Windows Firewall Control (WFC) by BiniSoft.org

Okay, as a user. I've now had a second Windows update install produce the same problem. Namely, click Windows Icon > Start Menu does not display. Click clock Icon > calendar does not display. So, I was trying to gather insight as to whether 5.1 might be causal. With 5.0, as far as I know, my Windows Updates were okay.

Okay, so how would I know if Secure Rules needs to be disabled?

Regards w Respect.

 

WFC Events not getting logged since Re-Install of new version 5.1.0.0?

WFC blocked an Outbound connection this morning and I was distracted and missed it and it flashed away. Inspection of pfirewall.log is TMI .
So I took a peek at Events and none have been logged since the reinstall?

Any clues? TIA

Never mind! Found them. I was looking in the wrong place. I was looking under WFC and needed to be looking under Miscrosoft\windows\windows firewall with advanced security.

Thoughg I do wonder why the apps & services log\WFC Events themselves have no event logged since the re-install?

 

Windows 7x64 "Secure boot" checked
Start-up it was in Medium Filtering. Cleaned with CCleaner then shut-down.
Only happens randomly.
Some rules seem to forget my choice.

 

Because the win7-8 calculator is better , someone has made an installer to put it back.
In the WPD case the problem is easy to diagnose, though with some other program (with bad design I may agree) it may not be so.

On another subject, in the connection log when a generic rule is involved the current search system can't help. Is it possible to programmatically do the following, in a few words : use the FilterRTID field to get the rule that blocked the connection. https://superuser.com/questions/1130078/how-to-tell-which-windows-firewall-rule-is-blocking-traffic

 

Do you also use TinyWall or GlassWire? Your rules were not removed out of nowhere.
Removing all rules entirely is not a good idea. Some svchost.exe and System rules must be always there for networking purposes. You can't just delete all firewall rules, create a rule for a specific software and expect that software to connect to the Internet. It doesn't work this way.

To connect from your phone to your computer you must create some inbound rules.

Here is the installer of the previous version, 5.0.2.0: https://www.binisoft.org/download/old/5020/wfc5setup.exe
Please let me know if everything works again with this version. But, I really don't see where the new version is failing to work as is worked until now.

Auto receive updates consumes a lot of resources (CPU, RAM). This feature was intended to be used for a short period of time to debug connectivity problems, not as a network connections monitor. However, I left Connections Log on my computer open for hours and it did not affect WFC negatively. Indeed, WFC used a lot more RAM, but after closing Connections Log window, the memory usage reverted to a lower number. It may behave differently on a virtual machine with few CPU cores or on older processors. So, the reason is this feature. Turn it off and you won't notice again the same problem.

The notifications system works the same as in version 4.8.6.0. The new features and fixes did not change the notifications system. Please check my answer here to see why notifications may stop showing up. Trust me, the notifications are not broken, they work for everyone. You probably miss something here.

 

I've found that Store apps can no longer update when Secure Rules is enabled in v5.1. Event Log is populated with the following on every update attempt:

"Installation Failure: Windows failed to install the following update with error 0x80070005: 9WZDNCRFHVH4-Microsoft.BingSports."

After a failed update, the app no longer runs at all, instead popping up a "This app can't open" dialog. Disabling Secure Rules and updating the app again restores functionality, but the Store reports the app "Needs a repair".

I've had to revert to v5.0.2.0 for now. Hope you can figure this out in a future update.

 

Maybe, 4092077 is "fix" for my issue.
https://www.askwoody.com/2018/microsoft-releases-new-single-purpose-patch-for-win10-1703-kb-4092077-to-fix-a-bug-in-an-earlier-patch/

 

Because to me, it seems better.

The fact that your Windows does not display the Start menu or the calendar, has nothing to do with WFC.

Read the user manual or my post from below which says the scenarios when you would want to turn Secure Rules off:
https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-154#post-2742117
The purpose of Secure Rules is to ensure that no other software will mess up with your firewall rules anymore. You, as a user define 10 rules, then you can be sure that you have 10 rules, not 20 after you install a new software, or 50 after you open Windows Store. Secure Rules has a purpose and does what it supposed to do. If Secure Rules does not suit your needs, you can turn it off entirely and don't bother again with questions like when you should use it or not. Not all features are for everyone.

You can see the recently blocked/allowed connections in WFC Connections Log. There is no need to pursuit events in Event Viewer

Secure Boot will automatically set High Filtering profile when a system shut down event is detected by the program. If the operating system detects many programs in memory during the shut down procedure, it will kill the processes instead of waiting for them. In this case WFC may not set High Filtering at shut down because the process will be killed before doing so.

What rules forget your choice? Please give more details.

Don't trust anything you read on the Internet. If you have enabled outbound filtering (Medium Filtering profile), then you will find nothing because the connections are not blocked by a firewall rule. Since you enable outbound filtering, any connections without an explicit allow rule will be anyway blocked. So, I don't see a reason to have block rules at all. If you disable outbound filtering (Low Filtering profile) and start creating tens of block rules, you are already doing it wrong.

See above my answer related to this. Secure Rules works as expected and there is nothing to be fixed.

 

You are using an all white color, set it to black or another color and it looks bad.

 

Actually, I am using it with black color. The previous screenshot was just an example. To me, it seems better, ok, maybe not the scroll bar part.
If this is something that you can't overlook and really hurt your eyes, then you can use version 5.0.2.0.

 

Hmm, I re-re-read the user manual and your related post(s). The HotKey toggle Secure Rules suggested to me that I'd need to frequently toggle Secure Rules.

Jeez, something I said?

 

Not intended to upset you Indeed, if you use on a daily basis Windows Store and want to keep Secure Rules enabled, you will have to toggle it pretty often

 

--@alexandrud: a small answer -confirmation- please?
----->And what about all these ALLOWED IN connections? Where do they come from?? Who is constantly communicating with svchost.exe ?
http://zupimages.net/viewer.php?id=18/10/exip.jpg

 

For the first part, I don't know the answer since I do not know what features are enabled on your modem/router.
For the new question, to your new screenshot, the source of these connections is your modem/router (192.168.1.1) and the destination is your PC. The traffic is made on port 1900, UDP protocol. Network Discovery uses this port. Your modem/router tries to discover the devices from your network, nothing to worry about.

 

Thks Alexandrud!

 

Where is the User Manual? I have looked everywhere.

 

To launch the user manual, press F1 in any WFC window (ctrl + F1).
https://www.binisoft.org/faq2
&
Open up Main Panel from WFC taskbar Icon and click Icon far right top.

 

TYVM

 

I allowed Svchost outgoing access on port 1900 to the LocalSubnet but I still see in the connections log where it is blocked using IPV6. Does LocalSubnet not count for IPV6?

The address in the connection log is the local network, not public. Also I disabled IPV6 by unchecking it in TCP/IP and using powershell. I don't even understand how it can be blocked if it is disabled.

EDIT: Also I see this in my logs-

 

Running great, no more random "Secure boot" problems, "Internet-off" solves that.

 

For the first question, post a screenshot of these blocked connections. So, you have disabled IPv6 on your network adapter and you still see IPv6 connections?
For the seconds questions, see here my answer.

 

I have it disabled, with picture showing it and here are logs from just now:

 

To Eliot
If you do not have a local network and a network printer on your computer, disable it:

 

Thanks, done.

 

The IPV6 seems to have stopped showing in the logs for now. Only other thing in logs is stuff I have blocked. I would use IPV6 but this POS Comcast modem is the worst. It fails to give out the gateway half the time and others it won't even send out DHCP addresses. I plugged in an old router to test it and I waited 45 min, it never got an IPV6 from modem. So disabled it is.