Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    56
    @alexandrud I uninstalled and reinstalled your app, also reset all rules as you suggested, this never fixed the problem. New applications, and anything with out a rule is not detected nor are they blocked at all. Its green lighted right through without any notifications. What could be causing this?
     
  2. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,245
    Location:
    Europe then Asia
    what profile are you using?
     
  3. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    56
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,245
    Location:
    Europe then Asia
    im using WFC this way:

    1- in Windows FW, all profiles are set to block.
    2- in WFC i ticked secure Profile.

    maybe it can help you.

    if im not wrong netsh.exe should be allowed for WFC to run properly.
     
  5. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    56
    I finally appeared to have figured it out; group policy had set outgoing to allow, instead of block. I have no idea why or how this changed but it was a simple fix! I had a lot of group policy settings reverting and changing automatically without my input after upgrading to windows 10... over, and over again. what a gong show this software is.
     
  6. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    400
    Location:
    USA
    You Might consider a clean install of 1809. I did this with a new SSD and the results were just amazing. Preparing with backups and saves is an adventure as is re-installing all of your software, but my prior installation was upgraded from W7 so it was well worth the time.
     
  7. protechtedd

    protechtedd Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    1
    Location:
    USA
    Bug report (?)

    WFC 5.4.1.0

    When I load the Rules Panel and try to modify a rule, I get a .NET error box with this text contents. Also when in the Connections Log Panel, I cannot "Customize and create", nothing happens when I click that. Otherwise WFC seems to be working if I already have a rule created.

    Code:
    See the end of this message for details on invoking
    just-in-time (JIT) debugging instead of this dialog box.
    
    ************** Exception Text **************
    System.NullReferenceException: Object reference not set to an instance of an object.
       at WindowsFirewallControl.Common.ViewManager.OpenProperties(RuleData ruleData, ViewPurpose viewPurpose)
       at WindowsFirewallControl.Common.ViewManager.OpenRulesPanel()
       at System.Windows.Forms.ToolStripItem.RaiseEvent(Object key, EventArgs e)
       at System.Windows.Forms.ToolStripMenuItem.OnClick(EventArgs e)
       at System.Windows.Forms.ToolStripItem.HandleClick(EventArgs e)
       at System.Windows.Forms.ToolStripItem.HandleMouseUp(MouseEventArgs e)
       at System.Windows.Forms.ToolStrip.OnMouseUp(MouseEventArgs mea)
       at System.Windows.Forms.ToolStripDropDown.OnMouseUp(MouseEventArgs mea)
       at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
       at System.Windows.Forms.Control.WndProc(Message& m)
       at System.Windows.Forms.ToolStrip.WndProc(Message& m)
       at System.Windows.Forms.ToolStripDropDown.WndProc(Message& m)
       at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
    
    
    ************** Loaded Assemblies **************
    mscorlib
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
    ----------------------------------------
    wfc
        Assembly Version: 5.4.1.0
        Win32 Version: 5.4.1.0
        CodeBase: file:///C:/Program%20Files/Windows%20Firewall%20Control/wfc.exe
    ----------------------------------------
    PresentationFramework
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/PresentationFramework/v4.0_4.0.0.0__31bf3856ad364e35/PresentationFramework.dll
    ----------------------------------------
    WindowsBase
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/WindowsBase/v4.0_4.0.0.0__31bf3856ad364e35/WindowsBase.dll
    ----------------------------------------
    System.Core
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
    ----------------------------------------
    System
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3314.0 built by: NET472REL1LAST_B
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
    ----------------------------------------
    PresentationCore
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_64/PresentationCore/v4.0_4.0.0.0__31bf3856ad364e35/PresentationCore.dll
    ----------------------------------------
    System.Xaml
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xaml/v4.0_4.0.0.0__b77a5c561934e089/System.Xaml.dll
    ----------------------------------------
    System.Configuration
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
    ----------------------------------------
    System.Xml
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
    ----------------------------------------
    System.ServiceProcess
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.ServiceProcess/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll
    ----------------------------------------
    System.Runtime.Remoting
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Remoting/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
    ----------------------------------------
    System.Windows.Forms
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
    ----------------------------------------
    System.Drawing
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
    ----------------------------------------
    System.ServiceModel
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.ServiceModel/v4.0_4.0.0.0__b77a5c561934e089/System.ServiceModel.dll
    ----------------------------------------
    System.Runtime.Serialization
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Serialization/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Serialization.dll
    ----------------------------------------
    SMDiagnostics
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/SMDiagnostics/v4.0_4.0.0.0__b77a5c561934e089/SMDiagnostics.dll
    ----------------------------------------
    System.ServiceModel.Internals
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.ServiceModel.Internals/v4.0_4.0.0.0__31bf3856ad364e35/System.ServiceModel.Internals.dll
    ----------------------------------------
    System.IdentityModel
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.IdentityModel/v4.0_4.0.0.0__b77a5c561934e089/System.IdentityModel.dll
    ----------------------------------------
    PresentationFramework.Aero2
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/PresentationFramework.Aero2/v4.0_4.0.0.0__31bf3856ad364e35/PresentationFramework.Aero2.dll
    ----------------------------------------
    PresentationFramework-SystemXml
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/PresentationFramework-SystemXml/v4.0_4.0.0.0__b77a5c561934e089/PresentationFramework-SystemXml.dll
    ----------------------------------------
    UIAutomationTypes
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/UIAutomationTypes/v4.0_4.0.0.0__31bf3856ad364e35/UIAutomationTypes.dll
    ----------------------------------------
    PresentationFramework-SystemCore
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3190.0
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/PresentationFramework-SystemCore/v4.0_4.0.0.0__b77a5c561934e089/PresentationFramework-SystemCore.dll
    ----------------------------------------
    UIAutomationProvider
        Assembly Version: 4.0.0.0
        Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
        CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/UIAutomationProvider/v4.0_4.0.0.0__31bf3856ad364e35/UIAutomationProvider.dll
    ----------------------------------------
    
    ************** JIT Debugging **************
    To enable just-in-time (JIT) debugging, the .config file for this
    application or computer (machine.config) must have the
    jitDebugging value set in the system.windows.forms section.
    The application must also be compiled with debugging
    enabled.
    
    For example:
    
    <configuration>
        <system.windows.forms jitDebugging="true" />
    </configuration>
    
    When JIT debugging is enabled, any unhandled exception
    will be sent to the JIT debugger registered on the computer
    rather than be handled by this dialog box.
    
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    Press F1 in any WFC window to open the user manual and check this topic: User interface > Notification Dialog. The full path is already there as a tool tip.

    Please go to the highlighted Windows Registry key and delete it. Before you delete it, please make a screenshot of the value of it and post it back here.

    upload_2019-1-29_12-29-0.png
     
    Last edited: Jan 29, 2019
  9. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    56
    I've got a big one for all of you, esp @alexandrud. A rule to allow only Windows updates through svchost. I'll bite off my own **** if you can tell me how I can do that.
     
  10. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    344
    Location:
    Germany
    I will save you, do not harm yourself! :argh:
    For the svchost.exe allow outgoing TCP, local IP any, local port any, remote IP any, remote port 80, 443.
     
  11. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    56
    So far it doesn't look like windows firewall actually performs the functions it offers, blocking individual services under the umbrella of the svchost. Microsoft releases windows updates every second Tuesday of each month give or take 24 hours or so. You could create a script that automatically enables svchost out each month, and one for every day for defender updates; (for 5-10 minutes) or do it manually.

    Or, you could for example block everything, enable packet logging, monitor the ip addresses and ports for every windows update server connection, then only allow svchost out for those specific ip addresses, this will narrow it down to only allow windows update. If you use cidr format replacing the last 3 digits with .1/24, you will be able to reach every ips on that subnet if they change over time. After hammering this out enough, should you notice other ip's pop up outside that scope, you will over time know its not windows update. I am not sure how one can detect exactly what program/service is operating under the svchost umbrella other than triggering it manually.

    For Windows Updates, use Group Policy "Delivery Optimization" Download Mode, set to 99, (meaning no P2P or cloud services, just microsofts servers alone; so you don't get 1,000,000,000 different ips)

    Remote addresses: 65.55.163.1/24,13.74.179.1/24,191.232.139.1/24,20.36.222.1/24,20.42.23.1/24,191.232.139.2/24,20.36.218.1/24,95.101.0.1/24,95.101.1.1/24,13.78.168.1/24,93.184.221.1/24,13.83.184.1/24,13.107.4.1/24,13.83.148.1/24
     

    Attached Files:

  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    Good look in monitoring and adjusting those IP ranges. This is just tiresome and does not improve overall security at all. On Windows 7 you could create service based rules for svchost.exe, but not on Windows 10.
     
  13. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    56
    After doing this for a while, the firewall rule changed automatically to this:

    13.74.179.0/255.255.255.0,13.78.168.0/255.255.255.0,13.83.148.0/255.255.255.0,13.83.184.0/255.255.255.0,13.107.4.0/255.255.255.0,20.36.218.0/255.255.255.0,20.36.222.0/255.255.255.0,20.42.23.0/255.255.255.0,65.55.163.0/255.255.255.0,93.184.221.0/255.255.255.0,95.101.0.0/255.255.255.0,95.101.1.0/255.255.255.0,191.232.139.0/255.255.255.0,13.86.124.0/255.255.255.0, why and how is this possible?
     
  14. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    56
    Sad to say, Just updated to windows 10 5 days ago, for the first time. Today my firewall was automatically blocking, and unblocking ALL of my connections over and over and over again, for 5-10 minutes at a time; Then it just randomly stopped on its own. Never had this kind of gaslighting creepy **** happen on windows 7.
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    Windows Firewall API returns this expanded version instead of CIDR notation. It accepts CIDR notation as input but it always returns back the full thing. Nothing strange.
     
  16. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    56
    @alexandrud; good to know its a legit change. looks like windows firewall firebombed on 10, do you know of any third party firewallls that do a better job?
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    I have used Windows Firewall in the past 9 years without any problems. I can't recommend another firewall since Windows Firewall and with WFC together fit my needs. I think you have to play with it a little bit more and allow some time to learn more. There is a good explanation for each action that may seem strange or out of nowhere. Windows Firewall from Windows 10 works just fine.
     
  18. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,351
    Location:
    Canada
    If you use CIDR format for Microsoft IP addresses to restrict svchost.exe, you'd be better off using a corporate network range such as, for example: 13.107.0.0/16, and restrict to remote ports to 80, 443. MS has huge number of update servers, so using a range for a remote subnetwork for only 256 pc's will result in lots of time and effort creating far more rules than is necessary. BTW, I don't think you need to use custom ranges for local IP addresses, as I saw in your earlier screen shot.
     
  19. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    37
    Location:
    Here
    Are you only looking for solutions via WFC?
     
  20. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    78
    Location:
    Belgium
    Hi Alexandrud...
    I have your soft version 5.0.2.0 on Win10 (home) 1709. Do you recommend to install the last version?
    I also have Win 10 (home) 1511. Are your versions compatible with "old" W10 versions?
    Thanks.
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    You can check the changelog located at https://www.binisoft.org/changelog.txt and you can decide if you want the new improvements or not. Yes, I recommend you to install the latest version which is 5.4.1.0. I also use this version on my computers.
     
  22. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    179
    Location:
    Canada
    5.3.1.0 was the last version before the Malwarebytes acquisition and added telemetry put in, it's also the last version that has a great feature called "Secure Rules" which was removed to keep stupid people from hurting themselves, but as Alex says, read the changelog and decide for yourself.
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    I had to revert that implementation of Secure Rules because there were too many support emails each day complaining that "your software broke my Windows 10 computer" :( My new security software which will be ready this year, will be able to define protected registry keys and that key could be added :)
     
  24. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    78
    Location:
    Belgium
    I will follow your recommendation for my 'updated' Win (1709 etc... in the future).
    What about my Win ver 1511 (I do not plan to update it) ? >> can I install your last WFC version?
    Thanks!
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    Yes, sure. When there are reported problems, they are usually with the latest updates from Windows 10. For version 1511, any version of WFC will work just fine.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.