Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    From Rules Panel you could always select the service name when defining a firewall rule. Only recently the notification dialog is able to recognize that service based on the Process ID. Before this, you had to look in Task Manager and check which service had that Process ID. Now, WFC does this automatically.
    Yes, there are still connections which are not under a specific service name. I usually ignore them. A block rule will always overwrite any allow rule because block rules have higher precedence than allow rules.
    These are too many feature requests. Probably none of them will see the daylight in the near future. Remember that WFC is now freeware and I am not in charge anymore.
    Too much complexity. After a few days of using your computer and creating svchost.exe rules for main usage scenarios, you can add svchost.exe in the notifications exceptions list and forget about it.
     
  2. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    76
    From what i understand WFC is "just" a gui for the windows firewall. So if i just use my paid 5.3.1.0 till some windows 10 update breaks it is there any real risk security wise?
    In the changelogs i found nothing that sounded so critical that i should update.
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    No.
    You can still continue using 5.3.1.0. if the change log does not convince you to install a newer version. There is no security risk.
     
  4. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    76
    Thanks for your kind and fast reply :)
     
  5. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    71
    Could you please point me to the forum or website where I can ask for feature requests? Thanks.

    This is what I was thinking also, ignoring straight away would be redundant; you would need whitelist first then ignore. It would still be nice to have a simple non invasive little check box (or something better) to ignore which adds an notification exception to the list for you; this would reduce complexity for users and make it a bit more user friendly, esp in environments where much whitelisting is necessary
     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    You can request here new features. However, the chance that they will be implemented, is still very low.

    Fro mthe notification dialog you can add a notification exception. You can define only simple strings as notifications exceptions. You can't add svchost.exe when it is triggered by a specific service.
     
  7. liamZ

    liamZ Registered Member

    Joined:
    Mar 22, 2019
    Posts:
    2
    Location:
    Mali
    Hi, I'm new to this very good program and I'm still learning everything about it.:thumb:
    I have a feature request:
    In options, Rules, we can specify the locations for wich a new rule is applied when creating a new one.
    I know the locations can be changed manually when creating a new rule, but what about to have two options? One for allowed rules and the other one for blocked rules?
    1 Specify the locations for wich a new rule is applied when creating a new blocking rule
    2 Specify the locations for wich a new rule is applied when creating a new allowing rule

    I think it will be very usefull, thanks!!! :thumb:
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    Hello. I must say no to such a feature request. I don't see how this can be useful. I don't see why a user should bother to create firewall rules for different locations. You either trust an application and you allow it, either you want it blocked and you block it.
     
  9. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    559
    Location:
    US
    That's what I am doing only using 5.4.1.0. No problems with Security>Secure Rules.

    Robert
     
  10. liamZ

    liamZ Registered Member

    Joined:
    Mar 22, 2019
    Posts:
    2
    Location:
    Mali
    Hi, thanks for your answer.

    Well, the same way you want to use shared folders in private networks and block shared folders in public networks, there are some programs that I only want to block in public networks but allow them in my private networks.
    Of course if you don't trust a program you will block on all locations, but if you trust a program you may want to only allow on private networks.

    Anyway, like I said, I have only selected "Private" in the option "Specify the locations for wich a new rule is applied when creating a new rule" and when I am connected to a public network and the notification appears I manually selected public network to block that program in public network.
     
  11. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    41
    Combining questions to condense:

    1.) What do others do or what's suggested as far as blocking/allowing Windows programs/services like:

    • smartscreen.exe
    • SIHclient.exe
    • lsass.exe
    • dashost.exe
    • svchost.exe DNSClient (DNS is working without approving this from going through, so not sure what/why this is)
    • Windows store
    • System port 137
    • ...etc.
    2.) Looking through the blocked connections log, I'm finding random entries of a program that was blocked despite it already having a rule that's set to allow it (and the rule has been working). Also, on the rule, there's no restriction as to any profile or adapter, either.
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,592
    Location:
    Canada
    the following are remote ports:

    smartscreen.exe: https (443)
    SIHclient: https (443)
    Winstore.app.exe: https (443)
    DNS: UDP 53, whatever your DNS servers IP addresses are
    System: try blocking
    lsass: try blocking
    dashost.exe ??

    when you allow svchost.exe in Windows 10, assuming that's what you're running, it will allow all services it hosts. Just for the record, I use a different firewall than Binisoft's, but that doesn't change how these processes should be controlled.
     
  13. FrankBlack2

    FrankBlack2 Registered Member

    Joined:
    Apr 4, 2019
    Posts:
    2
    Location:
    FL, US
    Hello,
    I have 5.4.0 and have the problem where cpu is high for a while sometimes, task manager shows "Windows Firewall Control Service" taking 30-40% of my cpu for a long time. What is it doing, and what can I turn off so it doesn't do this? Overall I love WFC as it does just what I need, but just need to figure this one thing out.

    Thanks.
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    All dropped packets all logged in the Security log, even if they are blocked by Windows Filtering Platform or by a 3rd party software as a result of using a web filtering module. This might be one reason. For example, you have an allow rule for a software but it tries to connect to a blacklisted domain/IP. The connections will be blocked and will appear in the Security log. Unfortunately, we can't identify the source of the blocking, who blocked it because such info is not logged.
    If you disable the Notifications system, the CPU usage will reduce. Check the Connections Log and if you have a software that tries to connect over and over (hundreds of connections in a few seconds), that one may increase the CPU usage. Also, check your rules list. If you have more than 1000 rules (several imports) then Notifications system will iterate through each of them when searching for matching rules. Having less rules is better because less processing resources will be used.
     
  15. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
      • The best way is to blocking the network for the svсhost.exe completely, including the DNS, and for Firefox, Thunderbird, Skype ets to create individual DNS rules. And you also need to stop and turn off the dnscache.svc. If there is no local network, ports 135-139 are also blocking.
     
    Last edited: Apr 5, 2019
  16. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,998
    you cant disable DNS service for windows 10 without losing net access. ofc you can limit it to local network which makes sense.

    nevertheless i miss a lot while trialing WFC on windows 10 instead sphinxsoft, in special zones and the auto-logging without pressing F5 to renew. i dont think it will match my needs where are not much but has to the right ones.
     
  17. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
    You can disable DNS service for windows 10 without losing net access. Try this steps.
    Make backup your firewall rules.
    Completely blocked the network for the svchost.exe, including dns on port 53.
    Stop and turn off the dnscache.svc.
    Be sure to restart the computer! It is important!
    After reboot, make sure that the dnscache.svc is disabled.
    Create individual dns rules on port 53 for programs.
    Everything works very well on Windows 10 v1809, 8.1, 7. With Windows brandmauer, or Windows Firewall Control, or Outpost, or Comodo.
     
    Last edited: Apr 6, 2019
  18. Hrki

    Hrki Registered Member

    Joined:
    Apr 6, 2019
    Posts:
    1
    Location:
    Balkan
    WFC sometimes don't start automatically. It's strange because sometimes start and sometimes wont.

    When i start manually then i cannot minimize (or its minimized but don't display icon) it on tray.
     
  19. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,998
    i am pretty sure you have an explanation for this.

    please stop telling lies about dns.cache.
    windows 10 1809 current & enterprise, and ofc full (!) admin rights
     

    Attached Files:

  20. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
    :'( :argh: Herr Brummelchen, I could not fool you, I really do not have the Internet on Windows 10 v1809, so I am now writing on the... calculator Sitizen :'( :argh: You have no knowledge to stop the service, and I'm lying? Let me teach you, but watch your hands carefully, otherwise you will be deceived :argh:
    Go to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache and on the right side for Start set the value 4. Then reboot. Next boot Dnscache is stopped and disabled.
    2.png
    Or try this from command prompt as admin reg add "HKLM\SYSTEM\CurrentControlSet\Services\dnscache" /v "Start" /t REG_DWORD /d 4 /f , then reboot...
    To return to the original state, change the value to 2.
    Do this and rejoice that we were able to disable a large stream of telemetry. All this information can be freely found in Google.
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,592
    Location:
    Canada
    @aldist,

    not trying to stir the pot, but after disabling DNS Client, svchost.exe still connects as follows:
    Code:
    2019:04:06|17:56:27|Allowed|2|IPv6 UDP [2606:4700:4700::1111]:53(61966)|Host Process for Windows Services|HostProcess(svchost)+Updates/DNS Cloudflare01 - IPv6 OutgoingV6|C:\windows\system32\svchost.exe
    I also have rules for 1001 IPv6 as well as two rules for IPv4. However, it doesn't connect to any of these. Disabling the DNS Client works for the most part in my setup, Windows 10 v1809, with the exception of the one connection I have shown.
     
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,998
    idd you did. i ever considered this as a backup.fail! thank you.
    the problem i have - i never had any 002 set - what will be restored?
    https://web.archive.org/web/20150217152952/http://support.microsoft.com/kb/100010
    dns queries need to be done, with or without cache/service.

    not sure how we got to dns here. i uninstalled WFC again because its not usable this way for me and installed sphinxsoft again.
    sadly resetting firewall rules to default (not to the state before install) bombed (again) my connection. but i think this is windows, i have to re-enable file access for lan. (not in network settings, in firewall settings!)
     
    Last edited: Apr 6, 2019
  23. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
    DNS queries will be executed by specific applications, you will create allowed rules for this, for example:
    Firefox.exe: allow UDP out, local IP any, local port any, remone IP 8.8.8.8, 8.8.4.4 (this is Google DNS servers), remote port 53 (This is DNS rule for Firefox).
    Firefox.exe: allow TCP out, local IP any, local port any, remone IP any, remote port 80,443
    Skype.exe...
    Thunderbird.exe...
    ...etc.
    Yes, this is bad, it is categorically not recommended to use the default rules from Microsoft.
    In vain you abandoned the use of WFC, he is very friendly and the best.
     
  24. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,998
    i did a backup before and compared with my second computer after import. so i was prepped :D
     
  25. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    154
    I don't like that in this new version (6) when we open WFC it defaults to the "Dashboard". Every time i open WFC (few a day) is to switch to Low Filtering for some minutes and this takes me an extra click.

    Is it possible to make it so at least it remembers the last tab we were in instead of forcing me to always switch to the desired tab?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.