Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    78
    Location:
    Belgium
    Thanks again...!
     
  2. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    179
    Location:
    Canada
    Looking forward to see what you come up with, you make good stuff. It's to bad about Malwarebytes buying you and your WFC software (from a user point of view) because since then WFC has just halted development as can be seen from the changelog above, only minor maintenance stuff that doesn't amount to much. I always wonder what could've been, what was being cooked up for WFC future if you were still independent, possibly adding an easy way to edit the HOST file or something. Maybe a possible feature for a new security program. :p
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    Regarding the development of WFC, yes, it is a great loss that the development is stagnating, but I already do my best to ensure that the project will continue. Unfortunately, I'm not able to set the priorities for this project anymore.
    Meanwhile, I started Biniware, I am currently developing Biniware Run and soon I will start the new security software that I have in mind.
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,245
    Location:
    Europe then Asia
    I was expected it. WFC is taking the road of Threatfire...
     
  5. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    78
    Location:
    Belgium
    No, no EXCELLENT stuff ! Alex is a real computer programmer...
    edit: an idea for you >WinPatrol (the only good WinPatrol, made by Bill Pytlovany, who was also a real programmer) is dead, just make a new one!
     
    Last edited: Jan 31, 2019
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    Want to hear something funny? My first bachelor's degree is in Law, not Computer Science. Also, studying Law was easier and nicer than studying Math and Algorithms. But life is full of surprises.
     
  7. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    78
    Location:
    Belgium
    Oh yes...35 years ago I was a medical doctor, and after I started computer sciences...As you say, ' a lot of surprises' LOL!!
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,345
    Location:
    Under a bushel ...
    Intrigued. :geek:
    :thumb:
     
  9. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    447
    Location:
    US
    Bring it On!:shifty:
    Ain't that the truth!

    Robert
     
  10. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    56
    Ah that is a great idea! I'm just curious which Delivery Optimization mode will hit those ranges in particular; I guess I could watch and see what appears. Its a lot of bs though. After blocking Windows telemetry via hosts, so far windows has been relatively quiet; I just want to be able to detect what service exactly is trying to call out and the only possible solution I've come up with involves process-monitor monitoring svchost.exe 24/7 until I find the culprits.

    I've been looking for some kind of firewall just for windows services and I don't see anything out there; I've been enjoying windows firewall for years now but I'm considering playing around a bit with something that offers more granule control. Does comodo offer this kind of functionality? individual service blocking?
     
  11. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    37
    Location:
    Here
    If you only want to monitor what services are connecting out you can force services to use their own svchost using the sc command. E.g:

    sc config wuauserv type= own

    Above would force windows update service to use it's own svchost and not share with other services. You could then programmatically query each svchost to check which service is running in it (or tasklist /svc) giving you the PID of actual services. PID is often displayed in prompts and logged by firewalls and monitoring software.

    Personally I'm not a fan of maintaining a huge white list of IP's as it's time consuming and it's likely some are used for more than just windows updates. Add to this the frequent use of akamai and other CDN's.

    Although I believe my current setup is capable of blocking and allowing individual svchost services I currently update windows using the catalog server (I'm on windows 7 and not sure if I'll do the same on 10)
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,351
    Location:
    Canada
    Of possible interest, websites that a clean install of Windows 10 will connect to:

    -https://betanews.com/2018/07/31/all-the-websites-windows-10-connects-to-clean-install
     
  13. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    198
    Hi,

    I noticed your firewall specified a rule for Windows Update as 'svchost port 443' . I am trying to narrow the Windows Update process down to the actual service wuausvc and its accompanying services. Why did you specify your Windows Update rule as svchost port 443 ? Isn't it a bit broad ? That would allow all running services?
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    Do a search for "wuauserv" in this topic and you will find the reason mentioned several times. For example this one.
     
  15. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    198
    Thanks alexandrud.
     
  16. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    198
    I am getting Notifications for 'MS Account Sign in Assistant' . But I have a Allow Outbound rule for svchost.exe, for that service specified, all protocols, all ports. Why is it popping up? Have I specified the rule incorrectly ?
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    In Windows 10, service based rules don't always work. One example is Windows Update (wuauserv) for which you can't define anymore a service based rule for svchost.exe. I mean, you can define it, but Windows Update will not work. It may be possible that the same applies here too. But how do you know that the notifications are for 'MS Account Sing in Assistant' ?
     
  18. krawhitham

    krawhitham Registered Member

    Joined:
    Apr 20, 2015
    Posts:
    4
    Anyway to make "Learning Mode" a true "Learning Mode" and not auto accept digitally signed programs, is their a setting I'm missing or did someone misname "Learning Mode"?
     
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    What you call a "true Learning Mode" is called "Display notifications". There is no misname since all settings have descriptions and also an extended description in the user manual. Please check the user manual.
     
  20. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    198
    I know because I looked up the PID provided in the notification. In task manager, services tab, there is a pid column.
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,679
    Location:
    Estonia
    Not 100% accurate since multiple services can use the same PID, but useful sometimes. Then, it must apply what I said in my previous answer. Some service based rules simply don't work in Windows 10. Don't ask me why.
     
  22. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    198
    My 2 cents about Windows Update wuauserv Service. I have defined a outbound rule with svchost.exe any protocol, any service. And it doesn't work. Which leads me to conclude that wuauserv is not working because it needs a hidden service. For example, NETBIOS is a hidden service. You can verify that netbios exists by doing 'sc query netbios'. But it is not listed in services.msc .
     
  23. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    198
  24. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    359
    Location:
    united kingdom
  25. daw_10

    daw_10 Registered Member

    Joined:
    Jan 7, 2019
    Posts:
    4
    Location:
    UK
    How do you restrict a program (let's say xyz.exe) so that it can connect to other PC's on a LAN but cannot connect to the internet ? Is it possible to do this by just setting INBOUND and OUTBOUND rules for the program to "LocalSubnet" only, and then adding that program to the Notifications Exceptions list ?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.