Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    409
    Location:
    Italy
    Thanks Umbra, I'll try that too and check if WU is working :thumb:
     
  2. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    654
    Location:
    HKEY/SECURITY/ (value not set)
    [1] Norton SafeConnect Policy number 3 (199.85.126.30/199.85.127.30)
    [2] Firewall Router
    [3] Windows Defender Firewall set at Default settings
    [4] Windows Defender Virus and Threat Protection set at Default settings
    [5] Binisoft Windows Firewall Control set at Low Filtering

    What maliciously created rules?
    Oh! you must be referring to the locally created rule by the end user for svchost.exe that allows all outbound without any service or application package being bound to the rule that violates the Windows 10 service-hardening rules!

    The end user is the only security threat to security breaches in Windows 10.


    -HKEY1952
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,698
    Location:
    Among the gum trees
    I think you mean Norton ConnectSafe. ;)
     
  4. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    654
    Location:
    HKEY/SECURITY/ (value not set)
    I did.....Thanks Krusty

    -HKEY1952
     
  5. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,988
    Location:
    Europe then Asia
    No, i meant a malware (say keylogger) undetected by Windows Defender (or whatever AV) creating an outbound rules to connect to the attacker machine. I saw it plenty of times.
    It is why at Emsisoft we created a Windows Firewall Fortification module on our software, to prevent those attempts.
     
  6. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    654
    Location:
    HKEY/SECURITY/ (value not set)
    We are both off topic now, so if the moderators will allow.

    Microsoft Windows Defender Virus and Threat Protection can detect SOME software keyloggers, but not all software keyloggers.

    Microsoft Windows Defender Virus and Threat Protection can not detect HARDWARE keyloggers.

    The likelihood of an hardware keylogger getting installed on an home users device without the users consent is well below nil.

    The likelihood of an software keylogger getting installed on an home users device without the users consent is next to nil.

    [1] Secure the DNS [posts #3628 & #3627] This is the most important first layer of defense. (please follow the link and read)
    [2] User Account Control set at Default settings
    [3] Automatic Windows Update and Security Enabled
    [4] Use Binisoft Windows Firewall Control's superb Logging to lookup programs using network connections and instantly Block or create an outbound/inbound Block rule.

    Aside from keyloggers
    [5] Today 11/14/2017 Microsoft Automatic Updates updated the Microsoft Windows Malicious Software Removal Tool and Windows Defender Antivirus to detect and remove the Ransom:Win32/WannaCrypt (WannaCry).
    https://www.microsoft.com/en-us/wds...edia-description?Name=Ransom:Win32/WannaCrypt

    Besides automatically running monthly through Automatic Windows Updates, one can run the malicious software removal tool any ole time their little ole hearts desire by navigating to:
    C:\Windows\System32\MRT.exe


    Can not believe the marketing BS thrown at consumers for monetary gain.

    All third party security vendors try to portray Microsoft as completely incompetent in regards to security.

    Get real people, with the advent of Windows 10 third party security software is now on the threshold of next to nil.



    -HKEY1952
     
    Last edited: Nov 14, 2017 at 5:56 PM
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,988
    Location:
    Europe then Asia
    first i wonder why you get so aggressive, did i touched a nerve?

    Yes sure... tell that to the people who were infected by banking trojans and other ransomware like Wanacry, you will find plenty asking for help to remove them...
    Sure, they shouldn't download or click on unknown executables or files, but will you blame them for their ignorance?

    MS let obsolete features like SMBv1 active until millions get infected, they let Powershell installed on Home versions (when no one use it except ITs or Sysadmins) which is the n°1 interpreter used for exploits, they let people using Admin account as default account? come on...That is the real BS, not security vendors that deploy counter-measures that try to prevent those security holes to be exploited.
    Luckily now, MS understood that they need to built stronger security mechanism in their latest OS, i approve them since they started in Win8, but a bit late isn't it...?

    People in forums believe that all users have their knowledge and have safe habits...This isn't true.
    You gave some advices (DNS, etc...), most average Joe won't even understand what you are saying, only those with some decent computing knowledge will...
    I was a repair guy long time ago, and i can tell you most of my ex-customers didn't know more than just push the power button and click only on their software's icon button to launch them...
    People in computing/security forums live in another world.

    Anyway i gave my opinion, you are free to disagree, i won't go further.
     
    Last edited: Nov 14, 2017 at 8:21 PM
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,081
    Location:
    Canada
    I confirm this and agree with @alexandrud 100%. It works exactly as I would it expect it to in Win 7 but it definitely does not work on Win 10 (I can't confirm Win 8 but I expect the same issue as well).

    In fact there was one svchost with PID 3180 where the Event Viewer Security logs reported it blocked to remote MS IP address, port 443, and even after I allowed the service under it to any remote address and remote port it was still showing blocked, and of course the update check still failed. In spite of some very long posts extolling the virtues of Microsoft's technical brilliance, they have, imho, failed miserably on the firewall w/advanced security since Win 7.
     
    Last edited: Nov 14, 2017 at 9:17 PM
  9. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    409
    Location:
    Italy
    What is beyond my understanding is why different people with the same OS have different answers for the same question... maybe there's a difference among Windows 10 versions? I'm using the Home edition

     
  10. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    30
    Location:
    Germany
    Firewall in all editions of Windows 10 is the same. To get updates for Windows only rule #2 is enough, it works for me. But I still install updates only offline, having previously studied, what good or what portion of telemetry they will add to my system.
     
  11. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    409
    Location:
    Italy
    OK, thanks :)
     
  12. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    30
    Location:
    Germany
    My questions on this screenshot
    1.png
    Please help me, how do I have a screenshot in my message, and not a link to it?
     
    Last edited: Nov 15, 2017 at 1:44 PM
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,412
    Location:
    Romania
    The first group name is empty. It means it will clear the group name and set it to None. I will add a tooltip for that empty entry.
     
  14. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    24,505
    Location:
    U.S.A.
    aldist, if you are talking about attaching an image to a post, see Basic Image Attachment Uploading (on XenForo), and then use the Test Forum to test attach images.

    Keep in mind that as Policy, you need to own your image, not use third party images which may run afoul of copyright laws. Enjoy testing!
     
  15. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    30
    Location:
    Germany
  16. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    24,505
    Location:
    U.S.A.
    aldist, you're welcome! Take care.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,726
    Location:
    The Netherlands
    Totally forget to ask this question, and I'm still using an older version of WFC, but is it possible to assign names to an app in the connections log? For example, with SpeedFan you don't get to see anything in the name column.

    http://www.almico.com/sfscreenshots.php
     
  18. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    30
    Location:
    Germany
    I think, that the application name in the connection logs is taken from the application name in the rules pane. The name can be entered or edited in the Properties (2xLMB)
    Снимок2.jpg
     
  19. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    654
    Location:
    HKEY/SECURITY/ (value not set)
    What we have here is an failure to "communicake" as the Boss stated in the movie Cool Hand Luke starring Paul Newman. "cake" what an dude!

    Again.....,
    What one must arrive to understand is that the Microsoft Windows 10 service-hardening rules govern the Microsoft Windows Defender Firewall for both Outbound and Inbound connections regardless of any firewall rules that may exist.
    Microsoft owns Ring 0 of the firewall. Ring 0 is governed by the service-hardening rules.

    The NEW firewall rules for Windows Update NOW reside in Ring 0 and are not visible or accessible to/for the End User of the Operating Service, and exist 'explicit ruling'.

    Which means that any end user defined rules for windows update require that the properties of the end user defined rules to exactly match the properties of the windows update rules in ring 0 to allow for windows update to work, and that can not be achieved because the properties for the windows update rules in ring 0 are not accessible to the end user. Also take note, that now, when windows defender firewall is set to block all outbound, some of the TCP:443 out are blocked and can not be re-configured to allow because of the explicit ruling.)

    Microsoft has removed the PROGRAM 'wuauserv.exe' from %SystemRoot%\System32\ so that the PROGRAM svchost.exe can no longer be BOUND to the Windows Update SERVICE to create an firewall rule for Windows Update.

    Setting the Windows Defender Firewall to Block All Outbound will NOW also result in that the service-hardening rules in Ring 0 for Windows Update will automatically BLOCK some TCP:443 Out, and Windows Update will fail.
    Check the Binisoft Windows Firewall Control Logs for Blocked TCP:443 Out. (end user will not be able to create valid working rules here because the port/s are blocked in ring 0 with explicit rules)


    What does all of this mean? It means that Microsoft is encouraging, some might argue and say forcing, the end user of the Microsoft Windows 10 Operating "Service" (system) to leave the Windows Defender Firewall at the DEFAULT SETTINGS for optimal security. (That's GOOD)

    The default settings for Microsoft Windows Defender Firewall are: Allow All Outbound and Block All Inbound.


    Note that failure to update Windows through Windows Updates for an prolonged period of time will result in that device being denied future updates from Microsoft.


    Look, if one is that paranoid about allowing all outbound do this:
    Choose new outbound rule
    Choose Predefined
    Choose Diag Track (for example)
    Choose BLOCK (the default)
    Result - "Connected User Experiences and Telemetry" are now blocked outbound for TCP:ALL for All programs and All application packages.

    Repeat the above for any Predefined rule your little ole heart desires.
    Microsoft has provided the end user with all of the necessary rules to block or allow in "Predefined Rules" for both In/Out for optimal security.

    Microsoft Windows 10 is an set-it-and-forget-it Service.



    -HKEY1952
     
    Last edited: Nov 15, 2017 at 8:44 PM
Loading...