Windows Firewall Control (WFC) by BiniSoft.org

It is standard Windows practice, not an exotic request. If you don't like it, delete your own shortcuts or change OS. The option to add Start Menu shortcuts during install is often optional anyway. Telling the user to add them is bad practice and by the way, I never mentioned any desktop shortcuts so you might want to adjust your reading and answering techniques.

 

left click WFC taskbar Icon + = easy

 

Hi Alexandrud,
Three small questions please:
- I know where the rules of Windows Firewall are => in the registry.
But where are the rules of WFC ?
-If I change a rule directly in Windows Firewall, how does WFC react? Does WFC memorize my action?
-µTorrent needs an incoming rule with an advanced setting i.e." authorizing edge traffic". Can WFC manage that?
Thks,
M. (registered and happy owner)

 

Create your own. Stay mad.

 

- Windows Firewall and WFC rules:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
- WFC global settings:
HKLM\SOFTWARE\Classes\CLSID\{WD2827D4-F8E0-B379-I229-D89D12E4642A}
- WFC user settings:
HKCU\Software\BiniSoft.org\Windows Firewall Control

WFC accept and remember these rules, and vice versa: WF<-> WFC.
The necessary condition - mode "Secure Rules" must be OFF in the WFC.

It seems to me that such a rule for μTorrent (uTorrent.exe)
- allow all outgoing connections
- allow TCP incoming to the incoming connections port 012345 (012345 specified in your μTorrent settings)
- allow UDP incoming to the incoming connections port 012345 (012345 specified in your μTorrent settings)
- block all connections on port 10000 (last identified vulnerability).

 

I will think about this.

Was it better in the past when there was no user manual at all? If you are concerned about chm security vulnerabilities, then do not use the user manual, but let's not get paranoid about a simple chm file.

 

Thks.
-So, all the rules Windows + WFC are at the same place in the registry?
-What about an incoming rule with an advanced setting i.e." authorizing edge traffic".
Can WFC manage that?

 

Make it optional then, such as "Do you want to create a shortcut" checkbox during installation.

That user doesn't even release the shortcut does nothing, if WFC starts with the PC then just click the taskbar icon to open it, a shortcut won't magically make it open.

Do I have a choice? You give no other options, web version, PDF, and you say many times in this thread, to read the manual. I only asked because none I know uses them anymore because of the vulnerabilities.

 

You do realise that WFC already creates a Start Menu shortcut automatically, right?

It could very well be optional, as many installers already offer this option. Those that don't, install the shortcuts by default otherwise you'd have to manually browse to Program Files to open programs.

 

Explain to me why you need a shortcut, what's the use case.

 

I suggested a shortcut for the manual (which you still seem to ignore), next to the current program shortcut. I don't "need" it, but I would be able to open the manual faster with a few keyword presses without requiring the main UI or mouse.

Moreover, users who are wondering where this manual might be (and I've seen a few here) would easily find it in a familiar place, the Start Menu. Pressing F1 or the easy to miss top-right icon is not what they would do first, or at all. It might save alexandrud from answering the same questions and again: it's unusually well-written and informative and putting it there can only help getting to know WFC better.

Not related to what I suggested, but you keep complaining the program shortcut is useless. What happens if WFC is closed, or not started during system startup? How would you open it?

 

Thank you Alexandrud,
I don't have TinyWall or GlassWire
I now removed the new version and installed the 5.02
and no problem with 5.02 at all
and intend to stick to 5.02 and never update.

I never have to create inbound rules for connectify with 5.02, whereas I couldn't get any wifi connection with the latest WFC. So Ihave 5.02 and no problem at all
PS: To clarify further:
I use laptop's internet connection not the mobilephone's internet:

I have "Connectify Hotspot" at my laptop, turns my Laptop into a Wi-Fi hotspot, letting my smartphone use the laptop's wifi connection.

So the new version DO fail, and 5.02 WORKS OK

 

And it would be useful to switch the interface language from the WFC itself, and not from the Program files. Then would be in the Program Files at the same time files wfcEN.lng, wfcDE.lng... and there would be no need to delete, rename, copy these files when switching the language, even with a restart WFC.
For example, menu: Change Interface Language->Select->WFC will be restarted to apply the changes, continue?->Yes ... No.
Who uses several interface languages, he will appreciate this proposal.

 

From code is easier to open a chm file direct to the related topic. I can compile a web help instead of chm and post it on the website instead of distributing the chm file in the installer. I will think about this.

It doesn't make any sense. WFC does not filter any connection, what is allowed or what is blocked is done by Windows Firewall itself based on the existing firewall rules. The problems that you were facing have nothing to do with the fact that you updated to version 5.1.0.0. Something else is missing here.

 

No, no, only not instead of, in offline it is sometimes much more convenient to read Manual. It will not be correct to remove the Manual from the distr.

 

Is there a way to white list all processes and only alert you of new ones.

 

To alexandrud
1. Rules Panel: the logic of the "Display - xxx rules" window is very good, when you select "Outbound rules", "Inbound rules", "Filter by enabled", "Filter by disabled"..., the list of displayed rules automatically updates, without clicking "Refresh list" button.
2. Rules Panel: The disadvantage is that the "Search" field is cleared, when I switch the above modes.
It is logical, that this field is not cleared, until the user manually clears it, or after restart WFC, or after reboot the comp.
3. Connections Log: the same field "Search" is cleared when switching display modes.
4. Connections Log: here, unfortunately, the principle described in #1, does not work.

Correcting all the minuses will save the user from the numerous unnecessary clicks of the "Refresh List".

 

Would it be possible to add to an option to allow the "@" rules (or whatever Apps and the Store itself need to work properly) without sacrificing the Secure Rules feature? I'm having problems with the Microsoft Store app -it won't open at all- and I think Secure Rules might be related. Don't know if Secure Profile can also interfere.

While 5.1 is more 'hardened' than 5.0, it also seems a bit less flexible. If I understand correctly, the "@" rules are now completely disallowed with Secure Rules thus rendering the whole Apps environment problematic and buggy.

Not a fan of Apps but I'd still like to be able to use them like before, while keeping Secure Rules enabled.

 

I also remember that W10 was creating and updating the various "@" rules at seemingly random times, and not only when installing/updating apps. So, manually disabling/enabling Secure Rules to make this work is not really possible (not to mention very user-unfriendly).

 

Hello, i agree with AmigaBoy.

The new secure rule feature is great, but it should be more flexible allowing, for example, to create, delete and modify specific rules.

It would be great if we can define a white list of safe programs which are allowed to create, modify and delete rules, but i think that this is not possibile.

To allow some flexibility, i suggest that the program should allow the creation, deletion and modification of rules which have a specific group; the group is defined by the user in the GUI like in the previous implementation of secure rule.

I use a very great program, called Windows IP Ban Service, which ban the IPs that fail too much login attempt, for example via RDP. This program use a self defined windows firewall rule to ban these IP. Unfortunately, with the new strict secure rule it can not create/modify the self created firewall rule, becoming not effective at all.

 

No. This would mean to create a lot of useless rules. Just use Learning mode for a while and WFC will automatically create new rules for digitally signed applications, while it will display notifications only for unsigned applications. After a few days, check your rules, remove unwanted ones and disable the Learning mode.

For 2), I could update the logic by not removing the search term when doing a new refresh. This can be done.
For 3) and 4) there is no automatic refresh because you may want a combination of the filters. If you have the Display combo box set to All connections you may wait several tens of seconds until the data grid is filled up. You will have to wait multiple times if you want to switch the filters. Therefore, the refresh is only manual. I couldn't find a better way.

Not possible. I can confirm that Secure Rules will prevent Windows Store apps from creating firewall rules. The new Secure Rules is not aware when a software tries to add a new firewall rule, therefore WFC can't add a workaround for Windows Store applications. Currently you have two options, use Secure Rules as it is in version 5.1.0.0. or revert back to version 5.0.2.0. I will try to find a solution.

For the previous versions the received feedback was that Secure Rules is very complex and hard to understand. Now, the new version is simpler, but not flexible. Without Secure Rules is not good either. I will see what I can do.

 

I personally love the new version of Secure Rules. Tighter security for my firewall rules. I don't mind things being blocked until I decide to disable Secure Rules to install/update. Steam is one of the worst programs in history for making rules when there are already rules made for it in the WFC group when Secure Rules is off.

I could see how things like windows store and defender could cause issues with it, but I don't use either. Saves me one less program I have to disable, fix, enable. Just the thought of some program making new rules without my knowledge pisses me off. I will go into the logs and see what is talking to who before I allow it.

Like I said, this will cause some kind of issues for others who want to use Secure Rules. I hope you can find a nice medium for WFC that keeps the same security and will work for them as well. The only thing I would ask to change is when a program asks for access, right clicking the thing in the top right copies the whole path and would be much nicer if it copied just the file name. This might not be the same for all users, just a thought.

 

Ok, many thanks. I'll probably revert to 5.0.2.0 for now. Hope you can find a way. I know it's not an ideal situation and most people probably don't use Apps. I still believe it's a bit risky to interfere with the normal functioning of the Store and Apps, since they are part of the OS itself unfortunately.

 

Hi all,

I did a clean installation of Windows 10 on my laptop.
Use: windows 10 enterprise 2016 ltsb.
Then I did the installation and activation "Windows Firewall Control v5.1.0.0"
I set:
Profiles: Medium Filtering
Notification: Display notification
Rules: Outbound
Security: Secure Boot/Secure Rules/Secure Profile

I noticed that the new version of the program did not delete the original rules in the windows firewall.
I deleted all rules except WFC rules... (the same rules I had in the older version of the program)

Then I turned on the internet (All the drivers installed are OK)
But the Windows updates were downloaded but not installed... (about half of the update has been installed)
The next half of the update reported an error and even blocked the entire system... I did two more tests when the system was locked (frozen/BUG)
I did another virtualbox testing and the same result...

As the last test I installed OS + updates (without WFC installation) and everything is in order...

Can some older version of the program be downloaded somewhere?


PS:
I also turned off the firewall over WFC but it did not help, the updates were not installed properly (frozen/BUG)