Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    Not 100% accurate since multiple services can use the same PID, but useful sometimes. Then, it must apply what I said in my previous answer. Some service based rules simply don't work in Windows 10. Don't ask me why.
     
  2. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    220
    My 2 cents about Windows Update wuauserv Service. I have defined a outbound rule with svchost.exe any protocol, any service. And it doesn't work. Which leads me to conclude that wuauserv is not working because it needs a hidden service. For example, NETBIOS is a hidden service. You can verify that netbios exists by doing 'sc query netbios'. But it is not listed in services.msc .
     
  3. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    220
  4. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    390
    Location:
    united kingdom
  5. daw_10

    daw_10 Registered Member

    Joined:
    Jan 7, 2019
    Posts:
    4
    Location:
    UK
    How do you restrict a program (let's say xyz.exe) so that it can connect to other PC's on a LAN but cannot connect to the internet ? Is it possible to do this by just setting INBOUND and OUTBOUND rules for the program to "LocalSubnet" only, and then adding that program to the Notifications Exceptions list ?
     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    Yes, but the market share of Windows 10 is just 40%.
    Yes, did you try and does not work? If it doesn't try instead of LocalSubnet to set your local LAN IP range. For example: 192.168.0.1-192.168.0.255
     
  7. daw_10

    daw_10 Registered Member

    Joined:
    Jan 7, 2019
    Posts:
    4
    Location:
    UK
    Thank you very much for your reply. It works, I just wanted a re-confirmation of my procedure to make sure that xyz.exe did not make any hidden connection to the internet. Also thank you for a great program for which you provide excellent support.
     
  8. nzo

    nzo Registered Member

    Joined:
    Feb 9, 2019
    Posts:
    1
    Location:
    New Zealand
    Hi alexandrud,

    My PC is on 24/7. Usually I use WFC set at Medium Filtering. When not using the PC (overnight) I set WFC to High Filtering via right-click on the system tray icon. Is it possible to create a keyboard command so that one can switch between the Medium and High options without doing this via WFC's dialog boxes? It would be faster.

    Thank you.
     
  9. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    238
    Location:
    Canada
    Pointless, just do it in two clicks.
     
  10. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
    To block the Internet сreate a shortcut for the .bat file with this commands as admin and assign hotkeys to it
    This will add two rules, inbound and outbound
    1.png
    Netsh.exe Advfirewall Firewall add rule name="High Filtering profile - Block inbound connections" dir=in action=block description="Block all inbound connections"
    Netsh.exe Advfirewall Firewall add rule name="High Filtering profile - Block outbound connections" dir=out action=block description="Block all outbound connections"
    Similarly, to unlock the Internet

    netsh.exe advfirewall set allprofiles state on
    netsh.exe advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound
     
    Last edited: Feb 10, 2019
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    New features in WFC, not gonna happen anytime soon.
    This will not remove the block all rule that you created in the first place.
     
  12. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
    This remove
    Netsh.exe Advfirewall Firewall delete rule name="High Filtering profile - Block outbound connections"
    Netsh.exe Advfirewall Firewall delete rule name="High Filtering profile - Block inbound connections"
    You can also disable the network adapter(s) with .bat file, work fine.

    Ad
    Which .cmd can "update rules" to change the WFC icon color of the tray?
     
    Last edited: Feb 10, 2019
  13. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
    When create a rule from the alert window for svchost with service, you must first determine the service name by ID, then select this service from the drop-down menu. Is it possible to make this process automatic? For example, PrivateWinTen himself defines and substitutes the service name in the rule.
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    No. The required code and work are not justified. It is just a false impression that having service based for svchost.exe adds any value of any kind. In reality it is just a waste of time. Once something is broken, the first impulse is to disable outbound filtering to see if this is related, even worse, the firewall disabled entirely. At this point, all these rules are useless. Just leave svchost.exe to connect on ports 80,443 and use your time in a better way. The same applies for rules defined for specific IPs. It is a waste of time. Just allow or block a software entirely. These endless rules customizations don't increase the security at all.
     
  15. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    85
    Location:
    Belgium
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    It is not clear from the screenshots if the Connections Log displays inbound or outbound connections. But I assume that they are outbound connections that appear as allowed while the software is blocked by a block rule.

    1. Check the full details of the allowed connection. Make sure it is not to the localhost, 127.0.0.1.
    2. Enable Secure Profile so that we can make sure that this software does not switch the outbound filtering in Windows Firewall in order to be able to connect.
    3. Rename nvtmru.exe to a different name (extension) and see what is happening. If you really want it blocked, renaming it should not break anything.
    4. Try to filter the Security log and see if you can see this allowed connection. Event ID 5156. Just to make sure that this is a true allowed connection and not a bug in WFC.
    5. Do you have this problem only with this software ?
     
  17. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    85
    Location:
    Belgium
    Thanks!
    Log is Outbound connections.
    Remote IP is 127.0.01...> ??
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    Windows Firewall does not filter loop back connections which are always allowed. 127.0.0.1 is always allowed, this is your local computer. The software does not connect to the Internet but to the local machine. No worries about this. Just add nvtmru.exe in the notifications exceptions list and forget about it.
     
  19. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
    Try to remove it from autostart, it seems to be needed only for auto-update. I install for NVIDIA driver only.
     
  20. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    85
    Location:
    Belgium
    Thanks..
    So: this software is present in my computer. Moreover this soft is installed. And the easiest way it has to to connect to my machine is through my firewall. Quite a new concept for me!!
    Thanks again...
     
  21. JNicoll23

    JNicoll23 Registered Member

    Joined:
    Oct 24, 2009
    Posts:
    23
    Location:
    Scotland
    It's common for programs running on a computer to have to swap information with other programs running on the same computer. Because Windows does its best to isolate programs from each other (so eg they don't share access to the same memory, because if they did they could interfere with each other), there have to be other ways for them to talk in a controlled fashion. One way is to use the same mechanism that's used for talking to the outside world... but keep the conversation entirely inside the machine... which is what you are seeing.
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    Windows Firewall Control v.6.0.0.0

    Change log:

    - New: The user interface was updated to follow the Malwarebytes theme.
    - New: A new Dashboard tab was added which displays the state of Windows Firewall, the status of inbound and outbound connections and the connected Location.
    - New: Multi language support was added in the Options tab. All available translation files are extracted automatically to a subfolder named "lang". Switching the language of the user interface is now easier. If you have an updated translation file, please send it to me as usual and I will include it in the next release.
    - New: The user manual was migrated from .chm to an online .pdf file. It can be opened by using the new question mark buttons from the user interface and also by pressing the F1 key.
    - Improved: When changing the profile in WFC, if the inbound connections are allowed, which is a security risk, they will be set to be by default blocked. If they are already set to be blocked or all blocked (through WFwAS) then their status will be preserved.
    - Fixed: The profile reported in WFC might not be accurate on the first run if the outbound filtering has different values for different locations.
    - Fixed: Pressing on "Check this file" in Rules Panel or Connections Log when the program path is empty generates an exception in WFC log.
    - Fixed: The connected location displayed in WFC is displayed as 'VPN' instead of 'Public' when multiple network adapters are active.
    - Fixed: Checking for updates is made through http instead of https.

    New translation strings:
    070 = Dashboard
    071 = Try Malwarebytes Premium
    072 = Open Malwarebytes
    073 = Windows Firewall state
    074 = On
    075 = Off
    076 = Inbound connections
    077 = Outbound connections
    078 = Allow all
    079 = Allow
    080 = Block
    081 = Block all
    340 = User interface language
    610 = All rights reserved.
    611 = Third-party notices
    612 = End User License Agreement (EULA)

    Updated translation strings:
    029 = Get more information

    Removed translation strings:
    041 = Press on the lock icon to unlock
    310 = Define below the appearance of the program by setting any RGB color combination
    311 = Red
    312 = Green
    313 = Blue
    314 = Hex Color


    Download location:
    https://www.binisoft.org/download/wfc6setup.exe
    SHA1: 753b2bdff4492b29ccffb8bca622329878c4e7e6
    SHA256: 61758d0dd3c4f592abf8a411eafce22ede8e3a32a5aab175284914c7f66eb78e

    I hope you will like this new version, which proves that WFC is not abandoned.
    Alexandru

    Note1: This version can't update previous versions. To update older versions, you must first uninstall that version and install this one.
    Note2: I am still the only developer that touches WFC code.
    Note3: The installer will propose the default installation folder to C:\Program Files\Malwarebytes\Windows Firewall Control. The software has now the name Malwarebytes Windows Firewall Control in the list of installed applications in Control Panel and in the services list if you search for it in services.msc. Also, note that the new installer name is wfc6setup.exe instead of wfc5setup.exe.
    Note4: For other Malwarebytes products you have to add your own firewall rules. They are not automatically created by WFC or by creating WFC recommended firewall rules.

    upload_2019-2-26_17-4-26.png
     
    Last edited: Feb 26, 2019
  23. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    238
    Location:
    Canada
    It's really an testament to how good WFC when there's no need to update... Also wouldn't having an online manual be bad since this is a firewall and if something is configured wrong, person wouldn't even be able to view it, or if the site temperately unavailable for "reasons". Anyway glad to see stuff happening with WFC, things make a little more sense now that it has the malwarebytes look, before I questioned why they even bought this since they didn't seem to do anything with it.
     
  24. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
    Apparently, you need to increase the width of this panel.
    11.png ScreenShot_149.png (081 = Block all)
     
    Last edited: Feb 26, 2019
  25. galileo

    galileo Registered Member

    Joined:
    Dec 10, 2005
    Posts:
    71
    It is now a PDF file...just save it to disk at the time when you download the program itself...
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.