Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    Secure Rules will disable or delete only newly added rules. Modification of rules (enable/disable) are not detected by Secure Rules. In the old implementation of Secure Rules, from version 5.3.1.0., Secure Rules was preventing also the operating system to touch the firewall rules, but it created more problems (freezing Start Menu, broken Windows Store installations, etc) on Windows 10 than it resolved. The solution is to remove these rules entirely, not only disable them. Then Microsoft will not be able to re-enable them because they will be missing. If you don't want to remove these rules, change their group to another one. The operating system usually enable/disable rules by their group name, not individually. So, if the group is not found, then they won't be enabled.
     
  2. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    71
    Windows firewall control is no longer detecting new application connections. I blv this started after running 360 Degree Total Security, which offered to disable "Windows Platform Filtering" service as a default in the system scan results. After which, apparently windows firewall was letting things through that were explicitly blocked. Then I ran Auditpol /set /category:”System” /SubCategory:”Filtering Platform Connection” /success:enable /failure:enable
    That apparently fixed the problem with the firewall not working; or something happened, even the same software was being blocked and allowed at the same time for a while, some connections allowed some not, even though it was set to block entirely. but it still lets through any and all programs that are not pre-defined with a firewall rule & does not detect any new programs, all new is allowed. Any idea how to fix this? This happened before and you helped me over email but old eml has been purged. The last time this happened you said it was because I had changed my group policy settings and it was not compatible with wfc; Everything was working fine until around the time i used 360.

    I am also was for a while seeing "event 201" "Resolving the path of the program has failed." in event viewer.

    tag popping up, notifying, warning, program, popup, notification,
     
    Last edited: Jan 27, 2019
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    :argh: Please check your email. My recommendation is to uninstall and reinstall the latest version of WFC which will reapply all the required settings for proper functioning.
     
  4. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    452
    Location:
    Germany
    See Details tab in Event Viewer, there you will see the name of the program that you deleted or moved, but there is a rule for it.
    For convenience, create shortcuts on the desktop and enter this
    3.png
     
  5. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    220
    Hi Alexandrud,

    Please add the full path to the app in the Notificationa. Make it scrollable side ways so we can see what the path and exe is.
     
  6. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    71
    @alexandrud I uninstalled and reinstalled your app, also reset all rules as you suggested, this never fixed the problem. New applications, and anything with out a rule is not detected nor are they blocked at all. Its green lighted right through without any notifications. What could be causing this?
     
  7. guest

    guest Guest

    what profile are you using?
     
  8. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    71
  9. guest

    guest Guest

    im using WFC this way:

    1- in Windows FW, all profiles are set to block.
    2- in WFC i ticked secure Profile.

    maybe it can help you.

    if im not wrong netsh.exe should be allowed for WFC to run properly.
     
  10. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    71
    I finally appeared to have figured it out; group policy had set outgoing to allow, instead of block. I have no idea why or how this changed but it was a simple fix! I had a lot of group policy settings reverting and changing automatically without my input after upgrading to windows 10... over, and over again. what a gong show this software is.
     
  11. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    430
    Location:
    USA
    You Might consider a clean install of 1809. I did this with a new SSD and the results were just amazing. Preparing with backups and saves is an adventure as is re-installing all of your software, but my prior installation was upgraded from W7 so it was well worth the time.
     
  12. protechtedd

    protechtedd Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    1
    Location:
    USA
    Bug report (?)

    WFC 5.4.1.0

    When I load the Rules Panel and try to modify a rule, I get a .NET error box with this text contents. Also when in the Connections Log Panel, I cannot "Customize and create", nothing happens when I click that. Otherwise WFC seems to be working if I already have a rule created.

    Code:
    See the end of this message for details on invoking
    just-in-time (JIT) debugging instead of this dialog box.
    
    ************** Exception Text **************
    System.NullReferenceException: Object reference not set to an instance of an object.
       at WindowsFirewallControl.Common.ViewManager.OpenProperties(RuleData ruleData, ViewPurpose viewPurpose)
       at WindowsFirewallControl.Common.ViewManager.OpenRulesPanel()
       at System.Windows.Forms.ToolStripItem.RaiseEvent(Object key, EventArgs e)
       at System.Windows.Forms.ToolStripMenuItem.OnClick(EventArgs e)
       at System.Windows.Forms.ToolStripItem.HandleClick(EventArgs e)
       at System.Windows.Forms.ToolStripItem.HandleMouseUp(MouseEventArgs e)
       at System.Windows.Forms.ToolStrip.OnMouseUp(MouseEventArgs mea)
       at System.Windows.Forms.ToolStripDropDown.OnMouseUp(MouseEventArgs mea)
       at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
       at System.Windows.Forms.Control.WndProc(Message& m)
       at System.Windows.Forms.ToolStrip.WndProc(Message& m)
       at System.Windows.Forms.ToolStripDropDown.WndProc(Message& m)
       at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
    
    
    ************** Loaded Assemblies **************
    mscorlib
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
    ----------------------------------------
    wfc
        Assembly Version: 5.4.1.0
        Win32 Version: 5.4.1.0
        CodeBase: file:///C:/Program%20Files/Windows%20Firewall%20Control/wfc.exe
    ----------------------------------------
    PresentationFramework
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/PresentationFramework/v4.0_4.0.0.0__31bf3856ad364e35/PresentationFramework.dll
    ----------------------------------------
    WindowsBase
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/WindowsBase/v4.0_4.0.0.0__31bf3856ad364e35/WindowsBase.dll
    ----------------------------------------
    System.Core
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
    ----------------------------------------
    System
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3314.0 built by: NET472REL1LAST_B
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
    ----------------------------------------
    PresentationCore
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_64/PresentationCore/v4.0_4.0.0.0__31bf3856ad364e35/PresentationCore.dll
    ----------------------------------------
    System.Xaml
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xaml/v4.0_4.0.0.0__b77a5c561934e089/System.Xaml.dll
    ----------------------------------------
    System.Configuration
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
    ----------------------------------------
    System.Xml
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
    ----------------------------------------
    System.ServiceProcess
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.ServiceProcess/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll
    ----------------------------------------
    System.Runtime.Remoting
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Remoting/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
    ----------------------------------------
    System.Windows.Forms
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
    ----------------------------------------
    System.Drawing
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
    ----------------------------------------
    System.ServiceModel
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.ServiceModel/v4.0_4.0.0.0__b77a5c561934e089/System.ServiceModel.dll
    ----------------------------------------
    System.Runtime.Serialization
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Serialization/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Serialization.dll
    ----------------------------------------
    SMDiagnostics
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/SMDiagnostics/v4.0_4.0.0.0__b77a5c561934e089/SMDiagnostics.dll
    ----------------------------------------
    System.ServiceModel.Internals
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.ServiceModel.Internals/v4.0_4.0.0.0__31bf3856ad364e35/System.ServiceModel.Internals.dll
    ----------------------------------------
    System.IdentityModel
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.IdentityModel/v4.0_4.0.0.0__b77a5c561934e089/System.IdentityModel.dll
    ----------------------------------------
    PresentationFramework.Aero2
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/PresentationFramework.Aero2/v4.0_4.0.0.0__31bf3856ad364e35/PresentationFramework.Aero2.dll
    ----------------------------------------
    PresentationFramework-SystemXml
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/PresentationFramework-SystemXml/v4.0_4.0.0.0__b77a5c561934e089/PresentationFramework-SystemXml.dll
    ----------------------------------------
    UIAutomationTypes
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/UIAutomationTypes/v4.0_4.0.0.0__31bf3856ad364e35/UIAutomationTypes.dll
    ----------------------------------------
    PresentationFramework-SystemCore
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/PresentationFramework-SystemCore/v4.0_4.0.0.0__b77a5c561934e089/PresentationFramework-SystemCore.dll
    ----------------------------------------
    UIAutomationProvider
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/UIAutomationProvider/v4.0_4.0.0.0__31bf3856ad364e35/UIAutomationProvider.dll
    ----------------------------------------
    
    ************** JIT Debugging **************
    To enable just-in-time (JIT) debugging, the .config file for this
    application or computer (machine.config) must have the
    jitDebugging value set in the system.windows.forms section.
    The application must also be compiled with debugging
    enabled.
    
    For example:
    
    <configuration>
        <system.windows.forms jitDebugging="true" />
    </configuration>
    
    When JIT debugging is enabled, any unhandled exception
    will be sent to the JIT debugger registered on the computer
    rather than be handled by this dialog box.
    
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    Press F1 in any WFC window to open the user manual and check this topic: User interface > Notification Dialog. The full path is already there as a tool tip.

    Please go to the highlighted Windows Registry key and delete it. Before you delete it, please make a screenshot of the value of it and post it back here.

    upload_2019-1-29_12-29-0.png
     
    Last edited: Jan 29, 2019
  14. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    71
    I've got a big one for all of you, esp @alexandrud. A rule to allow only Windows updates through svchost. I'll bite off my own **** if you can tell me how I can do that.
     
  15. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    452
    Location:
    Germany
    I will save you, do not harm yourself! :argh:
    For the svchost.exe allow outgoing TCP, local IP any, local port any, remote IP any, remote port 80, 443.
     
  16. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    71
    So far it doesn't look like windows firewall actually performs the functions it offers, blocking individual services under the umbrella of the svchost. Microsoft releases windows updates every second Tuesday of each month give or take 24 hours or so. You could create a script that automatically enables svchost out each month, and one for every day for defender updates; (for 5-10 minutes) or do it manually.

    Or, you could for example block everything, enable packet logging, monitor the ip addresses and ports for every windows update server connection, then only allow svchost out for those specific ip addresses, this will narrow it down to only allow windows update. If you use cidr format replacing the last 3 digits with .1/24, you will be able to reach every ips on that subnet if they change over time. After hammering this out enough, should you notice other ip's pop up outside that scope, you will over time know its not windows update. I am not sure how one can detect exactly what program/service is operating under the svchost umbrella other than triggering it manually.

    For Windows Updates, use Group Policy "Delivery Optimization" Download Mode, set to 99, (meaning no P2P or cloud services, just microsofts servers alone; so you don't get 1,000,000,000 different ips)

    Remote addresses: 65.55.163.1/24,13.74.179.1/24,191.232.139.1/24,20.36.222.1/24,20.42.23.1/24,191.232.139.2/24,20.36.218.1/24,95.101.0.1/24,95.101.1.1/24,13.78.168.1/24,93.184.221.1/24,13.83.184.1/24,13.107.4.1/24,13.83.148.1/24
     

    Attached Files:

  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    Good look in monitoring and adjusting those IP ranges. This is just tiresome and does not improve overall security at all. On Windows 7 you could create service based rules for svchost.exe, but not on Windows 10.
     
  18. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    71
    After doing this for a while, the firewall rule changed automatically to this:

    13.74.179.0/255.255.255.0,13.78.168.0/255.255.255.0,13.83.148.0/255.255.255.0,13.83.184.0/255.255.255.0,13.107.4.0/255.255.255.0,20.36.218.0/255.255.255.0,20.36.222.0/255.255.255.0,20.42.23.0/255.255.255.0,65.55.163.0/255.255.255.0,93.184.221.0/255.255.255.0,95.101.0.0/255.255.255.0,95.101.1.0/255.255.255.0,191.232.139.0/255.255.255.0,13.86.124.0/255.255.255.0, why and how is this possible?
     
  19. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    71
    Sad to say, Just updated to windows 10 5 days ago, for the first time. Today my firewall was automatically blocking, and unblocking ALL of my connections over and over and over again, for 5-10 minutes at a time; Then it just randomly stopped on its own. Never had this kind of gaslighting creepy **** happen on windows 7.
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    Windows Firewall API returns this expanded version instead of CIDR notation. It accepts CIDR notation as input but it always returns back the full thing. Nothing strange.
     
  21. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    71
    @alexandrud; good to know its a legit change. looks like windows firewall firebombed on 10, do you know of any third party firewallls that do a better job?
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    I have used Windows Firewall in the past 9 years without any problems. I can't recommend another firewall since Windows Firewall and with WFC together fit my needs. I think you have to play with it a little bit more and allow some time to learn more. There is a good explanation for each action that may seem strange or out of nowhere. Windows Firewall from Windows 10 works just fine.
     
  23. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,598
    Location:
    Canada
    If you use CIDR format for Microsoft IP addresses to restrict svchost.exe, you'd be better off using a corporate network range such as, for example: 13.107.0.0/16, and restrict to remote ports to 80, 443. MS has huge number of update servers, so using a range for a remote subnetwork for only 256 pc's will result in lots of time and effort creating far more rules than is necessary. BTW, I don't think you need to use custom ranges for local IP addresses, as I saw in your earlier screen shot.
     
  24. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    68
    Location:
    Here
    Are you only looking for solutions via WFC?
     
  25. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    85
    Location:
    Belgium
    Hi Alexandrud...
    I have your soft version 5.0.2.0 on Win10 (home) 1709. Do you recommend to install the last version?
    I also have Win 10 (home) 1511. Are your versions compatible with "old" W10 versions?
    Thanks.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.