Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    All rules created from WFC have by default the group "Windows Firewall Control". This is already a predefined authorized group which can't be removed. So, if you enable Secure rules feature, all rules created by you from WFC will be anyway in this authorized group. You can have tens of authorized group names, so you don't have to use a single group name for all of your rules.

    In Rules Panel, when you filter the rules to see "User defined rules", this is referring to the rules which have the group "Windows Firewall Control". If you have a custom group name, let's say "Authorized rules" and you want to filter the rules to see only these you can use the search text box to input "aut" and you will see only the rules from this custom group.
     
  2. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    595
    Location:
    US
    Thanks Alexandrud. All your posts on this subject were succinctly explained!

    I know how Secure rules works now.

    Thanks for your time,
    Robert

    P.S. This should go into the User Manual IMO. But, as always, it's up to you.;)
     
    Last edited: Aug 12, 2016
  3. Big Mike

    Big Mike Registered Member

    Joined:
    Apr 18, 2015
    Posts:
    17
    Hi, today I installed "Bash on Ubuntu on Windows" on my new Windows 10 1607.
    My problem is, that I can't connect to the internet from my bash with the medium profile.
    I get alerts, that a program called "Pico" wants to access the internet, but creating an allow rule doesn't help.
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    Unfortunately, there is no way to create a rule to allow outbound connections from the WSL. This applies for all firewalls, not only to Windows Firewall. Others have the same problem with other firewalls too:

    https://github.com/Microsoft/BashOnWindows/issues/475

    "Pico" is a new keyword similar to "System" but even after I have added support for it in WFC the problem persisted. Outbound filtering must be disabled to use bash. Don't ask me why, this is still a beta product from Microsoft. So, there is nothing to be fixed in WFC.

    Best regards.
     
  5. Big Mike

    Big Mike Registered Member

    Joined:
    Apr 18, 2015
    Posts:
    17
    I know it's still beta, but I didn't know, that this is a general problem and can't easily be fixed. Thank you so far, I hope Microsoft will add a solution.
     
  6. PrinceYann

    PrinceYann Registered Member

    Joined:
    Nov 29, 2015
    Posts:
    38
    I wasn't able to reproduce it anymore. Maybe the cleansing of the log solved the problem? Since then I have updated to 4.8.4.0 and the problem did not show up again. For now everything seems fine, I will inform you if the problem ever occurs again.
     
  7. guest

    guest Guest

  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    About the WindowsSpywareBlocker, this is a totally different project and I can't integrate their work into WFC. I can write code to check those csv files and extract the IP addresses and create new block rules in Windows Firewall, but as I already said also in the past, I do not want to transform WFC into an anti Microsoft tool. Those hundreds of block firewall rules (WindowsSpywareBlocker approach) will probably break many functionalities in Windows and I do not want receive tens of support email daily asking why this or that is not working anymore.

    If you are concerned about privacy, use Windows 7 instead of Windows 10, enable outbound filtering and restrict svchost.exe to the minimum required. The WFC recommended rules can be used as a start.

    Regarding the more automated updates in WFC, it can't be done without major changes because the update logic is located into installer itself, not in an update service similar to Firefox, for example. This will remain as it is today, at least in the near future.
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    Windows Firewall Control v.4.8.5.0

    Change log:
    - Updated: Added support for grouping the duplicate rules in Rules Panel.
    - Updated: Replaced all PNG icons with vector images which are correctly displayed on all DPI settings and all high contrast themes.
    - Updated: The user manual topics were extended.

    Note that the installer size was increased because the .chm file is also packed into the installer.

    New translation string:
    52 = Count


    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: a16e1c45fa52b27a1611e672ed18c34954add0ea
    SHA256: 25f547f2fb6fd9a5d0c96ff638100427c31aea62b9ee4bcd8cb70d28cee9586f

    - The search for duplicate rules is made on the following columns: Program, Location, Action, Direction, Local addresses, Local ports, Remote ports, Remote addresses, Protocol, Service, Edge traversal, ICMP settings, Interface types. The following columns are not taken into consideration during the search: Name, Group, Description, Enabled. The results contain only the rules for which at least two similar rules were found.

    Best regards,
    Alexandru
     
  10. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    577
    Location:
    Switzerland
    @alexandrud

    Thanks for new update!

    New DE-translation is sent to you already.

    About the duplicate rules function: you should mention that the Extended properties is also not taken into consideration.

    Kind regards!
    Alpengreis

    EDIT: I sent an incorrect file for DE-translation to the developer, this is corrected now - so it should be ready on binisoft.org soon, SORRY!
     
    Last edited: Aug 22, 2016
  11. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    453
    Location:
    England
    If I create a new authorised group - it does not appear in the context menu

    2016-08-24_125549.png

    What can I be doing wrong ?

    Thankyou Alexandru - that worked perfectly (I missed that previous post)
     
    Last edited: Aug 25, 2016
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
  13. tjw344

    tjw344 Registered Member

    Joined:
    Apr 15, 2016
    Posts:
    1
    I thoroughly searched through this thread and could not find an answer to my question. I have a rule that allows google chrome outbound connections on any protocol from any local or remote addresses and from any local or remote ports. It allows all interface types and any service. Yet I still get an Outbound connection blocked notification. Chrome works. What am I doing wrong? Please help.http://i.imgur.com/3fYMz3V.jpg http://i.imgur.com/pWkqoZq.jpghttp://imgur.com/pWkqoZq
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    Take a look here about a similar problem: http://www.sevenforums.com/system-s...going-crazy-ip-239-255-255-250-over-over.html
    1. Do you use PeerBlock?
    2. Do you have this problem only with chrome.exe? Try to create a block rule for chrome, on this remote IP, the same port. Does this help to stop the notifications? It should, but the reason why these multicast messages are blocked is not related to WFC, the blocking is made by something else.
     
  15. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    357
    Location:
    Canada
    Thanks for the update - I meant to post last week that the issue with the Connections Log not refreshing (see link) appears to be gone after updating. It had been an issue for a few builds

    https://www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-102#post-2605910
     
  16. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    To all,

    Here is a strange quirk of WFC I stumbled upon recently.

    Background...
    As many users are aware, if you go to "Network" section in Windows...you can see network locations listed by NAME.
    On my Android phone, I would use "ES File Explorer" & add these LAN locations.

    The problem that occurred was...
    For computers that had WFC installed..."ES File Explorer" failed to access network location by NAME (it could only access via IP Address).
    For computers that DID NOT have WFC installed..."ES File Explorer" succeeded in accessing network location by NAME.

    What I noticed...
    If I switched WFC profile to "No Filtering", then "ES File Explorer" could connect using NAME.
    But obviously, this is not a good solution because it is disabling the firewall.
    So I kept experimenting.

    Then I found a strange solution...
    I set the notification option on WFC to "High".
    Then I used Android "ES File Explorer" to access network location by NAME.
    WFC produced a pop-up notification instantly.
    The pop-up was a system-related one with two IP addresss (my device & computer), which usually does not appear when notification setting is set to "Medium (recommended)"
    I pressed "Allow" on this notification.
    And from this point on, I have no problem accessing these LAN locations by name.

    I just stumbled upon this problem/solution last night...
    I did not note the exact notification detail, but later on I can get that information for you (I will revert to past snapshot, using computer-backup/restore software...then reproduce my solution steps exactly).
    I have WFC 4.7.2.0 (but I doubt this is a version issue, since I was struggling with this problem for many years).
    I just wanted to put this out there, in case anyone wants to try it themselves on their Android phones & home networks.
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    Nothing strange here from my point of view. You just needed a proper rule for System. Always use Connections Log to debug connectivity problems. Thank you for sharing your scenario.
     
  18. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    Is this rule dependent on IP addresses?

    Because the reason I use NAME to connect is because network IP address of device & computers constantly changes.
    This invalidates all shortcuts & bookmarks *in Android ES File Explorer.

    I would like some stability in this regard, without sacrificing protection of Firewall.
     
    Last edited: Sep 4, 2016
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    If you want to restrict this rule to the local devices only, in the remote addresses field of this rule use the keyword LocalSubnet. This will allow only communications in the local network. Also, if the IP of your devices changes too often, try to configure your router and increase the DHCP lease time. The DHCP lease is how long a device reserves an IP address on your network.
     
  20. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    978
    Location:
    UK
    Alex can you add a way to view the recommended rules without installing them?

    My concern is I expect they are good rules but I dont want to lose my existing rules without evaluating first.

    e.g. your comment about svchost is interesting, how does one know what minimal allowing is?
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    No, I can't add a way to view them without creating them. The WFC recommended rules are added on top of the existing rules, so your existing rules will not be affected. You will just see a few new rules on top of the existing rules. You can delete them if you consider them not so useful. About svchost.exe you try and see until you find the best deal. Check the WFC recommended rules.
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    It seems that recently Windows Defender detects WFC as a false positive and this may prevent the installation of WFC on Windows 10 machines. I already contacted Microsoft about this problem and I hope that they will remove this false positive in their next definitions updates. Unfortunately, in the past I never received any feedback from them regarding similar issues, so I am not very confident about a quick fix from their side.

    Current workaround:

    1. If you can't install WFC and you see this window during the installation.

    upload_2016-9-12_21-32-43.png

    2. And if you see this in Windows Defender.

    upload_2016-9-12_21-18-26.png

    3. Go to Windows Defender settings from the new Control Panel and press on Add an exclusion.

    upload_2016-9-12_21-22-37.png

    3. From the new window, scroll down and press on the Exclude a .exe, .com or .scr process button.

    upload_2016-9-12_21-23-43.png

    4. In the dialog that opens insert wfc4setup.exe and press on the OK button.

    5. Try again to install the latest WFC version. It will work now.

    Best regards,
    Alexandru
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    Below is Microsoft response. I just tested and it seems that the false positive is gone. WFC works again with no trouble. :)

    Subject: Inquiry Resolution - Windows Firewall Control
    Date: 2016-09-13 01:14
    From: Microsoft Malware Protection Center <mpcreply@microsoft.com>

    New definition library for Microsoft Anti-Malware has been updated. We believe this new definition library contains the updates necessary to resolve your question in regards to Microsoft Anti-Malware. New definition library is now available for users who subscribe to the automatic definition update mechanism, as well as users who choose to manually update their definition library. We encourage you to try these new definitions and ensure your inquiry has been resolved. If your machine has not been updated with this version of definitions you can download and install the definitions manually following these steps:

    • Go to http://www.microsoft.com/security/portal/definitions/adl.aspx
    • Download the corresponding definitions (32 bit or 64 bit based on your operating system) • Run the downloaded file to install the new definitions

    In case of any further incorrect detections, we ask that you to submit the actual file sample that is detected by the Microsoft Anti-Malware solutions and mark it as an Incorrect Detection (select option “I believe this file should not be detected as malware”). Please make sure you provide your email account details when submitting samples in order to ensure submission communication is complete.

    You can use our portal submission form when submitting samples for further investigation available here: https://www.microsoft.com/security/portal/submission/submit.aspx
    We apologize for any inconvenience this may have caused. If you have any additional questions related to this inquiry, please contact us at mpcreply@microsoft.com. Should you need to contact us in the future regarding a question unrelated to this inquiry, please fill out the appropriate form at http://www.microsoft.com/security/portal/mmpc/vendor/resources.aspx .

    Thank you for contacting Microsoft.


    Sincerely,
    Microsoft Malware Protection Center
     
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
  25. killingtime

    killingtime Registered Member

    Joined:
    Jul 27, 2016
    Posts:
    8
    Location:
    UK
    Hello,

    I'm using 4.8.5.0 unregistered and after a reboot the tray icon has gone. Can't get it back. WFC is in the startup folder. If I click on WFC from the start menu the GUI appears but goes when you hit x top right. Could have sworn there was a system tray icon. Is this a registered/unregistered thing?

    Thanks,
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.