I am loving this software, many thanks. Well worth the token donation Mine uses as low as 8mb (idle) to 75mb (gui open) approx (working set) but no slow down at all. I did not believe the frequency of svchost.exe 'phoning home' (akamai/microsoft) Nice touch in adding block rules in what is seemingly not really needed
When connected to my local network, using the default ruleset, my event log get filled up with thousands of firewall events: Die Windows-Filterplattform hat eine Verbindung blockiert. Anwendungsinformationen: Prozess-ID: 1060 Anwendungsname: \device\harddiskvolume3\windows\system32\svchost.exe Netzwerkinformationen: Richtung: %%14592 Quelladresse: 255.255.255.255 Quellanschluss: 67 Zieladresse: 0.0.0.0 Zielanschluss: 68 Protokoll: 0 Filterinformationen: Laufzeit-ID des Filters: 119085 Ebenename: %%14610 Laufzeit-ID der Ebene: 44 How do i avoid that without changing the router network setup, by just defining a WFC rule ? Greetings David
This is an inbound connection that was blocked, probably generated by your router. Do you use a router ? The DHCP server tries to connect to your machine. You can avoid these thousands of blocked connections by creating a rule to allow all inbound connections for svchost.exe like the highlighted rule from the screenshot below. This is a Windows Firewall default rule. Don't you have it already in your rules set ? Later Edit: I saw that it used protocol 0. Maybe it would help if you set the Protocol to ANY instead of UDP. Just to test it.
Still no luck. I changed the protocol to ANY for both IN and OUT core DHCP networking rules all other rules are default and enabled. Greetings
If you use Medium Filtering profile in WFC it is normal to see so many blocked connections for svchost.exe especially for outbound. Inbound connections are anyway blocked until a rule allows them. Is there any functionality that is broken for you because of these blocked connections ?
Been using this for a few years now works like a charm using the defaults. Both 32/64-bit version works great.
@alexandrud You earlier stated that the stock Windows Firewall only alerts for blocked incoming connections, and only for signed applications. Although it's necessary in only micro fraction of applications, would it be possible to make this work with all applications, instead of just signed applications? Presuming Windows Firewall also logs blocked incoming connections...or is that a whole lot more complicated?
This behavior in Windows Firewall can't be changed because is out of my control. It is not complicated to add notifications for inbound blocked connections in WFC, but I will not add them because there can be thousands of inbound connections blocked in just a few minutes. There will be too many notifications. Instead, I can modify the Recently Blocked data grid to filter the blocked connections by direction: outbound (like it is now) and inbound (this will be new). How does this sound ? If you have another proposal, please share it.
Hi, Hello. Just wanted to say thank you! I had previously tried tinywall but it didn't like me Ran across this and have been using it for about 3 weeks with Qihoo 360 IS and all seems well. I find it a total pain to deal with windows firewall advanced settings but this really does help. Thank you again
Removed Off Topic Posts. If you have an issue with the developer, contact them here: http://www.binisoft.org/contact.php. Let's keep this thread on topic, and not bash each other. If it continues, this thread is destined for closure!
Windows Firewall Control v.4.0.0.8 - New release What's new: - New: Updated the filters in Recently Blocked window to be able to display also recently blocked inbound connections. - New: Added a new override checkbox in the Properties dialog of a rule which can disable temporarily the validation for the remote IP addresses field. This is useful when the validation for IPv6 can't be validated by the WFC internal rules but the input is correct. - Updated: The CheckBox template was changed to RadioButton template for the "Play default sound" and "Play custom sound" options in the Notifications tab. - Updated: Reduced the size of the installer by 20% Installation notes: Just use the updater to update to the new files. That's all. Other notes: About the new override function for remote IP addresses. If you activate this checkbox you can input also a wrong input. In this scenario, even if you press on the Apply button the rule will appear to be modified. Press on the Refresh button to reload the rules. If everything was ok, then the new value was saved and will be displayed. If the input was wrong, then it was rejected by the Windows Firewall API and the old value was not updated. In this case, after you Refresh the rules list, the old value will be displayed. The last valid value. Download location: http://binisoft.org/download/wfc4setup.exe SHA1: 010a8e29137959fb109d1d860070e75d2ddb2b2e Thank you for your support and your feedback, The developer
@davidmaier This is broadcast traffic. Stupid question: Do you MUST allow this? Kind regards, SwissBIT
@alexandrud Thank you for update! The solution for IPv6 is easy and clever! Best regards, SwissBIT PS: In the next post, I will try to give you some crash reports for crashes that I had already communicated here.
@SwissBIT If blocked my eventlog fills up at a speed of approx. 10000 new events per hour. I have no access to the network routers / devices to change their broadcast features.
I just updated to 4.0.0.8 and tried to allow the following inbound connections using the recently blocked list, but no rules are being created. Greetings
@alexandrud Hi there, Excellent program. I went ahead and bought it. I have a small request for enhancement. The shell integration is excellent and very handy. However, every program these days includes shell integration, thus showing a very big list. There are two items in the shell integration, which both are excellent choices. One "Allow Through" and the another one "Block Through". Now, is it possible to have a cascading menu (sub menu) for WFC, thus taking one entry in shell integration, rather than two entries? Thus, also any future entries can be also added to this cascading menu (sub menu). Best regards,
@davidmaier I have this incoming traffic and events (blocked) also. I do not need these connections and they do not seem to slow down my system. Therefore, these entries are HERE only intended for the garbage. One question remain: You really NEED this connections? If not, is it not possible for you, to ignore these, regardless of the large amount - or in other words, produces a router UNNECESSARY or even UNWANTED connections - why should it be necessary to allow this traffic? But okay, maybe I'll watch for a closer look (if I have enough time for it). Greetings, SwissBIT
@SwissBIT My question now is how do i create a rule from within wfc that allows that kind of incoming traffic. On my core 7 system i can´t feel any impact but on my first generation atom i can feel it. Also i don´t like filling up any event logs for nothing. Greetings
Been following this product for years now. Great to see it mature to it's current incarnation! Always liked the 'looks' of it as just simplistic elegance but effective. Paid for it immediately. Why no 'Allow for now and ask me later'? Similar to 'Block for now and ask me later'. With this rule let's say I allow Firefox outbound connections but as soon as I close it and reopen it WFC will ask again. In other words when I close Firefox the rule disappears since it is only temporary....just a little more granular control to test or whatever. Do not want to keep going into the rule sets just to delete a rule...not efficient IMO. If this is already possible sorry but just installed the product so newbie here. Thanks, Robert
@Robereyewhy Yes, this is already possible. Click on the T in the notify box, this is for temporary rules. Greetings, SwissBIT
Thanks SwissBIt did not see that. However, when I close then open Firefox I am allowed outbound connections. How long does the temp rule remain? If I log off/restart then it disappears. Would rather it (temp rule) be removed every time I open then close an app/system exe or whatever. Just seen in Manage Rules and Properties for the Temp rule for Firefox: Temporary rule. This rule will be deleted automatically on the next program start. However, this is not the case. Alexandrud any comments? Thanks, Robert
The next START of WFC deletes temporary rules (are not deleted when you exit) ... WFC does not register the program terminations or so. Maybe it would be good if we could define a period of time, would be deleted after? Let's see what alexandrud says ... Greetings, SwissBIT
That's what I thought. Yes please Alexandrud. Say from 5 seconds till xxx seconds/minutes or until restart of WFC. Give the user options to make their own decision. That would be all I need for now as will refine and create my own rules later. Thanks again for the quick replies SwissBIT. Mahalo, Robert