Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,328
    Location:
    The Netherlands
    I have a general question. I've noticed that the Vivaldi browser is listed in the "Listening Ports" section from the Resource Monitor app, how is this possible? BTW, about the new security tool that you're developing, perhaps you can develop a tool like HandsOff, this is something that I really miss.

    http://www.oneperiodic.com/products/handsoff/
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,735
    Location:
    Estonia
    Does it have an inbound rule ? What was displayed in the Firewall Status column ? It may appear as listening, but in fact, it may be blocked by your firewall.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,328
    Location:
    The Netherlands
    I just saw that in TCPView it's not listed as "listening", not sure what to think. But it's unusual for a browser, that's why I thought it was weird. The firewall status is: Not allowed, not restricted. Vivaldi does not have an inbound rule.

    BTW, about the Hands Off! tool, I was mainly talking about the file/folder protection part. Sandboxie and SpyShelter do offer this, but they don't allow you to exclude sub-folders from being protected. So you can not say, protect all folders from C:\Program Files except a certain one.
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,735
    Location:
    Estonia
    Not allowed, not restricted - I would translate this to: blocked by outbound filtering being enabled, not restricted by not having a block rule.
    Regarding Hands Off, I will take a look at it.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,328
    Location:
    The Netherlands
    OK thanks, I just saw you will get to see the same with Chrome, but not with Firefox.
     
  6. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    405
    Location:
    USA
    sshot-2019-01-12-[07-44-44].jpg
    I installed some new Epson software and am getting continual requests for firewall access in this format, not sure how to deal with this. Any suggestions?
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,735
    Location:
    Estonia
    Windows Firewall displays these notifications when a new software wants to open a port for listening for inbound connections. If you use this Epson device on your home network as a network device, press on "Allow access" to create an allow inbound rule for it. If not, click "Cancel" to create a block inbound rule for it.
     
  8. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    405
    Location:
    USA
    This worked after about 5 reboots trying different things. I finally realized that Secure Rules & Secure Profile might need to be off so I did this and it created the block rules. All is well now.

    Thanks alexandrud.
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,735
    Location:
    Estonia
    Yes, Secure Rules should be disabled or it should contain the group of the newly added rule in the Authorized groups list. I am glad that you sorted it out.
     
  10. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    405
    Location:
    USA
    It's interesting that the two Epson In rules were created under the "WFC" group even though they were requested from this exterior pop-up. No problems, just interesting.
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,735
    Location:
    Estonia
    Not possible. But I think you made the following happened:
    1. You disabled Secure Rules.
    2. Windows Firewall displayed that notification.
    3. You allowed it and two inbound rules were created with no group set.
    4. You enabled Secure Rules which displayed 2 confirmations. The ones below:
    upload_2019-1-14_22-7-31.png
    upload_2019-1-14_22-7-7.png
    5. I think you pressed on Yes in the second confirmation and then your rules were added by WFC in "Windows Firewall Control" group.

    I have no other plausible explanation :)
     
  12. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    405
    Location:
    USA
    You are absolutely right, I just redid the scenario. I remember clicking the first one, that is a usual suspect when enabling Secure Rules, the second one I must have just clicked thinking it was a confirmation dialog. The adding to the WFC group is a new one for me but a most welcome one in these cases. Thank you for clarifying and thank you for this marvelous software.
     
  13. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    380
    Location:
    Germany
    v5.4.0.0 or v5.4.1.0.
    Missing notifications about attempts to access applications on the Internet.
    The applications has no rules. In the log of blocked connections there are records of his attempts to access the Internet, but no notification are shown. My settings
    ScreenShot_43.png
    I switched radio buttons and check-boxes, run command from admin auditpol.exe / set / subcategory: "Filtering Platform Connection", "Filtering Platform Packet Drop" / success: enable / failure: enable , no effect.
    At one time, when I tested PrivateWinTen on the same computer in parallel with the WFC, alerts appeared in the WFC, but now the system rolled back and there are no alerts.
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,735
    Location:
    Estonia
    1. Try with the default Advanced notifications settings. Leave checked the first check box only. See if this helps.
    2. Check the WFC log from Event Log Viewer if it contains any error which may be related.
    3. Open regedit.exe and go to HKCU\Software\BiniSoft.org\Windows Firewall Control and remove the key named PlacementNotification. If the coordinates were not saved properly it may prevent the opening of the Notification dialog.
     
  15. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    380
    Location:
    Germany
    1. Made. This immediately solved the problem, notifications appeared.
    2. Log Windows -> Security does not contain errors, only entries "Audit success" and "Audit failure".
    Applications and Services -> WFC - morning errors System.Threading.Tasks.UnobservedTaskExceptionEventArgs was caught. ID911
    3. Key PlacementNotification is present, I did not delete it.
    Thanks a lot for your help! :thumb:
     
    Last edited: Jan 22, 2019
  16. ouelette

    ouelette Registered Member

    Joined:
    Jan 25, 2019
    Posts:
    1
    Location:
    France
  17. Grumlo

    Grumlo Registered Member

    Joined:
    Nov 14, 2015
    Posts:
    174
    hello, Recently my WFC starts blocking Windows Store and Windows Store Components in my system Windows 10 1809. I try to dosable this and allow rules but still is the same. Can You advice me what is wrong with my config ?
    Regards
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,735
    Location:
    Estonia
    For this one, can you send me the full details of the exception ? ID 911 is logged when something really unexpected happens.
    Off the record: Event ID 909 is logged in version 5.4.x.x (after Malwarebytes acquisition) when WFC can't send telemetry data. Just ignore those entries, they are normal. In my post here I mention the purpose of some new assemblies. Maybe ID 909 will not be logged anymore if these files are removed? Just try it.
    It would have been useful if you have told us more details about your config. I just started Windows Store app on my Windows 10 machine and I received two notifications for the following exe files:
    C:\Program Files\WindowsApps\microsoft.windowsstore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    C:\Windows\System32\wwahost.exe

    After I allowed them everything was fine and I could connect to Windows Store. Do you have similar allow rules?
     
  19. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    380
    Location:
    Germany
    It seems that the reason became known, details: "the file cannot be found. 'Newtonsoft.Json, Version=11.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' in WindowsFirewallControl.Manager.SendUpdates() in System."
    I have three libraries missing.
     
  20. Grumlo

    Grumlo Registered Member

    Joined:
    Nov 14, 2015
    Posts:
    174
    I deleted this log and refresh WFC. I think that it was this first Files\WindowsApps\microsoft.windowsstore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe. but block me for example update OneNote from Windows Store.

    I turn on allow wondows store rules.
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,735
    Location:
    Estonia
    All right, in the next WFC update I will update it to have a clean log if those assemblies are missing.
     
  22. Big Mike

    Big Mike Registered Member

    Joined:
    Apr 18, 2015
    Posts:
    17
    Wouldn't it be possible to handle applications, which are trying to listen on a port also within WFC?

    I mean, the WFC notification gives plenty of information and options to create a useful custom rule. In general, I block the application in the dialog (with poor information), to open my firewall policy and adapt the rule (the default rule blocks/allows all traffic from all sources on all ports in networks with the specific network profile...)
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,735
    Location:
    Estonia
    It would be possible, but will not happen. New features are not planned for WFC in the near future. It is not impossible, but not a priority.
     
  24. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    209
    Hi,

    Binisoft says it can prevent modification to rules - Does it stop MS from enabling rules I disabled ? For example on Win 10 Pro I have disabled Outbound Desktop App Web Viewer, but MS re-enables it. I find MS seems to do it when I do some Windows Updates. I don't think I can trigger MS to re-enable rules, so I can't test if Binisoft does what it says it can do.
     
  25. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    184
    Location:
    Canada
    You'll need to use version 5.3.1.0 for that, "Secure Rules" was removed after that version.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.