Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. e_davydova

    e_davydova Registered Member

    Joined:
    Dec 15, 2018
    Posts:
    2
    Location:
    Ukraine
    Good morning everyone :)
    alexandrud could you please add a command line parameter to launch WFC with specified filtering levels?
    This app I'm trying to tame generates random paths on every update. I think I could automate the proccess but I really need low filtering at the beginning.
     
  2. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    319
    Location:
    Germany
    It does not help?
    Medium Filtering
    netsh.exe advfirewall set allprofiles state on
    netsh.exe advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound
    Low Filtering
    netsh.exe advfirewall set allprofiles state on
    netsh.exe advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound
    No Filtering
    netsh.exe advfirewall set allprofiles state off
     
  3. e_davydova

    e_davydova Registered Member

    Joined:
    Dec 15, 2018
    Posts:
    2
    Location:
    Ukraine
    That would definitely work, thank you! Is it what WFC does when you switch filtering levels in the tray?
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,638
    Location:
    Estonia
    You can lock down the best you can by disabling/removing all default firewall rules and start with WFC recommended rules. On top of those rules, add rules for your browser and other programs.
    Only Microsoft services can use svchost.exe to make connections to the network/Internet. Other Windows services are on their own.
    If you could not figure it out from COnnections Log, what else should be allowed, try to send an email to your VPN provider and ask them "which firewall rules are required for their software to work properly when outbound filtering is enabled in Windows Firewall?". They must know this info.
    You should not make assumptions about that flashing window where you see those check boxes checked. When you install WFC it restarts itself with some parameters which will be used, not what you see there. There is no problem with Connections Log in version 5.4.0.0. There is a reported problem for Connections Log being empty after receiving Windows 10 v1809 through Windows Update, but I already provided a solution for it. Try to set manually auditing settings for Windows Firewall. Please execute this in an elevated CMD window:
    auditpol.exe /set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /success:enable /failure:enable
    The same command is executed by WFC installer and also by unchecking/checking those
    Not really, but the result is the same. You can use these too.
     
  5. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    319
    Location:
    Germany
    @alexandrud
    We have an old problem, still no solution? Notification exception will help here?
     
    Last edited: Dec 18, 2018
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,638
    Location:
    Estonia
    No solution yet. The firewall rules are applied per path basis, so it works as expected: new location, new rule required. A workaround for this was planned this spring but implementing new features in the standalone WFC is not a priority of the new owner. A notification exception can help with unwanted notifications, but it won't help with the allow of the connections.
     
  7. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    319
    Location:
    Germany
    @alexandrud
    When I set for svchost only one outbound allowed rule UDP DNS remote port 53 (for DNS-client Service only), other services, encapsulated in the svchost (BITS, CryptSvc, DusmSvc, DsmSvc, CDPUserSvc_xxxxx, NlaSvc, SSDPSRV, StorSvc etc), will not be able to recursively access the Internet, and individual blocked rules for them would be superfluous?
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,638
    Location:
    Estonia
    Those individual block rules are not required if you use Medium Filtering profile. You may create them for the scenarios when you are forced to use Low Filtering mode. But I wouldn't bother. If you are concerned about Microsoft telemetry and stuff, downgrade to Windows 7 or switch to a Linux distribution. Windows 10 is not about you, is about selling you more and more subscriptions, for anything.

    Microsoft is anyway very aggressive these days in pushing their services on our machines, so I doubt this will increase your privacy at all. Recently, my wife connected in Edge on her Outlook account. After next restart, I was logged in with her Microsoft account, even if I had only an offline account created on my laptop. I removed that online account and switched back to an offline account and now I can't get rid of this stupid notification which appears every time I log in on my laptop. Whatever I do, I can't get rid of it.

    upload_2018-12-27_20-50-32.png
     
    Last edited: Dec 27, 2018
  9. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    319
    Location:
    Germany
    Yes, I use Medium Filtering profile.
    Agree. While we resist. Thank!
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,638
    Location:
    Estonia
    Windows Firewall Control v.5.4.1.0

    Change log:

    - Fixed: After some Windows updates, the Connections Log may remain empty and the notifications might not be displayed anymore. The auditing settings will now be reapplied on each WFC startup to ensure the functionality.
    - Fixed: Search term is removed in Connections Log when the Refresh list is done.

    Download location:
    https://www.binisoft.org/download/wfc5setup.exe
    SHA1: 67c37701109c7c56270c212b2e3cf5e826472145
    SHA256: 8dd146f054d1667187d11d242e51877b480d69061695991573940bde7f2d6285

    As promised, critical bugs will be fixed. WFC is not dead.

    Happy New Year!
    Alexandru

    Note: This version can update version 5.4.0.0. To update older versions, you must first uninstall that version and install this one.
     
  11. Grumlo

    Grumlo Registered Member

    Joined:
    Nov 14, 2015
    Posts:
    172
    Thanks :)
     
  12. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    97
    Great news and update - thanks alexandrud and a Happy New Year to you, too!
     
  13. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    170
    Location:
    Canada
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,638
    Location:
    Estonia
    Yes, that workaround is now done automatically by WFC.
    For the other thing, you will probably not see anything because my work at Malwarebytes has nothing to do with their home products or with WFC as a stand alone application, but more with their business cloud products.
     
  15. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    134
    Is there a way to disable the logging on Event Viewer?
     
  16. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    319
    Location:
    Germany
    In Windows disable logging for this %SystemRoot%\System32\Winevt\Logs\Security.evtx
    See recommendations on the Internet.
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,638
    Location:
    Estonia
    Which logging ? The logging of connections that you see in Connections Log (Windows Logs\Security) or the WFC logging (Applications and Services Logs\WFC) ? Or the logging in general ? Why would you want to do this ?
     
  18. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    442
    Location:
    US
    Thanks, Alex.

    Happy New Year, to everyone at Wilder"s.

    Where did 2018 go?:( Blink an eye, 2019 is over!

    Robert
     
  19. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    134
    Not the Connections Log, i mean from WFC & wfcs sources in event viewer.

    Untitled.png

    I was just curious if this was possible while still retain the connections log or if they're attached to each other
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,638
    Location:
    Estonia
    Unfortunately, the logging in WFC is not configurable or optional. If you remove the WFC log category (through elevated CMD window), WFC will display message boxes on each logging attempt complaining that the WFC event log category is missing. WFC log has maximum 1MB on disk. Connections Log is not related to this log, but to the Security log.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,127
    Location:
    The Netherlands
    I have a general question. I've noticed that the Vivaldi browser is listed in the "Listening Ports" section from the Resource Monitor app, how is this possible? BTW, about the new security tool that you're developing, perhaps you can develop a tool like HandsOff, this is something that I really miss.

    http://www.oneperiodic.com/products/handsoff/
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,638
    Location:
    Estonia
    Does it have an inbound rule ? What was displayed in the Firewall Status column ? It may appear as listening, but in fact, it may be blocked by your firewall.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,127
    Location:
    The Netherlands
    I just saw that in TCPView it's not listed as "listening", not sure what to think. But it's unusual for a browser, that's why I thought it was weird. The firewall status is: Not allowed, not restricted. Vivaldi does not have an inbound rule.

    BTW, about the Hands Off! tool, I was mainly talking about the file/folder protection part. Sandboxie and SpyShelter do offer this, but they don't allow you to exclude sub-folders from being protected. So you can not say, protect all folders from C:\Program Files except a certain one.
     
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,638
    Location:
    Estonia
    Not allowed, not restricted - I would translate this to: blocked by outbound filtering being enabled, not restricted by not having a block rule.
    Regarding Hands Off, I will take a look at it.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,127
    Location:
    The Netherlands
    OK thanks, I just saw you will get to see the same with Chrome, but not with Firefox.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.