Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    420
    Many thanks @alexandrud. I can confirm that all is fine now that I have updated to 5.0.1.19. - WFC is retaining the correct Notification Status after I exit Shadow mode.
     
  2. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    455
    Location:
    Switzerland
    I find your suggestion principally good IF this could be implemented as an option (to not confuse "normal" users (too much)) ...
     
    Last edited: Dec 5, 2017
  3. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    692
    Location:
    Land o fruits and nuts, and more crime.
    Was having same problem (we thought it was ccleaner over clean problem).
    No problems now.
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,568
    Location:
    Estonia
    I will think about it.
     
  5. Jakezilla

    Jakezilla Registered Member

    Joined:
    Dec 6, 2017
    Posts:
    1
    Location:
    USA
    I just came across this application in my search for 2 things, #1 a better UI for firewall management than the built in Windows 10 interface, and #2 a way to control what is used when connected to a metered connection (hotspot). This application obviously accomplishes the first task, but what would be the best way to go about #2? My ethernet+DSL connection to my home has random periods of high latency that are not conducive to gaming so I have been using my phone's hotspot feature. My hotspot has a datacap though and I'm concerned about background processes needlessly using data while gaming. So I'd like to have one set of rules for normal use, but then a very restrictive set of rules for my hotspot connection that basically only allows my chat client and game. Is the best way to do this having two Policy Files (.wfw) and manually switching between them? Can I make my own profiles for the Profiles tab (that lists High, Medium, Low, No)? Is there a way to automatically have it switch based on the active connection (like set up my DSL as a private network and hotspot as a public network)? Thanks for your help!
     
  6. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    692
    Location:
    Land o fruits and nuts, and more crime.
    After a full cleaning with PrivaZer last couple versions when starting up, WFC is in "medium filtering" mode when "secure boot" is checked.
    After another restart back to normal (High filtering). Win7 64.
     
  7. rs11

    rs11 Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    52
    Latest version is stuck in low filtering
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,568
    Location:
    Estonia
    You can't define your own profiles. You don't have to use tow different policy files.
    1. Create a large set of firewall rules for Private location only. These will be applied when you are connected to your DSL connection. Make sure that you are in Private location when use this connection.
    2. Define a small set of firewall rules for Public location only. These will be applied when you are connected through your phone. Make sure that you are in Public location when you use your phone connection.

    For a minimum set of firewall rules required for Internet connectivity, check the "WFC recommended rules" (see the user manual by pressing F1 in any WFC window).
    Secure Boot will automatically set High Filtering profile when the system shut down event is detected by the program. If wfc.exe is not running or if the shut down executes too abruptly, then WFC may fail in switching the profile. In this case, you must change the profile manually to High Filtering before restarting Windows.
    This may happen on your computer if another security software blocks Windows Firewall from filtering outbound connections. Check my answer number 3) from this post.
     
    Last edited: Dec 9, 2017
  9. rs11

    rs11 Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    52
    I'll turn everything else off and try again
     
  10. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    225
    Location:
    Germany
    Ambiguous behavior when double clicking on the selected line in "Connections Log" and "Rules Pane".
    Select the line in the "Connections Log" or "Rules Pane", then double-click in the highlighted row in the Program column, the "Customize and Create" or "Properties" window will not open.
    1.png
    Double-click in the other columns- the "Customize and Create" or "Properties" windows may open or may not open.
    If you double-click on any column on an unselected line, then the trigger is clear, the "Customize and Create" or "Properties" windows always open.
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,568
    Location:
    Estonia
    Thank you for reporting this. It is a side effect of a recent fix that I made to be able to deselect the the last selected item. I will fix this.
     
  12. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    225
    Location:
    Germany
    Thank! Does the WFC (Windows Firewall) block 127.0.0.1->127.0.0.1 connections, if it blocks, then how correctly to make a rule (UDP, TCP, both)?
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,568
    Location:
    Estonia
    WFC does not block or allow any connection. Take a look here about your 127.0.0.1 question.
     
  14. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    886
    Location:
    UK
    for those blocking svchost (I would love to do), how you managing to keep things like windows updates working?
     
  15. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    225
    Location:
    Germany
    To chrcol
    Rule svchost.exe for Windows Update
    TCP Out
    Local Port- any
    Remote Port- 80,443
    Local IP- any
    Remote IP- any
    Deny
    Only for the period of checking and installing Windows Update- allow.
     
  16. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    886
    Location:
    UK
    ok fair enough, thanks.
     
  17. kenw

    kenw Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    120
    Location:
    Brighton, Colorado
    Just found this forum so hope I am in the in the correct.
    Using the newest version of WFC on four computers Windows 10 Pro.
    On ONE the the Rules Panel just showed with many Internet Connection
    Sharing rules.
    I have sharing turned off and set as Public WiFi.
    Any ideas ?
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,568
    Location:
    Estonia
    When you enable/disable certain features from Windows, the operating system enable/disables some firewall rules. If these rules do not exist, they are created. To avoid the creation of unwanted rules (even if they are legit, the operating system created them, not a 3rd party software) use Secure Rules feature from WFC.
     
  19. mike83

    mike83 Registered Member

    Joined:
    Mar 9, 2016
    Posts:
    30
    I recently upgraded from Windows 7 to Windows 10 (clean install) and I am currently trying to clean up my WFC rules to a tidier configuration that would still allow me to surf the internet, use Outlook, print documents and share folders in the local subnet.

    I have a desktop PC using an ethernet connection that is configured to use the Private profile. After playing around with the WFC rules and the Firewall configuration for a while I noticed that i must configure the default outbound connections in the PUBLIC profile to "Allow" to get my normal internet connection to work.

    I find that a bit strange and I wonder if there is a logical explanation to this...

    So, I have only one physical network connection in use (ethernet, via PRIVATE network profile). If I use Group Policy to change the Windows Firewall with Advanced Security default behavior in the PUBLIC profile to "Block" and boot the workstation, I will have no more a network connection. The network connection in the Control Panel will show up as "Identifying..." for a long while, ending up to eventually showing "Unidentified Network / Public Network".

    If I change the network profile back to "Private", it will change back to "Public" in the next reboot. (The workstation is not connected to a domain, so I want to use the Private profile).

    Only if I change the PUBLIC profile default outgoing behavior to "Allow", my ethernet connection will stay at "Network 2 / Private", and the internet connection is working as expected.

    Is there a reason for this behavior? I was thinking to change the default outgoing behavior in both Domain and Public profiles to "Block" since I saw no reason to leave them "Allowed"...

    - -

    PS. If somebody happens to have a small and tidy working WFC configuration that enables using printer, web browser, mail client and folder sharing in the LAN, I would be interested in seeing what kind of configuration you have ended up to...
     
  20. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    225
    Location:
    Germany
    To mike83
    Public network. By default, any network on the first connection falls into the category of public. For such a network it is meant that it is open to other computers and does not protect the local computer from others in any way.
    Private network. Connection to a network that is inaccessible to others can be noted by the administrator as private. This, for example, can be a connection to a home or office network isolated from public networks using a hardware firewall or a device that performs network address translation (NAT). The network never falls into the category of private automatically. This setting is made only by the administrator. Windows remembers such a network, and the next time it connects, it will remain in the private category.
    I always make rules that work "for all profiles".
     
  21. wildturkey

    wildturkey Registered Member

    Joined:
    Jan 5, 2018
    Posts:
    2
    Location:
    UK
    @alexandrud
    Love the FW but popups created by "dashost.exe" is driving me crazy. Here is the scenario and I hope you can shed light:

    Windows 10 (version 1709) build 16299.192 (fully patched at time of writing).
    1. My Ethernet and/or WIFI is set to PRIVATE.
    2. I use Medium Filtering in WFC.
    3. Recently installed Hyper-V service and by default the OS sets the Virtual Switch and vNIC to PUBLIC and there is no way to change this (without a reg hack which I don't want to do).
    4. This causes the WFC software to report the connected location as VPN. It was previously PRIVATE. If I disable the vNIC, the location goes back to PRIVATE and the constant pop-ups stop.
    5. I have attached screenshots to show you the settings. You can see the FW rule has dashost.exe Allow on both Private and Public and yet it keeps creating popups.
    Is it possible address this issue?

    https://drive.google.com/open?id=1BWrzw2nkGp6IBQsqDqKXmGIGkkmC4j5f
    https://drive.google.com/open?id=13CqpBLJ9RwY6ZhvCjRP6Ys3EObduORo6
    https://drive.google.com/open?id=1ro3q5LaWWB5y4NUIEGk6Adlb_4aURTqc
    https://drive.google.com/open?id=1mm7tWxCfP1ceEljpngodGy7Lv010htCF
     
  22. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    225
    Location:
    Germany
    Try after creating the rules for dashost.exe adding dashost.exe to Notifications exceptions.
    22.png
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,568
    Location:
    Estonia
    What you configure from Windows Firewall Control Panel applet is different than what you configure from group policy editor. In Control Panel, does you Private connection appear as connected ?

    upload_2018-1-7_15-6-27.png

    I would not recommend to change Windows Firewall settings through group policy editor since these settings may behave differently than expected. Also, firewall rules that are defined through GPE are not available in WFC because Windows Firewall API doesn't expose these firewall rules and WFC can't retrieve them. But, if you are connected to the Private location and you have outbound filtering enabled in Windows Firewall (Medium Filtering profile in WFC) then outbound connections without allow rules are anyway blocked, so what you want to configure is not required.

    For a small set of rules, check WFC recommended rules.
    Does it help if you set the rule Location to All instead of just Private and Public ? Do you have this problem only with dashost.exe ?
     
    Last edited: Jan 7, 2018
  24. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    162
    Location:
    Canada
    Don't go to bingsoft.org without sunglasses guys.
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,568
    Location:
    Estonia
    Windows Firewall Control v.5.0.2.0

    Change log:
    - Fixed: After the fix that made it possible to deselect the last selected entry, double click doesn't work anymore as expected in Rules Panel and Connections Log.
    - Fixed: Properties dialog of the program is displayed under notification dialog instead of on top of it.
    - Fixed: When creating a new rule in WFC, if the 'Name' or 'Description' contain special characters, they are removed even if the same values are valid when creating the same rule from WFwAS.
    - Fixed: Sorting by 'Action' column does not work in Rules Panel and Connections Log.

    Also important, I changed the website to be faster and more secure. The database was upgraded and all passwords were reset to the default password. If you know it, use it, if not, use the password recovery page. Thank you for your understanding.

    Download location: https://binisoft.org/download/wfc5setup.exe
    SHA1: 60e5459849ec66b191cd38df29f4929a18aa8e2a
    SHA256: da92ab08a4b1d7eb876feb5ac53d8a4c57f020027c1d38dbb86e24ef5e730589

    Best regards,
    Alexandru
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.