Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,448
    Location:
    .
    Okay, as a user. I've now had a second Windows update install produce the same problem. Namely, click Windows Icon > Start Menu does not display. Click clock Icon > calendar does not display. So, I was trying to gather insight as to whether 5.1 might be causal. With 5.0, as far as I know, my Windows Updates were okay.
    Okay, so how would I know if Secure Rules needs to be disabled?

    Regards w Respect.
     
  2. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    WFC Events not getting logged since Re-Install of new version 5.1.0.0?

    WFC blocked an Outbound connection this morning and I was distracted and missed it and it flashed away. Inspection of pfirewall.log is TMI :).
    So I took a peek at Events and none have been logged since the reinstall?

    Any clues? TIA

    Never mind! Found them. I was looking in the wrong place. I was looking under WFC and needed to be looking under Miscrosoft\windows\windows firewall with advanced security.

    Thoughg I do wonder why the apps & services log\WFC Events themselves have no event logged since the re-install?
     
    Last edited: Mar 7, 2018
  3. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    923
    Location:
    Land o fruits and nuts, and more crime.
    Windows 7x64 "Secure boot" checked
    Start-up it was in Medium Filtering. Cleaned with CCleaner then shut-down.
    Only happens randomly.
    Some rules seem to forget my choice.
     
  4. sipertruk

    sipertruk Registered Member

    Joined:
    Oct 26, 2016
    Posts:
    10
    Location:
    Europe
    Because the win7-8 calculator is better ;), someone has made an installer to put it back.
    In the WPD case the problem is easy to diagnose, though with some other program (with bad design I may agree) it may not be so.

    On another subject, in the connection log when a generic rule is involved the current search system can't help. Is it possible to programmatically do the following, in a few words : use the FilterRTID field to get the rule that blocked the connection. https://superuser.com/questions/1130078/how-to-tell-which-windows-firewall-rule-is-blocking-traffic
     
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,910
    Location:
    Romania
    Do you also use TinyWall or GlassWire? Your rules were not removed out of nowhere.
    Removing all rules entirely is not a good idea. Some svchost.exe and System rules must be always there for networking purposes. You can't just delete all firewall rules, create a rule for a specific software and expect that software to connect to the Internet. It doesn't work this way.

    To connect from your phone to your computer you must create some inbound rules.

    Here is the installer of the previous version, 5.0.2.0: https://www.binisoft.org/download/old/5020/wfc5setup.exe
    Please let me know if everything works again with this version. But, I really don't see where the new version is failing to work as is worked until now.
    Auto receive updates consumes a lot of resources (CPU, RAM). This feature was intended to be used for a short period of time to debug connectivity problems, not as a network connections monitor. However, I left Connections Log on my computer open for hours and it did not affect WFC negatively. Indeed, WFC used a lot more RAM, but after closing Connections Log window, the memory usage reverted to a lower number. It may behave differently on a virtual machine with few CPU cores or on older processors. So, the reason is this feature. Turn it off and you won't notice again the same problem.
    The notifications system works the same as in version 4.8.6.0. The new features and fixes did not change the notifications system. Please check my answer here to see why notifications may stop showing up. Trust me, the notifications are not broken, they work for everyone. You probably miss something here.
     
    Last edited: Mar 8, 2018
  6. blackwind

    blackwind Registered Member

    Joined:
    Apr 18, 2017
    Posts:
    3
    Location:
    Canada
    I've found that Store apps can no longer update when Secure Rules is enabled in v5.1. Event Log is populated with the following on every update attempt:

    "Installation Failure: Windows failed to install the following update with error 0x80070005: 9WZDNCRFHVH4-Microsoft.BingSports."

    After a failed update, the app no longer runs at all, instead popping up a "This app can't open" dialog. Disabling Secure Rules and updating the app again restores functionality, but the Store reports the app "Needs a repair".

    I've had to revert to v5.0.2.0 for now. Hope you can figure this out in a future update.
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,448
    Location:
    .
    Maybe, 4092077 is "fix" for my issue.
    https://www.askwoody.com/2018/microsoft-releases-new-single-purpose-patch-for-win10-1703-kb-4092077-to-fix-a-bug-in-an-earlier-patch/
     
    Last edited: Mar 8, 2018
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,910
    Location:
    Romania
    Because to me, it seems better.

    upload_2018-3-9_7-15-51.png

    The fact that your Windows does not display the Start menu or the calendar, has nothing to do with WFC.

    Read the user manual or my post from below which says the scenarios when you would want to turn Secure Rules off:
    https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-154#post-2742117
    The purpose of Secure Rules is to ensure that no other software will mess up with your firewall rules anymore. You, as a user define 10 rules, then you can be sure that you have 10 rules, not 20 after you install a new software, or 50 after you open Windows Store. Secure Rules has a purpose and does what it supposed to do. If Secure Rules does not suit your needs, you can turn it off entirely and don't bother again with questions like when you should use it or not. Not all features are for everyone.
    You can see the recently blocked/allowed connections in WFC Connections Log. There is no need to pursuit events in Event Viewer :)
    Secure Boot will automatically set High Filtering profile when a system shut down event is detected by the program. If the operating system detects many programs in memory during the shut down procedure, it will kill the processes instead of waiting for them. In this case WFC may not set High Filtering at shut down because the process will be killed before doing so.

    What rules forget your choice? Please give more details.
    Don't trust anything you read on the Internet. If you have enabled outbound filtering (Medium Filtering profile), then you will find nothing because the connections are not blocked by a firewall rule. Since you enable outbound filtering, any connections without an explicit allow rule will be anyway blocked. So, I don't see a reason to have block rules at all. If you disable outbound filtering (Low Filtering profile) and start creating tens of block rules, you are already doing it wrong.
    See above my answer related to this. Secure Rules works as expected and there is nothing to be fixed.
     
    Last edited: Mar 9, 2018
  9. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    318
    Location:
    Canada
    You are using an all white color, set it to black or another color and it looks bad.
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,910
    Location:
    Romania
    Actually, I am using it with black color. The previous screenshot was just an example. To me, it seems better, ok, maybe not the scroll bar part.
    If this is something that you can't overlook and really hurt your eyes, then you can use version 5.0.2.0.
     
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,448
    Location:
    .
    Hmm, I re-re-read the user manual and your related post(s). The HotKey toggle Secure Rules suggested to me that I'd need to frequently toggle Secure Rules.
    Jeez, something I said?
     
    Last edited: Mar 9, 2018
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,910
    Location:
    Romania
    Not intended to upset you :) Indeed, if you use on a daily basis Windows Store and want to keep Secure Rules enabled, you will have to toggle it pretty often :)
     
  13. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    88
    Location:
    Belgium
    --@alexandrud: a small answer -confirmation- please?
    ----->And what about all these ALLOWED IN connections? Where do they come from?? Who is constantly communicating with svchost.exe ?
    http://zupimages.net/viewer.php?id=18/10/exip.jpg
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,910
    Location:
    Romania
    For the first part, I don't know the answer since I do not know what features are enabled on your modem/router.
    For the new question, to your new screenshot, the source of these connections is your modem/router (192.168.1.1) and the destination is your PC. The traffic is made on port 1900, UDP protocol. Network Discovery uses this port. Your modem/router tries to discover the devices from your network, nothing to worry about.
     
  15. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    88
    Location:
    Belgium
    Thks Alexandrud!
     
  16. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    Where is the User Manual? I have looked everywhere.
     
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,448
    Location:
    .
    To launch the user manual, press F1 in any WFC window (ctrl + F1).
    https://www.binisoft.org/faq2
    &
    Open up Main Panel from WFC taskbar Icon and click Icon far right top.
    2521.png
    2520.png
     
    Last edited: Mar 11, 2018
  18. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
  19. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    I allowed Svchost outgoing access on port 1900 to the LocalSubnet but I still see in the connections log where it is blocked using IPV6. Does LocalSubnet not count for IPV6?

    The address in the connection log is the local network, not public. Also I disabled IPV6 by unchecking it in TCP/IP and using powershell. I don't even understand how it can be blocked if it is disabled.

    EDIT: Also I see this in my logs-
     

    Attached Files:

    Last edited: Mar 9, 2018
  20. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    923
    Location:
    Land o fruits and nuts, and more crime.
    Running great, no more random "Secure boot" problems, "Internet-off" solves that.
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,910
    Location:
    Romania
    For the first question, post a screenshot of these blocked connections. So, you have disabled IPv6 on your network adapter and you still see IPv6 connections?
    For the seconds questions, see here my answer.
     
  22. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    I have it disabled, with picture showing it and here are logs from just now:
     

    Attached Files:

  23. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    543
    Location:
    Lunar module
    To Eliot
    If you do not have a local network and a network printer on your computer, disable it:
    ScreenShot_118.png
     
  24. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    Thanks, done.
     
  25. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    The IPV6 seems to have stopped showing in the logs for now. Only other thing in logs is stuff I have blocked. I would use IPV6 but this POS Comcast modem is the worst. It fails to give out the gateway half the time and others it won't even send out DHCP addresses. I plugged in an old router to test it and I waited 45 min, it never got an IPV6 from modem. So disabled it is.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.