Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    895
    Location:
    Lunar module
    Yes, WFC can do this. To do this, you need to specify the IP address or range of IP addresses for www.example.com in the blocking rule for your program.
    WFC and Windows Firewall can not work with domain names (host names), they work only with IP.
     
  2. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,271
    Location:
    Viena
    Since malwarebytes now bought the developer of WFC and the app is not longer being actively developed, how about making it open source and Lett the community continue with the project?
     
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
  4. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Good to hear, for the record I'm trying to block Blizzards hot garbage client from constantly downloads new ads, and other streamed advertisement while in the background but not to gimp the rest of my system (like Firefox browser) from having images blocked that would happen if I used a host file to apply this System wide.

    https://www.reddit.com/r/heroesofth...d_update_agent_what_the_hell_are_you/e0mqun3/

    I tried the host file out and it works great, but I'd like to just apply this to Blizzards client ("Agent.exe") instead with a WFC rule.

    So what's the best way to find the IP or IP range for "bnetcmsus-a.akamaihd.net" and what would my WFC rule panel look like? And what fields do I need to modify?
     
  5. cyb0rg

    cyb0rg Registered Member

    Joined:
    Mar 28, 2018
    Posts:
    1
    Location:
    USA
    I don't know if it's the best way, but here is one way until you find a better one.

    1. Start -> cmd
    2. nslookup bnetcmsus-a.akamaihd.net
    3. Returns: Address: 174.140.87.19
    4. Enter 174.140.87.19 at http://whois.arin.net/ui/ (at the top right of the page)
    5. Result: Net Range 174.140.64.0 - 174.140.95.255
    6. Of course, be cautious when blocking ranges.

    I believe some of this (perhaps all?) can be done within WFC, but I haven't had to do anything like that for so long I don't recall.
    This is one method, anyway.
     
  6. buffering

    buffering Registered Member

    Joined:
    Jan 16, 2015
    Posts:
    7
    WhosIP: Get IP address information from command-line
    FWIW, IP rules is not worth the effort because sooner or later it will be obsolete, because of how CDN and edge servers work.
     
  7. Mannillo

    Mannillo Registered Member

    Joined:
    Jun 19, 2017
    Posts:
    11
    Location:
    UK
    Hello, I am having an issue with WFC where I can only set no filtering or medium filtering, I can't set high filtering or low filtering. If I set it via profiles in the task bar then nothing changes. If I set it via the main panel I can select the relevant option but nothing changes. I'm running the latest version with windows 10. Any ideas? thanks
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,127
    Location:
    Romania
    Do you have Secure Profile enabled ? If the answer is yes, then try without it enabled. Also, check if Windows Defender does not detect WFC as a false positive (or another security software) because this may prevent WFC from changing Windows Firewall settings.
     
  9. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    Im running into an issue where if I enable the Medium Filtering profile applications are blocked and I do not get a pop up asking me to allow. I have notifications set to display them. I have found that if I open the application in low filtering mode and then switch to Medium filtering mode I get the prompts I should have gotten before. Any fix?
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,127
    Location:
    Romania
    Check my answer from here https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-151#post-2731955
    What operating system, what other security products do you use ? With your workaround, how long does it work ? When you have to switch again the profiles to see the notifications ?
     
  11. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    I use Windows 10 Pro. Only other security software is Sophos home premium. No proxys are used.

    When I switch the only prompts that show are the active ones. As soon as all the active prompts are handled then I dont get any more alerts.

     
  12. peter_brown_usa

    peter_brown_usa Registered Member

    Joined:
    Aug 20, 2014
    Posts:
    24
    Whitedragon551 check your registered status in the control panel, a couple of times in the past I have noticed that may show not activated. When this happens I could not get any notifications. I use re-entered the license number from the BiniSoft users account page and then notifications are back.
     
  13. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    Im showing registered on v5.3.1.0
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,127
    Location:
    Romania
    Please go to Event Viewer (execute eventvwr.msc). Under Applications and Service logs category, there is a subcategory named WFC. There are logged all errors from Windows Firewall Control. If you see errors logged here, from the right panel, use the button named Save all events as... to export an .evtx file and send it to me to check it.

    Also in Event Viewer, under Windows Logs category, there is a subcategory named Application. Here are logged all errors from all programs. Check in this log if there are error entries regarding the files wfc.exe or wfcs.exe. If so, export an .evtx file of this log too and send it to us to check it. We can find here a .NET Framework problem that is causing the problem.

    Send the logs to support@binisoft.org
     
  15. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    136
    The WFC recommended rules seem to contain a few duplicates, can these be safely removed?

    Duplicates.png
     
  16. Joyomojo

    Joyomojo Registered Member

    Joined:
    Jun 22, 2018
    Posts:
    1
    Location:
    bla
    Got a problem after i did the latest Win10 update.
    Allow rules for executables that are not on my main system drive are not used correctly after a reboot. The rule is recognized in the way that i do not get any notification but the program is still being blocked. Disabling and enabling the rule fixes it until i reboot my PC.

    All my drives are encrypted with Veracrypt and mounted when Windows starts.
    Secure boot/rules and profile is turned off.

    Maybe the bug is related to this?
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,127
    Location:
    Romania
    Yes, they can be removed. They are there because you can erase all the existing default rules and use only the recommended WFC rules as a minimal set of rules. These rules however must be there for basic network functionality.
     
  18. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Have you had a chance to take a look at this bug yet alex? https://i.imgur.com/M04oI8e.png

    I still get this everyday and it makes reading the Connection log impossible unless you clear it first, but then whats the point in reading the log if you clear it.
     
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,127
    Location:
    Romania
    Unfortunately I did not have time. I will try to check this next week. I just started the work in the new office and I had a lot of other things to solve in my first week at Malwarebytes.
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,817
    Location:
    U.S.A. (South)
    Congratulations on the new position with Malwarebytes.
    Didn't catch the announcement when it was first posted but all the best on a good run there.
     
  21. gb62

    gb62 Registered Member

    Joined:
    Jun 24, 2018
    Posts:
    5
    Location:
    valid
    Hi, unfortunately I have the same problem here with Win10 1803.
    No entries are displayed in Connections Log when hitting Refresh button, CTRL+R or F5.

    WFC Error event is generated in Event Viewer

    Reading Security log failed.
    Exception: System.ArgumentException: Index 277 is out of bounds. at System.Diagnostics.EventLogInternal.GetEntryAt(Int32 index) at WindowsFirewallControl.Proxy.ProxyServer.GetLogConnections(Int32 logEntries, Int32 direction, Int32 eventId)


    Clear Log helps and starts displaying entries until you reboot. When you reboot it stops working again, although securtiy entries still exist in Securtiy Event Log.
    I suspect there is some new incompatible entry (unexpected format) for WFC which it can't read and throws above exception which is probably related to shutdown or startup of windows.
     
  22. gb62

    gb62 Registered Member

    Joined:
    Jun 24, 2018
    Posts:
    5
    Location:
    valid
    Actually this looks like it's Windows 10 bug itself. This is what I get when running "Get-EventLog Security" in Powershell.

    Some entries are displayed, however at the end entries displayed in Event Viewer are missing

    PHP:
    Get-EventLog Log "Security" could not be read to completion due to the following errorThis may have occurred because the log was cleared while still being readIndex 118 is out of bounds.
    At line:1 char:1
    Get-EventLog Security
    + ~~~~~~~~~~~~~~~~~~~~~
        + 
    CategoryInfo          ReadError: :)) [Get-EventLog], ArgumentException
        
    FullyQualifiedErrorId LogReadError,Microsoft.PowerShell.Commands.GetEventLogCommand

    It's not related WFC, it happens even when WFC is not installed. After every reboot you just won't get complete Security event log with Get-EventLog command.
    The only way I am able to get all event logs from Security is in Event Viewer :(
     
  23. gb62

    gb62 Registered Member

    Joined:
    Jun 24, 2018
    Posts:
    5
    Location:
    valid
    "Get-WinEvent -LogName Security" in Powershell however display all Security events, so maybe use this method as a workaround on 1803?
     
  24. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Why am I not surprised that it's a Windows 10 issue...
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,127
    Location:
    Romania
    I still can't reproduce this on my machines. I also use Windows 10 build 1803. I don't know yet what is different on your side and why it gives the error. I am still investigating.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.