Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    776
    Location:
    North of the 38th parallel.
    Hello @Roberteyewhy

    @alexandrud may have much better and more appropriate advice. However, please read the https://support.malwarebytes.com/docs/DOC-1144 document and consider adding a startup delay to MB3 Real-Time Protections while Malwarebytes WFC is performing its startup housekeeping.

    If you do consider using the above technique, please update this thread with your experiences. Thank you.
     
  2. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    490
    Location:
    US
    Thanks,1PW. Will try. Yes, hoping to hear from alexandrud.

    Just cannot understand why after all these years this is occurring:eek:.

    Robert
     
  3. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    490
    Location:
    US
    Delayed MBAM startup. Restarted 3 times and no problems with MWFC. Will monitor and post accordingly.:thumb:

    Did not even dawn on me that MBAM was the culprit. Still have no clue why this is happening though.

    Thanks,
    Robert
     
    Last edited: May 28, 2019
  4. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    776
    Location:
    North of the 38th parallel.
    Hello @Roberteyewhy

    You may not wish to consider MB3 as a culprit but perhaps a momentary competitor for a common resource.

    Please try adjusting the startup delay time for MB3 Real-Time Protections downwards over the period of many days to see what minimum delay time is reliable. When you are confident with that new minimum working delay time, please post your results. This may ask the question if Malwarebytes WFC would benefit from a similar option...

    Cheers

    cc: @alexandrud
     
  5. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    490
    Location:
    US
    Already at the minimum of 15 seconds. I have nothing but errors in Event Viewer for MWFC. "Cannot connect to MWFC service. The service is not running."

    If MBAM does not show in the Systray before MWFC on restart, same problem.

    Thanks,
    Robert
     
  6. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    115
    Found out that those rules can be brought back in one go, with the PowerShell command found here. I did this yesterday but don't remember which one of the two it was.
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,768
    Location:
    Romania
    Please consider (M)WFC a total different software from MBAM, even if they are coming from Malwarebytes. WFC was just rebranded visually and is not integrated in any way with MBAM. Any protection module from MBAM may interfere with the startup of WFC. You can also set the startup of MWFC service to delayed startup and check the result.
     
  8. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    490
    Location:
    US
    Thanks, alexandrud. Running MWFC now. Have done the delayed startup (15 sec.) as suggested by 1PW. Sometimes it works and sometimes it doesn't. I thought that if MBAM loads in the Systray before either WFC or MWFC that both would work, but it's a crapshoot.

    What I do not understand Alex, is that for years I have run both MBAM and WFC together (no Delayed Start) with absolutely no problems. Then for a about a week, this has occurred with both MWFC and WFC and with backup images too. Those images when made, WFC worked perfectly...wouldn't make an image without testing first.

    Anyway, I have figured out a workaround as posted in page 201. Tedious but effective.

    If I figure this out, I will post...

    Thanks to you and 1PW,
    Robert

    P.S. Still an excellent software!:thumb:
     
    Last edited: May 28, 2019
  9. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,783
    Location:
    Europe then Asia
    so what about the integration? was the main promise.
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,768
    Location:
    Romania
    What are you talking about? There was no promise, there was no plan for any integration. Parts of WFC will be included at some point in other MB products, but in the cloud corporate products. We will never see a MBAM+WFC together into the same product.
     
  11. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    490
    Location:
    US
    Good!

    Robert
     
  12. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    905
    Would have been better if this had been more clear. Since if you go to the Malwarebytes forum some users were expecting WFC to be integrated into MBAM.
     
  13. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,783
    Location:
    Europe then Asia
    +1 and even here.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,784
    Location:
    The Netherlands
    BTW, I have not installed the newest version yet, but I still wonder why WFC sometimes can't add an allow rule for apps that are running sandboxed with the help of Sandboxie. I'm talking about the "click on a program window to allow connecting" button. It sometimes works, sometimes it doesn't. Can you take a look at this? Perhaps you can install Sandboxie and try to install a couple of apps with the "Run Sandboxed" context menu entry.
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,768
    Location:
    Romania
    I will take a look at this. Does it happen randomly with some programs? Can you reproduce it with a specific application?
     
  16. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    156
    Location:
    Poland
    @Umbra
    yes corporate surveillance business is never going to end, that's why we have exploited backdoors in routers, or stuff like Intel AMT
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,784
    Location:
    The Netherlands
    I have just tested it. I can't add an allow rule for Opera, but it does work with Sumatra PDF. The allow rule for Opera shows up in red text in the Rules Panel. I think I reported this issue in the past, but I can't remember what the end conclusion was. Perhaps some problem with inter-process communication?

    https://www.opera.com
    https://www.sumatrapdfreader.org/free-pdf-reader.html
     
  18. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    115
    I'm having trouble with updating/installing Store apps lately. I think the current recommended WFC rules are not enough (if all else is blocked). Adding port 80 to the "WFC - Windows Update/svchost.exe" rule (instead of just 443) seems to help things a lot. Perhaps I've made a few more tweaks/additions but I can only remember this now.
     
  19. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,449
    Location:
    Canada
    Yes, svchost needs remote port 80 to Microsoft update server. There's a list of MS update server domain names here:

    -https://social.technet.microsoft.co...indows-update-servers?forum=winserversecurity

    You may know this already, but keep in mind "http" is remote port 80 while "https" is remote port 443
     
  20. Woobiee

    Woobiee Registered Member

    Joined:
    Jun 25, 2019
    Posts:
    1
    Location:
    Europe
    Hello people, I need a little help with creating rules for DNS query since I had to disable the "DNS Client" Windows service, because this service when startup its always at 30% of CPU Usage and until not finish the work internet cannot be accessed.
    This happen because I have a big HOST with more than 40K entries and for some reason DNSCache service read the file everytime windows startup, so after own search people recommend disable this service with such a big host file.
    But, since I use High Filtering (Block Inoubound/Block Outbound) I saw I need to create a UDP 53 rule for each TCP 80, 443 I have, becaouse with the service active all DNS queries happens throught svchost.exe so was good but now each application need and specific rule.
    So, I came with some approachs but I am not sure what its the best and I want to ask you to give me some recomendations.

    1-. Create a rule for each application for dns query, this would duplicate the rules.
    For example: WIndows Update rule is svchost.exe with TCP 80, 443, so I have to create a rule UDP 53, because if dns response its blocked the updates will not be retrieve. Same for firefox, if my firefox rule is TCP 80, 443 then need and UDP 53.

    2-.Create the rules for all ports, this might be less secure?
    For example. svchost.exe protocol any port any, firefox protocol any port any, and so on.

    3-. Create a "global" UDP 53 for any program, this might be more less secure?
    For example. one unique rule. UDP 53 program any. this might works like the dnscache service rule but more "open"?

    I have not great knowledge of this, so I might be wrong, thats why I ask, what would you recommed me for handle the dns reponses since I have to disable the dnsclient service?

    Also another question, now with the dnsclient disabled I noticed other windows process that try to get a dns response and get a connectin tcp 80 later that I never allowed on firewall because I never needed but I want to know if i should allow.
    Its is the lsass.exe widnows process sometimes this process try to get a connection but even if its blocked I didnt notice nothing get bad, I searched but i didnt found any info about this, so should i also allow lsass.exe tcp 80, 448 aswell dns.

    thank you. and sorry for my english hope you can understand me :).
     
  21. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    429
    Location:
    Germany
    Delete almost all third-party entries from Hosts, everything can be blocked in the firewall
    Yes
    No
    No
    In short, block access for him and other Windows processes.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,784
    Location:
    The Netherlands
    Have you already checked out the problem with Sandboxie, and were you able to reproduce it?
     
  23. don_dolarson

    don_dolarson Registered Member

    Joined:
    Apr 24, 2019
    Posts:
    5
    Location:
    Sweden
    Hello guys, again. This time I've problem with my USB stick connected to an ASUS router, and sharing content across my network as ftp with it.
    Which recommended rules should I let pass to skip turn off firewall everytime I want to acces my USB stick?
     
  24. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    490
    Location:
    US
    Does Windows Update now also need TCP Remote port 80 to connect? In other words, does your MWFC connect with just port 443.

    Win 10 Pro x64 1903

    Thanks,
    Robert
     
    Last edited: Jun 26, 2019
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,768
    Location:
    Romania
    I did not have time for it. I am involved in many other projects currently.
    Use WFC recommended rules or enable the rules from the groups named Network Discovery and File and Printer Sharing. These rules will allow your computer to access your network connected drive. If you prefer to do this manually, check the Connections Log and create the rules based on the recently blocked connections.
    Your question is about Windows Update or about WFC ? WFC uses only port 443 for checking for updates. Windows Update uses both, 80 and 443.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.