Discussion in 'other firewalls' started by alexandrud, May 20, 2013.
Thanks - that works for me.
Amazing little piece of software. Best Windows 7 firewall in the world. I have a feature request. Please make an optional safe sleep mode profile in addition to "high, medium, low and no filters"; This profile hardens to allow only programs you want to access the internet while you are away or sleeping, hardening Firewall for unattended activity. This way you don't have to reprogram every setting in the firewall manually. Id call it sleep mode. (if you could change the default name from "sleep mode" to "anything," this is even cooler. But for default, people will see for when you go to sleep or leave your computer for days on end! This feature would block every incoming and outgoing connection except for what you pre-defined. You can call this, "sleep mode," or "lock down," safe mode, or whatever. If this is the only software calling out onto the net, then you are infinitely safer while leaving computer unattended. Another great feature would be simply, an option to turn off NIC (network card) or enable (high filter) during screen saver. This way any unattended computer would stop all internet activity; Any time a device is idle on the internet, there is elevated chance of hacker activity, the more broken the connection is, the more difficult, the more annoying it is for hackers! The less opportunities for being hacked; Also saves energy. Even better would be a NIC saver setting built into program, "put NIC to sleep after (****) minutes of zero user activity. Over all hacking statistics for computers using this option would be notably lower! It would only improve safety! And also save on electricity. Setting a new standard for Firewalls; The only time you are almost totally safe from hackers is when your computer is offline. Well. I cannot even find any single piece of software that automatically turns off the network card, on a timer or with screen saver. You made the best firewall in the world. Keep up the great works.
BTW the only thing I do not like is how I must click twice to tell a program "5 minutes, 30 minutes, 60 minutes " etc, when installing software sometimes we see 10-20 popups; If WFC would remember the last selection, that would be more productive. An option to change the Mac address would be awesome too! <3 THANK YOU SOOO MUCH FOR MAKING THE BEST FIREWALL IN THE WORLD BROTHER!
When you use Medium Filtering profile, you already have enabled inbound filtering protection and outbound filtering protection. This means only the programs that have an allow rule will be able to connect to the Internet. I don't see the point here for a new profile that will do the same thing as Medium Filtering. What else should happen when this "sleep mode" gets enabled ?
I could add any of these options. "Disable network card after xx minutes of inactivity" or "Enable High Filtering after xx minutes of inactivity". The first option is not very nice because WFC might disable several network cards and they also must be re enabled automatically when the user uses again the computer (mouse movement, keys pressed on the keyboard, etc). The second approach would be easier to handle. Anyway, until I will think about this, you could use Task Scheduler to create a task that would disable your network cards when the computer is idle for a configurable amount of time.
Those buttons were working with one click in the past, but since those small buttons have no labels on them, I got several complaints about creating unwanted rules because of this. So, I changed the behavior, which will remain as it is now.
Regarding the MAC address, I can change it from code, but I don't see where to put this kind of action in the user interface. Changing the MAC address is not something that you do very often. Actually, I never changed the MAC address of any of my devices because I had no reason to do it. If you change your MAC address often, you could create a batch file that can be used for this purpose. I really don't see where this feature would fit in WFC.
This is very well!
I have found something rather alarming. When I am using a VPN (NordVPN) my block rules are apparently being ignored.
I had TCPview on this morning while connected to my VPN and accidentally clicked on the Windows store. I was surprised to see it connecting on TCPView even though I had a "any" block rule in place. I checked the WFC connection log and sure enough it was going through. So I verified, VPN off blocked, VPN on allowed.
Do I need to set something to have my block rules enabled for a VPN?
Windows 10 1709 fully patched.
Feb 9, 20:58 EET
Thank you for your letter.
This is an expected behavior because our while you are connecting through VPN, it is setting our own firewall rules to avoid any possible security leaks.
If you didn't know, there is a option under Security (in WFC) called Secure Rules. If I am not mistaken, when you turn that on, it will ask if you want to add all your current rules to the "Secure Rules" group. Then with it enabled, other programs cannot just make their own rules without you knowing. The option below it will allow you to have them automatically disabled or just deleted. That way if the program tries to make its own rules, they will be auto disabled or just deleted.
Very happy with WFC. Small request: It would be nice to hover mouse over tray icon and see my IP info.
Yea, I have that checked, the problem is not with new rules being created but with block rules being ignored as in my post 3772 above.
I sent a message to Perfect Privacy VPN and got this response:
> I am inquiring to see if Perfect Privacy will honor my existing
> Windows firewall blocking rules. I have numerous blocking rules in
> place to block programs that \\\"phone home\\\" for example. I use
> WFC (Windows Firewall Control) as a bridge to Windows firewall to
> control allow/block rules.
> Thank you,
In theory yes, because The VPN manager never removes any rules it has not set itself. However, in practice it may be a but more of a hassle since sometimes the firewall protection still is active even though it shouldn't be. (can happen for instance if the computer bluescreens while VPN connection is active). In that case a user would might need to reset the Windows Firewall to default - in your case that would remove all your rules as well. But you can also just delete all PP block rules in the firewall, that should work as well.
NordVPN is a good service (and economical) but this behavior on my firewall rules changes things. Perfect Privacy while more costly seems to allow for your own rules. I'll have to give it a trial to find out.
Does this prevent Steam from creating a bunch of rules? I find that when I run Steam, and it updates a game, I'll have newly created firewall rules for said game, even if it's a single player game with no online functionally, which is weird, anyone know whats up with that? Windows 10 also does this when it updated apps from the Windows store...
Yes it will stop Steam from doing it. And it will stop Windows 10 also.
About "Secure boot": would it be possible to add an option to automatically set Medium Filtering (or Low) during (or after) the next start-up?
This task can be solved, if you add the execution of .bat to the Windows Task Scheduler when the computer is booted (example for Medium Filtering from User Manual):
The task is to enable or disable if necessary. On the desktop, you can create a shortcut to start the task.
Some VPN vendors use their own Windows Firewall policies. The ones that I tried which didn't do this were AirVPN and TunnelBear. For these two, I just had to create an allow rule for their VPN executable file. The rest of the firewall rules were not affected in any way.
I will think about it since this makes sense only for IPv4 and to display only the current active connection, not all network adapters.
Automatically setting Low Filtering is a bad idea from the start. You should use Medium Filtering most of the time and keep Low Filtering enabled just temporarily to debug connectivity problems. For the scenarios where you must use Low Filtering, use the revert profile from the Profiles tab to make sure that Medium Filtering profile gets re-enabled in case you forgot to do it manually. Secure Boot has a different purpose.
Thank you, I tried it but it doesn't switch the profile from High to Medium (it doesn't seem to do anything). Also ran it as Admin. I'll the check the Manual more.
Thanks, forget I ever mentioned Low Filtering. I meant this a convenience feature. If I understand correctly, Secure Boot is about fully blocking connections during shut-down and start-up, for users that otherwise use Medium Filtering. Since this option automatically switches from Medium to High, it'd be nice if it could also switch automatically back to Medium right after start-up. The "Revert profile" option could help in this, but I think it's meant for other purposes (those mentioned in the manual). I would have to set its value in seconds, or 1 minute at most for this purpose (to automatically switch to Medium after start-up).
Thanks, I'll give these two a look.
NordVPN appears to bypass the Windows firewall completely. I am trying Perfect Privacy VPN now, it alters the Windows firewall rules when connected but retains the block rules. When you disconnect the rules go back to their original state.
What is the difference between rules lines in green and rules lines in white? (red = blocked, I think)
Where can I find a user's guide ?
P (registered user)
On the main window of WFC look in the top right. The pad lock will lock WFC and the icon to the right will open the user manual.
Green is Allow, Red is Block and White is Disabled.
Thks, I have seen the icon. Is it so difficult to write "help" inside ?!! = suggestion for Alexandrud
Actually, it is difficult to write "help" inside a 24x24 vector image. But the button has a tool tip.
That's very true Alex. Maybe you could just insert a "?" as some softs do.
Whilst I am here I would just like to thank you for all the hard work you put into this remarkable program. You make managing the outbound connections very straightforward and are always on hand to answer queries. Many thanks!
Prevent applications from creating or modifying Windows Firewall rules
After setting up the Windows Firewall rules, go to HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules and replace the owner of the registry branch with yourself, and all users, including yourself, disable everything, leaving only read permissions.
Now the registry branch will look like empty.
Now no program can change or add rules.
If you need to make changes to the rules, you need to open the registry and set your user the right to write to the registry branch with the rules.
Do you think you need to do this in the WFC with two buttons "Deny access..." and "Allow access..."? The logic of work here is more understandable than the Secure Rules.
It seems that after todays W10 update, the firewall control doesn't work. Shows a black ! and says cant connect to the service, no matter what.
No problems here after the latest Win10 updates.
No issue here after updating either. Win 10 64bit.