Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    463
    Location:
    Germany
    Not all. You have not made a dynamic length for these fields (the translation does not fit), as for the advertising field on the upper right.
    ScreenShot_154.png
    About Secure Rules
    1. Options in the green frame #1 should be inactive, if the Secure Rules is turned off. They can maintain their state, but must be inactive.
    2. If you accidentally click very far to the right of the radiobutton, but on the same line (#2) with the radiobutton, the option will switch. It is not right.
    3. Does the lower option also depend on the Secure Rules? If it depends, then it is located correctly, if it does not, then it needs to be moved to the left (#3).
    ScreenShot_155.png
     
    Last edited: Feb 28, 2019
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,942
    Location:
    USA
    Much appreciated, thank you :thumb:

    Edit: Uninstalled v5 saving existing rules and installed v6, no reboot required :thumb:
     
    Last edited: Feb 28, 2019
  3. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    245
    Location:
    Canada
    Not really, people were complaining about not being able to install WFC because they had an old Comodo or "other" AV/firewall installed previously, the fact that a simple frontend is now denying to be installed shows that it's roots are longer then they need to be, it's a simple frontend for Windows Firewall, a things that's on literally every Windows PC, shouldn't matter about peoples security setups, ie. they have Comodo installed or not, etc.
     
  4. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    120
    People will really complain about anything... what Special wrote above makes zero sense. There was a bug and it was fixed instantly. We have enough conspiracies already.
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,942
    Location:
    USA
    Perhaps you are not understanding the problem? When a security program that is registered in the Windows Security Center is uninstalled it is supposed to also unregister itself. If it does not then it appears to still be installed. It is generally accepted that only one firewall program should be installed and Windows Firewall Control is simply checking to see if anything other than Windows Firewall is present. Users with the problem of a previous program that didn't properly unregister can rebuild the WMI Repository.
     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,812
    Location:
    Romania
    There is no contradiction. It means that Secure Rules will apply to newly added rules and also to the existing rules when you enable this feature. Existing ones doesn't mean it will prevent modification to existing rules, it means that Secure Rules will check the group names of the existing rules too. Secure Rules was first introduced in version 4.1.4.0 (19.09.2014). I think after 5 years everybody knows what that feature does.
    This only works if you are on the same operating system. This will be useless if you reinstall the operating system because the activation code is generated based on an Installation ID which is unique on each Windows installation.
    Those fields from Dashboard have fixed width. I will update them to see how they look like.
    About Secure Rules, all those sub-options must be enabled even if Secure Rules is not enabled. Otherwise you can have your rules deleted instead of disabled because you can't choose what will happen with the rules before enabling Secure Rules.
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,812
    Location:
    Romania
    Please do not spread such ideas which are not true. I already mentioned that I am the only developer that writes code for WFC. For version 6.0.0.0, I made a lot of changes and I introduced a bug in the installer without knowing about it. I also fixed the bug the next day after it was reported. This has nothing to do with Malwarebytes. There is no hidden plan to prevent the users from installing WFC based on other installed products. I, the developer, Alexandru Dicu, I made a mistake, which I fixed as soon as I was aware of the problem. It happened also with other WFC releases from the past and again, I fixed the reported problems as soon as I could.
     
  8. delah

    delah Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    81
    Location:
    Ireland
    Thank you very much Alexandru - your work is most appreciated.
     
  9. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    463
    Location:
    Germany
    It is possible and static length, but increase from 120 to 140 pixels.
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,812
    Location:
    Romania
    I increased it to 160, it looks fine. It will be included in the next build.
     
  11. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    987
    + 1

    Thanks a lot for your application, Alexandru!
     
  12. Frejoh466

    Frejoh466 Registered Member

    Joined:
    Mar 1, 2019
    Posts:
    5
    Location:
    192.168.1.1
    So I'm not sure if I found a bug in Secure Rules.

    So I got a nasty program called Warframe that no mater what, adds it own firewalls rules every time I boot the application. Don't know why or how a random application can add their own firewall rules without admin privilege or user interaction. So I'm trying to block that.

    If I enable Secure Rules and add Warframe to the wfc group. And then launch Warframe, Warframe change the group back to Warframe that wfc then deletes. Can I stop that somehow? like set it to read only? And isn't Secure Rules suppose to stop applications from changing firewalls rules?
     
  13. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    245
    Location:
    Canada
    What version of WFC do you use?
     
  14. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    463
    Location:
    Germany
    Try WFC v5.3.1.0, there is another system Secure Rules.
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,812
    Location:
    Romania
    Why? Enforcing a connection to an online licensing mechanism. How? By using a Windows service that has elevated privileges.
    No, Secure Rules will disable/delete newly added rules. When an add event is triggered, not when a change event is triggered. But from your description it seems that this software doesn't change the group, but instead it recreates its own rules in the same specific group. Probably it searches for their own rules which are not found with the exact details, so they assume they aren't there, therefore they will recreate them.
    1. You say that these rules are always created in the group Warframe. Try to add Warframe in the authorized groups names so that Secure Rules will skip these rules. I guess you want to have these rules in order to be able to use the software. Or what are you trying to achieve?
    2. Write an email to Warframe developers and ask them why they are messing up with your firewall rules. Maybe they have a workaround. These are bad practices. I bet that they can't do this for each firewall on the market, so what they are doing with Windows Firewall rules, is just stupid and useless.
     
    Last edited: Mar 2, 2019
  16. Frejoh466

    Frejoh466 Registered Member

    Joined:
    Mar 1, 2019
    Posts:
    5
    Location:
    192.168.1.1
    1. Probably going have to add a group Warframe to the exclude list. But I think the application always create the firewall rules when launched, as the Warframe rules are always on the top in the list after I start it. What I'm trying to achieve is that I own my computer, and I want to control whats get added to the firewall. I want those rules there, but I'm the one who will add them. Like I don't want malware to add rules to the firewall without my knowledge.

    2. I did, but got no response or a standard "Problem with firewall" template to follow.

    But isn't the Secure Rules also suppose to protect rules from being deleted that are already in there?
    If I add Warframe.exe to the firewall and group it to wfc, the rule will be deleted when I start Warframe as it adds it own rules that wfc deletes, but my own Warframe.exe with group wfc gets deleted.

    So if an application add a new rule that already exist, that rule will be removed from the firewall?

    Also should have mentioned I'm using the latest version, upgraded from 5.0.1.1.9. Also congratulation on the MB buyout, you software is great.
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,812
    Location:
    Romania
    Please open the user manual on page 28 45:
    https://binisoft.org/pdf/guides/Malwarebytes-WFC-User-Guide.pdf#page=45

    upload_2019-3-2_11-44-17.png

    Check these IDs on that log and see which application, adds, deletes or modifies these rules. I think the Warframe service is the culprit.

    So if an application add a new rule that already exist, that rule will be removed from the firewall?
    My guess is that this software just removes any rule that applies to its own path and then it recreates them, this is why they are always on top. This is not done automatically.

    Secure Rules does not monitor when a rule is deleted. Even if it was monitoring this, WFC would be informed about the deletion after the deletion occurred, not on the attempt.

    You can use WFC 5.3.1.0 which has a different approach on Secure Rules implementation. That version can block adding, modifying and deletion of the rules. But search this topic for the reverse side of that, because there are some side effects which many don't know how to handle. This is why I reversed Secure Rules in version 5.4.0.0.
     
    Last edited: Mar 2, 2019
  18. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    463
    Location:
    Germany
    Page 45
     
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,812
    Location:
    Romania
    Thank you. I opened it on page 28 and I forgot I scrolled it down :)
     
  20. Frejoh466

    Frejoh466 Registered Member

    Joined:
    Mar 1, 2019
    Posts:
    5
    Location:
    192.168.1.1
    Ok, I thought that Secure Rules would block other programs from changing the firewall settings, like adding/removing rules.

    I only have 2004, 2005, and 2006 changes in the log and it seems like dllhost.exe is first deleting the rules. with 2006 both UDP, TCP, In, and Out for some .exe files.

    Code:
    A rule has been deleted in the Windows Defender Firewall exception list.
    
    Deleted Rule:
       Rule ID:   {B2FEC51D-7028-43F7-A9A3-F8E4C6299244}
       Rule Name:   U - Warframe Game 64-bit (TCP-In)
       Modifying User:   DESKTOP-FREJOH466\Frejoh466
       Modifying Application:   C:\Windows\SysWOW64\dllhost.exe"
    Then adding them,with 2004

    Code:
    A rule has been added to the Windows Defender Firewall exception list.
    
    Added Rule:
       Rule ID:   {DFCC8FA0-F99B-43DE-B754-6F0684B21C51}
       Rule Name:   Warframe Game 64-bit (TCP-In)
       Origin:   Local
       Active:   Yes
       Direction:   Inbound
       Profiles:   Private
       Action:   Allow
       Application Path:   F:\Warframe\Downloaded\Public\Warframe.x64.exe
       Service Name:
       Protocol:   TCP
       Security Options:   None
       Edge Traversal:   Allow
       Modifying User:   DESKTOP-FREJOH466\Frejoh466
       Modifying Application:   C:\Windows\SysWOW64\dllhost.exe
    Then WFC disable them with 2005

    Code:
    A rule has been modified in the Windows Defender Firewall exception list.
    
    Modified Rule:
       Rule ID:   {DFCC8FA0-F99B-43DE-B754-6F0684B21C51}
       Rule Name:   Warframe Game 64-bit (TCP-In)
       Origin:   Local
       Active:   Yes
       Direction:   Inbound
       Profiles:   Private
       Action:   Allow
       Application Path:   F:\Warframe\Downloaded\Public\Warframe.x64.exe
       Service Name: 
       Protocol:   TCP
       Security Options:   None
       Edge Traversal:   None
       Modifying User:   SYSTEM
       Modifying Application:   C:\Program Files\Malwarebytes\Windows Firewall Control\wfcs.exe
    
    Edit:
    I assume Warframe trigger dllhost.exe to change the firewall settings, and is using my account with admin privileges to do it? I'm not sure how, as Warframe has not been given admin privileges. So I have no clue what is going on here.
     
    Last edited: Mar 2, 2019
  21. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    463
    Location:
    Germany
    Block him access to dllhost.exe using HIPS or OSArmor.
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,812
    Location:
    Romania
    I just checked on my computer and I do not have firewall rules created by dllhost.exe. None of events with ID 2004 appear to be triggered by dllhost.exe. I don't think I ever saw this as a source of creating firewall rules, until now. Anyway, it seem that these rules are inbound rules, not outbound rules. So, this software want to listen for incoming connections on TCP protocol. When you launch it, do you see any prompt from Windows Firewall itself regarding it ? It just creates an inbound rule, that's all ? The rule is added by your current user which I assume it is an administrator account. If you login with a standard user account on your computer, what happens?
     
    Last edited: Mar 2, 2019
  23. Frejoh466

    Frejoh466 Registered Member

    Joined:
    Mar 1, 2019
    Posts:
    5
    Location:
    192.168.1.1
    I just used one of the connections as an example, these are the rules the program adds,
    Code:
    Warframe RemoteCrashSender (TCP-Out) F:\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe Out TCP
    Warframe Launcher (TCP-Out) C:\Users\Frejoh466\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe Out TCP
    Warframe Game 64-bit (TCP-Out) F:\Warframe\Downloaded\Public\Warframe.x64.exe Out TCP
    Warframe Game 64-bit (UDP-Out) F:\Warframe\Downloaded\Public\Warframe.x64.exe Out UDP
    Warframe RemoteCrashSender (TCP-In) F:\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe In TCP
    Warframe Launcher (TCP-In) C:\Users\Frejoh466\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe In TCP
    Warframe Game 64-bit (TCP-In) F:\Warframe\Downloaded\Public\Warframe.x64.exe In TCP
    Warframe Game 64-bit (UDP-In) F:\Warframe\Downloaded\Public\Warframe.x64.exe In UDP
    
    If I don't have admin privileges by account or UAC on, it ask for admin account so it can add the rules. If I say no it gives an error message that it need admin privileges to add firewall rules. My account is Administrator, but I launch the program without Administrator privileges.

    So I guess this is an MS feature to let any application get Administrator privileges on admin accounts to change the firewalls rules.
     
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,812
    Location:
    Romania
    If you are using an administrator account, if you launch a software it will be executed usually under your administrator account and will have administrative privileges. In Windows any software that has administrative privileges can change Windows Firewall rules and settings. If you use WFC 5.3.1.0 you can block this software messing up with your firewall rules. Secure Rules from version 5.3.1.0 removes the permission in Windows Registry so that only WFC can add/modify/remove rules. Other programs, including Windows Store, the operating system, any software executed with admin privileges, etc, will fail changing your rules because they will not have the required permissions.

    But we are already discussing something else here. From what you are saying, this software asks for elevated privileges. You either elevate it and it adds its own rules (here Secure Rules does what it is supposed to do), you either do not elevate the process and it will give an error and will not run. From my point of view, WFC and Secure Rules work as expected.
     
  25. Frejoh466

    Frejoh466 Registered Member

    Joined:
    Mar 1, 2019
    Posts:
    5
    Location:
    192.168.1.1
    Yes, I can agree with that. I might argue that a program shouldn't be able to delete firewall rules in WFC with Secure Rules on. But that and the lack of knowledge on windows admin privileges made me confused on how secure rules works.

    Anyway, Thanks for the help. And good luck with the Malware Byte acquisition.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.