Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Mannillo

    Mannillo Registered Member

    Joined:
    Jun 19, 2017
    Posts:
    10
    Location:
    UK
    Hi,

    I'm having an issue with WFC I'm wondering if anyone could help. Since updating to the latest version (5.4.0.0) I can't view my connections log in the rules panel. I refresh the list and get "please wait" for ages and nothing loads. Any ideas how I could get my connections log back? Thanks
     
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,080
    Location:
    .
    ~ did you review User manual > Troubleshooting > Connections Log entries are missing
     
    Last edited: Aug 25, 2018
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,588
    Location:
    Estonia
    Also, try to uncheck and check again these check boxes, just in case a Windows Update disabled the auditing of the required events of Windows Firewall.
    upload_2018-8-26_0-5-5.png
     
  4. Mannillo

    Mannillo Registered Member

    Joined:
    Jun 19, 2017
    Posts:
    10
    Location:
    UK
    hello, thanks for your responses. Sorry but I don't know where the user manual is, could you point me to it. Alexandrud I tried unchecking and checking the boxes but it didn't work. Is there some way to troubleshoot / restore the connections log manually e.g. directly in windows firewall? I could maybe do it there if you take me through the steps. Or any other ideas welcome. Thanks
     
  5. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,080
    Location:
    .
    User manual.png 3674.png
     
    Last edited: Aug 28, 2018
  6. PrinceYann

    PrinceYann Registered Member

    Joined:
    Nov 29, 2015
    Posts:
    34
    After using PingPlotter for a while, wfcs.exe (5.3.1.0) started to be very busy and did not idle even after I stopped PingPlotter. Only a restart of the service resolved the high usage of CPU issue.

    Any idea why this happened?
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,959
    Location:
    U.S.A. (South)
    Thanks for that tip. And it is a very familiar annoyance sometimes and not just WFC. Certain Windows functions that I regularly use can sometimes, not often, but disengage due to any number of reasons and a simple disconnect and reconnect like that in Device Manager to a Service will clear it right up.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,161
    Location:
    Among the gum trees
  9. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    661
    Location:
    Italy
    Let's see and wait... MB bought AdwCleaner and kept it free. They integrated MBAE into MBAM, but they also kept a perpetual beta as free standalone SW... I hope they will do the same with WFC, otherwise I'll move to either Sphinx-soft W10FC or Simplewall.

    WFC is better because it works with WF (the rules you see in WFC are the same rules you see in WF), so WFC can work as an anti-tampering by blocking or disabling rules added by other SWs.
    W10FC and Simplewall work a bit differently: they create their own rules by using WFP, but these rules are disjoined from WF rules.

    Sphinx-soft made a very clear statement about rules precedences:
    • to block a connection you just need a blocking rule in either WF or WFP
    • to allow a connection you need an allow rule on both WF and WFP
    So, you need to set WF to allow any outgoing request and use W10FC/Simplewall to block what you wanna block. Even if an app adds an allow rule in WF, you can block that app by W10FC/Simplewall popup (thus creating a block rule)
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,588
    Location:
    Estonia
    No idea. Probably a large amount of logged events was causing high load on WFC service, especially when the notifications system is used.
     
  11. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    129
    This didn't happen in previous versions. Since 5.4.0.0 it happens all the time.

    https://gfycat.com/PoshFlawedIberianchiffchaff

    Same behavior when opening it from system tray icon (first run).
     
  12. Mannillo

    Mannillo Registered Member

    Joined:
    Jun 19, 2017
    Posts:
    10
    Location:
    UK
    re can't access connections log in wfc: thanks for showing my how to access the user manual bjm. I haven't solved the problem but I'm closer. I looked in event viewer and found I had much fewer administrative logs and 0 security logs. I looked in properties and found security log is disabled with no file path for it. If I don't have any security logs in events viewer they won't show up in wfc. I then opened event viewer as administrative user and all the logs and file paths were there. For while now I've had an administrative account for elevation and a standard user account for normal use, as advised on all the sites for security reasons. So it seems my standard account without elevation has less logs and no security logs in event viewer, so I need to give it access to all the logs so wfc can view them too. This problem only cropped up since I updated to 5.4.0.0 so I don't know whats changed. Any ideas?
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,588
    Location:
    Estonia
    What did not happen in the previous versions ? The loading bar is set to indeterminate, it does not reflect the actual loading. In version 5.4.0.0. the query for loading the Event Log entries is different to avoid a bug in Windows 10 where Connections Log would return nothing because an invalid entry was encountered. The way WFC loads the entries is a little bit changed.
    You don't have to change anything for standard user accounts. The entries are loaded by WFC service which runs under Local System account anyway and has all the required privileges. If you log in as an administrator, do you see entries in the Security event log ? Events with IDs 5157, 5156, etc ? Please check the WFC event log to see if there is logged any error related to this (Troubleshooting section of the user manual).
     
  14. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    794
    H @ Wilders

    I have just started using WFC (Win 10 x 64) so I am not very knowledgeable about firewalls in general and specifically WFC

    In the attached image it shows the result of an alert (which I blocked) relating to NT Kernel & system.

    Can someone explain what NT Kernel & System is doing making outbound contact and why?

    Is it legitimate and should I allow it?

    Thank you for your help. Terry
    WFC30082018.JPG
     
  15. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    165
    Location:
    Canada
    It's legitimate, and you should block it.

    It's doing "M$" stuff.
     
  16. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    794
    Hi @ Special

    Thanks for your input. It's appreciated.

    Terry
     
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,080
    Location:
    .
    Last edited: Aug 30, 2018
  18. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    31
    Location:
    Canada
    Is there a way to group firewall rules per applications?
    Now I have rules about the same application scattered all over the place, difficult to follow /manage.
     
  19. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    661
    Location:
    Italy
    You can sort the rules by path. Just click on the column title
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,588
    Location:
    Estonia
    Once you sort them, you might want to merge multiple rules where it may be possible to have less rules.
     
  21. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    239
    Location:
    Germany
    No way to keep this order.
     
  22. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,375
    Location:
    USA
    Svchost Question: I have turned off the Time Service, Windows Update and Background Intelligent Transfer Service yet I can still can not access web with svchost blocked. I am thinking this is due to WFC needing Windows Firewall. Is there a way run WFC with svchost blocked?
     
    Last edited: Sep 2, 2018
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,588
    Location:
    Estonia
    Once you have all your rules in order, export a partial policy file which will contain your rules in XML format. You can also edit this file and then reimport it. Now your rules will be in the order they are in the XML file. But, I wouldn't bother with this kind of stuff.
    This has nothing to do with WFC. You need svchost.exe for basic networking purposes. If you block svchost.exe, then you will have connectivity issues. Check the WFC recommended rules. There are a few svchost.exe rules which are mandatory to be able to access the Internet. This is Windows stuff, not WFC stuff.
     
  24. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,375
    Location:
    USA
    @alexandrud....OK thanks. I was thinking that I could block it with the old Outpost and still get online. Maybe not. Also I have blocked it with WFC not so long ago and I was able to surf for awhile. Then I wasn't.
     
  25. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    239
    Location:
    Germany
    To access the Internet, you must have an enabling rule for svchost (DNS, remote port 53), or instead, individual enabling DNS rules for each program that goes to the Internet (browser, e-mail client).
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.