Windows Firewall Control (WFC) by BiniSoft.org

+ 1 on one machine running Windows Defender, WFC, MB and HMP.A.

 

MB has made clear WFC shall remain free in the short term plus with the acquisition of Binisoft, MB will provide an all in one solution well beyond having to manage a Firewall through Group Policy Objects or other Microsoft technologies.

“We’ve seen tremendous demand from our customer base for these capabilities,” said Marcin Kleczynski, CEO, Malwarebytes.

https://press.malwarebytes.com/2018...xpand-security-offering-and-global-footprint/

I highlighted the most important parts from the press release. WFC capabilities will be incorporated into this all in one solution. Thus i don't expect the continuation of a standalone WFC in the long run. As for AdwCleaner still available as standalone here's what MB says:

For the near term, AdwCleaner will retain its current name, supplemented by Malwarebytes branding. Malwarebytes is committed to maintaining the mission of the AdwCleaner product and its features. Malwarebytes will also integrate many of the proprietary techniques and detections into their flagship products.

So there we have it, the future of these products remain questionable. Many are skeptical whether allowing telemetry will influence the existence of future WFC releases available to us. I guess time will tell.

 

Timely and right thought, let's all support it. If alexandrud realizes this, it will dispel all doubts, and we will all allow telemetry.
We believe in the honest name of alexandrud, but the scope around it will be squeezed by the employer.

 

stop dreaming people, will never happen. As i see it, they don't care of "old" users opinion who are mostly security geeks in security forums, which is a niche market.
If they don't see enough potential "paid" users for the standalone version, they will abandon it and just integrate it in MBAM as they planned.
Companies value only one thing, incomes to finance development, no company will keep developing a product unable to finances itself.

 

Remove duplicate rules. Create a strict allow rule for the svchost.exe only for DNS, Time Service, WU (if necessary). Add svchost.exe in notifications exceptions.

 

Be that as it may, doing sc.exe stop _wfcs resulted in:
C:\>sc.exe stop _wfcs
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

Whereas sc.exe stop wfcs worked.

Anyway, it's now moot as the problem was MBAM's (v2 in my case) Self Protection being enabled as mentioned by OrangeDoorHinge.

 

I'm also against telemetry but I agree with your comments. I wouldn't worry too much about certain negative comments.

No way, it's way too complex for me.

Yes exactly, for example Avast admits it's collecting browser history.

 

Agreed, and I hope alexandrud knows almost all WFC users still remain very thankful.

That's exactly the kind of telemetry that is unacceptable for me (at least they admit it, I'm guessing others not so clearly), and that is why it's not a black and white issue. One needs to know in detail what is going on. You can't condemn or applaud all telemetry in general (well you can, but it'd be immature at best).

 

Sorry for yet another post and perhaps I've already asked this: please consider adding an option to not add the "U -" prefix for auto-disabled rules. When I re-enable them I always re-rename to keep them tidy (a bit excessive, I know) and the white colour is enough -for me anyway- to mark the disabled ones.

A cool alternative would be for the "U -" to auto-disappear only when the user manually re-enables the rule.

 

Noted.

 

Thanks for the advice - are you saying that Learning mode should behave like this?

 

I think yes. Here I do not use the Learning mode, but from the experience of working with Outpost this is the way the Learning mode behaves.
Try to work in the Medium Filtering, and if something does not work out, look in the Сonneсtions log and create a rule.

 

AT THIS TIME! "The following data is sent once a day to Malwarebytes: program version, os version, os architecture (x64, x86)"..Remember folks this is Malwarebytes and they will undoubtedly change and increase the telemetry as WFC gains popularity via their sales publicity...Seems they may be looking at any part of the market that is unaware of WFC atm.

 

Need to add that WFC is more important to me than any other security application...Just don't see anything that can better it in the firewall products now availible.

 

Please remove this link and further quotes as the archive contains more than just the installer.

Regarding Telemetry:

Any data that can be potentially used to identify a user must be collected via Opt-In according to the European GDPR. Malwarebytes uses Opt-Out (if any) which is only possible under American law. Such a case may be presented to a Europan data protection agency. The fines range between 1-4% of a companies yearly (!) turnover. As a company, I wouldn't risk that and revert to Opt-In telemetry as soon as possible...

 

Thanks alexandrud. Minor issue: in the notification prompt there's the option to create an inbound/outbound customized rule. If selected, both rules are correctly created but the description for both ends with "(TCP-Out)".

Another minor issue, also occurred in the previous version(s). Sometimes it's difficult to delete multiple invalid rules at once (not sure about valid ones). They are just not deleted (or only one at a time is deleted) and I have to try a few times. Some times though it works.

And a question/request: I think the default rule sorting method is based on the rule creation date? A cool feature would be the ability to "move" rules up/down so we can bring related rules close to one another. An alternative though already exists with the Groups.

 

Yes, creation date. Earlier, alexandrud already answered this question.

This is a very desirable function. Earlier, alexandrud said that the Windows brandmauer can not do this. Maybe now he will have new thoughts.

 

I agree. There is a checkbox for auto-updates, but there is no checkbox for telemetry. Currently, if I were to block wfc.exe in order to block telemetry, then I would block auto-updates.

I would keep telemetry ON for now anyway, after what the dev wrote. However, I might want to disable telemetry in the future, and keep auto-updates ON, so there should be two checkboxes.

 

I agree.

Microsoft released "Windows Diagnostic Data Viewer" to be more transparent about what's included in telemetry. I know they did that after three years since Win 10 release and some pressure from Data Protection Authorities in some countries and public opinion, but they done that after all.

 

I wasn't using Learning mode either before 5.4.0.0, but I thought it might be helpful in automatically creating outbound rules for signed applications. The way it seems to work, creating duplicates by the hundreds, is not helpful at all, so either I'm using it wrong or there's a bug in the implementation.

 

<Edit>It seems I had a public network, created by Docker, defined. So the notifications still showing were for that.</Edit>

Could someone tell me how to specify a valid allow rule for UDP multicast? I've been trying to make a rule to allow network discovery (the ssdpsrv service) which does a multicast to 239.255.255.250 on port 1900 (there were also already created rules for this), but I still keep getting notification popups about traffic being blocked. As can be seen in this screencap, the rules that are enabled for this service _should_ apply, but for some reason it seems they don't. Does anyone have a clue why these rules aren't working?

 

You might have to enable the third rule from the top, the one that addresses Location "All". That is if you are using a "Public" network location.

 

This does not coincide with the general line of Malwarebytes, but a similar solution could eliminate the contradictions that have arisen

 

Information for consideration. After the user complaints, the CCleaner removed v5.45, which added an unswitched data collection function, and returned to v5.44, in which the data collection function can be disabled.
forum.piriform.com/topic/52360-changes-in-v545-and-your-feedback/?page=2&tab=comments#comment-298509

 

The CCleaner analogy is unfair to alexandrud, that's a very different -and nastier- case. I'd concentrate on WFC and let go the telemetry discussion, everything has been already explained and discussed about 5.4.0.0.