Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    560
    Location:
    Far East
    Hi

    Yes, I have selected Windscribe VPN and ProtonVPN to allow in Medium Filtering but they cannot connect out
     
  2. keeka

    keeka Registered Member

    Joined:
    Dec 13, 2018
    Posts:
    3
    Location:
    UK
    That's interesting. So, disabling dnscache would cause each application to resolve hosts directly and require its own outgoing/UDP/53 permission?
    What determines whether a service/process MS or otherwise can reach the network via svchost?
     
  3. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
    Yes.
    This requires deep knowledge, which I do not have enough.
     
  4. Mannillo

    Mannillo Registered Member

    Joined:
    Jun 19, 2017
    Posts:
    11
    Location:
    UK
    Hi, sorry to harp on about the same thing but haven't got a response yet, see below post from Dec 3, any ideas please thanks. Thing is I can't update 5.3.1.0 to 5.4.0.0 until this is solved else I can't see the connections log. Best would maybe be an update where this never happens which I would then update to?

    About the issue where the Connections Log doesn't show up in 5.4.0.0, I think this is because due the changes in Windows Firewall Control at some point instead of simply update users have to uninstall the program and reinstall from scratch. In running the executable users then get the three options down the bottom of the window, "create shortcut and desktop icons", I can't remember what the second one is, but the last one is "stop logging windows connections". So anyway you tick or untick as you wish, but the problem with 5.4.0.0 is, MILLISECONDS before the program installs, you see that window for just a moment and everything is still ticked... so regardless of what you want to do installation of 5.4.0.0 chooses to stop logging windows connections, then once it's installed you can no longer view the connections log, and can't get it back either for some reason. I rolled back to 5.3.1.0 which still has the connections log, so until an update comes out that solves that problem I'll stick with this as I don't think my security is compromised too much by using an earlier version.
     
  5. Skinny

    Skinny Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    4
    Location:
    Melbourne, Australia
    Mannillo
    Why would your security be compromised because of WFC not showing the connection logs ??.
    WFC is not a Firewall,
    It is a front end for the Windows Firewall.
    Try reading a few pages back and you will see how to manage the connection logs issue.
     
  6. e_davydova

    e_davydova Registered Member

    Joined:
    Dec 15, 2018
    Posts:
    2
    Location:
    Ukraine
    Good morning everyone :)
    alexandrud could you please add a command line parameter to launch WFC with specified filtering levels?
    This app I'm trying to tame generates random paths on every update. I think I could automate the proccess but I really need low filtering at the beginning.
     
  7. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
    It does not help?
    Medium Filtering
    netsh.exe advfirewall set allprofiles state on
    netsh.exe advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound
    Low Filtering
    netsh.exe advfirewall set allprofiles state on
    netsh.exe advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound
    No Filtering
    netsh.exe advfirewall set allprofiles state off
     
  8. e_davydova

    e_davydova Registered Member

    Joined:
    Dec 15, 2018
    Posts:
    2
    Location:
    Ukraine
    That would definitely work, thank you! Is it what WFC does when you switch filtering levels in the tray?
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,736
    Location:
    Estonia
    You can lock down the best you can by disabling/removing all default firewall rules and start with WFC recommended rules. On top of those rules, add rules for your browser and other programs.
    Only Microsoft services can use svchost.exe to make connections to the network/Internet. Other Windows services are on their own.
    If you could not figure it out from COnnections Log, what else should be allowed, try to send an email to your VPN provider and ask them "which firewall rules are required for their software to work properly when outbound filtering is enabled in Windows Firewall?". They must know this info.
    You should not make assumptions about that flashing window where you see those check boxes checked. When you install WFC it restarts itself with some parameters which will be used, not what you see there. There is no problem with Connections Log in version 5.4.0.0. There is a reported problem for Connections Log being empty after receiving Windows 10 v1809 through Windows Update, but I already provided a solution for it. Try to set manually auditing settings for Windows Firewall. Please execute this in an elevated CMD window:
    auditpol.exe /set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /success:enable /failure:enable
    The same command is executed by WFC installer and also by unchecking/checking those
    Not really, but the result is the same. You can use these too.
     
  10. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
    @alexandrud
    We have an old problem, still no solution? Notification exception will help here?
     
    Last edited: Dec 18, 2018
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,736
    Location:
    Estonia
    No solution yet. The firewall rules are applied per path basis, so it works as expected: new location, new rule required. A workaround for this was planned this spring but implementing new features in the standalone WFC is not a priority of the new owner. A notification exception can help with unwanted notifications, but it won't help with the allow of the connections.
     
  12. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
    @alexandrud
    When I set for svchost only one outbound allowed rule UDP DNS remote port 53 (for DNS-client Service only), other services, encapsulated in the svchost (BITS, CryptSvc, DusmSvc, DsmSvc, CDPUserSvc_xxxxx, NlaSvc, SSDPSRV, StorSvc etc), will not be able to recursively access the Internet, and individual blocked rules for them would be superfluous?
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,736
    Location:
    Estonia
    Those individual block rules are not required if you use Medium Filtering profile. You may create them for the scenarios when you are forced to use Low Filtering mode. But I wouldn't bother. If you are concerned about Microsoft telemetry and stuff, downgrade to Windows 7 or switch to a Linux distribution. Windows 10 is not about you, is about selling you more and more subscriptions, for anything.

    Microsoft is anyway very aggressive these days in pushing their services on our machines, so I doubt this will increase your privacy at all. Recently, my wife connected in Edge on her Outlook account. After next restart, I was logged in with her Microsoft account, even if I had only an offline account created on my laptop. I removed that online account and switched back to an offline account and now I can't get rid of this stupid notification which appears every time I log in on my laptop. Whatever I do, I can't get rid of it.

    upload_2018-12-27_20-50-32.png
     
    Last edited: Dec 27, 2018
  14. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
    Yes, I use Medium Filtering profile.
    Agree. While we resist. Thank!
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,736
    Location:
    Estonia
    Windows Firewall Control v.5.4.1.0

    Change log:

    - Fixed: After some Windows updates, the Connections Log may remain empty and the notifications might not be displayed anymore. The auditing settings will now be reapplied on each WFC startup to ensure the functionality.
    - Fixed: Search term is removed in Connections Log when the Refresh list is done.

    Download location:
    https://www.binisoft.org/download/wfc5setup.exe
    SHA1: 67c37701109c7c56270c212b2e3cf5e826472145
    SHA256: 8dd146f054d1667187d11d242e51877b480d69061695991573940bde7f2d6285

    As promised, critical bugs will be fixed. WFC is not dead.

    Happy New Year!
    Alexandru

    Note: This version can update version 5.4.0.0. To update older versions, you must first uninstall that version and install this one.
     
  16. Grumlo

    Grumlo Registered Member

    Joined:
    Nov 14, 2015
    Posts:
    174
    Thanks :)
     
  17. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    111
    Great news and update - thanks alexandrud and a Happy New Year to you, too!
     
  18. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    184
    Location:
    Canada
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,736
    Location:
    Estonia
    Yes, that workaround is now done automatically by WFC.
    For the other thing, you will probably not see anything because my work at Malwarebytes has nothing to do with their home products or with WFC as a stand alone application, but more with their business cloud products.
     
  20. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    135
    Is there a way to disable the logging on Event Viewer?
     
  21. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
    In Windows disable logging for this %SystemRoot%\System32\Winevt\Logs\Security.evtx
    See recommendations on the Internet.
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,736
    Location:
    Estonia
    Which logging ? The logging of connections that you see in Connections Log (Windows Logs\Security) or the WFC logging (Applications and Services Logs\WFC) ? Or the logging in general ? Why would you want to do this ?
     
  23. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    451
    Location:
    US
    Thanks, Alex.

    Happy New Year, to everyone at Wilder"s.

    Where did 2018 go?:( Blink an eye, 2019 is over!

    Robert
     
  24. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    135
    Not the Connections Log, i mean from WFC & wfcs sources in event viewer.

    Untitled.png

    I was just curious if this was possible while still retain the connections log or if they're attached to each other
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,736
    Location:
    Estonia
    Unfortunately, the logging in WFC is not configurable or optional. If you remove the WFC log category (through elevated CMD window), WFC will display message boxes on each logging attempt complaining that the WFC event log category is missing. WFC log has maximum 1MB on disk. Connections Log is not related to this log, but to the Security log.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.