like disabling it if it does not exist and deleting it otherwise?

Thanks!

 

The read only mode was not removed or maybe you are referring to something else. What do you mean by an old read-only mode that does not exist anymore ?
- Windows EXTRA rules (with extra properties)
These rules (Windows 10 only) have the "Extended properties" column checked. They can be modified, duplicated, exported, imported and all these extra properties are preserved (for example Application Package). I don't see a reason to have these rules read only in Rules Panel. WFC can handle these rules but can't display these extra properties. Modifying other properties of such rules are perfectly valid.
- ICMPv6-Type rules
WFC can handle these rules. WFC can't change the existing ICMP type like WFwAS, but it can display these settings and they are preserved if such a rule is modified from Rules Panel.
- Defer-to-user rules
Currently, WFC displays a warning for these rules and allows modifications only on supported properties, other properties being disabled.
- Rules with new expressions such as "Internet"
WFC can't detect such rules because this keyword is not provided by Windows Firewall API. WFC can't detect if a rule contains this keyword. Which rules should WFC consider read-only for this case ?

I think that most of WFC users will not modify existing default Windows Firewall rules. These are exotic scenarios in my opinion. Most users use WFC for custom created rules. Regarding default set of rules, I would say that:
- 90% of WFC users will leave them intact
- 10% will remove them
- 2 users (you and I ) modify Windows Firewall default rules

Best regards.

I will think about this. I have to see if there is a performance impact since, WFC will have to iterate through all existing rules to see if there is already a disabled rule with the same details.

 

Most users aren't going to know what to do even if they have the option to modify the rules. That leaves a fraction of a percent of users that will modify the default Windows Firewall rules in a way that is beneficial to their particular circumstances.

Everyone... Merry Christmas

Thanks for everything @alexandrud