Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    551
    Location:
    Switzerland
    Thanks for all the interesting infos!
     
  2. ktman

    ktman Registered Member

    Joined:
    Nov 27, 2019
    Posts:
    2
    Location:
    Sver
    I recently installed Windows 10 1909 (was using years old image without updates) and restored my years old firewall rules.
    everything seemed ok, until I noticed that when I'm connected through VPN everything goes through firewall, disregarding any rules.
    Using WFC 6.0.2.0. at medium filtering.

    https://i.imgur.com/f5r4hZD.png
    https://i.imgur.com/mZTjesk.png
    whether the rules are undefined or blocked this functioned similarly for both states, VPN and without. Direct access works as expected.
    Now firewall basically disabled when connected to VPN .

    VPN Tap adapter shows unidentified though that might be ruling it in neither public nor private networks but even with assigned IPs and trying both locations gave same result, all passing through all directions.
    https://i.imgur.com/9r7H9JD.png
    Tried resetting firewall rules to minimum, to default, recommended same problem persists.
    is this something specific newer versions of Windows Defender Firewall and or is there some misconfiguration on my part
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    The problem is the way NordVPN works. All the traffic is redirected through their own driver therefore Windows Firewall does not filter the traffic anymore. If the VPN is allowed everything is allowed. Ask the developers of NordVPN how to configure their software work with Windows Firewall when outbound filtering is enabled in Windows Firewall. I tried AirVPN and TunnelBear and they worked as expected with Windows Firewall. WFC has nothing to do with this. The problem is the incompatibility with Windows Firewall. One more thing that you could try is to configure the VPN connection at your router level (if it is possible) and then use Windows Firewall to allow/block access at application level.
     
  4. ktman

    ktman Registered Member

    Joined:
    Nov 27, 2019
    Posts:
    2
    Location:
    Sver
    tried vpn with openVPN tap and it also worked as expected.
    this is not a viable option since I switch between direct and vpn .

    P.S. Thanks for input and development :)
     
  5. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    551
    Location:
    Switzerland
    Better info info about this module yet: there it's possible to add domains manually!
     
  6. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    Not exactly clear what do you want to say or ask.
     
  7. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    551
    Location:
    Switzerland
    @popescu

    Ok, sorry for the confusion.

    I try it again:

    My intention was to say, that the module in F-Secure is able also to add websites manually, additionally to the check via F-Secure cloud list. I would not like a solution via automatic cloud list (service) only. It's also possible to allow an automated blocked site (for ex. if it's a false positive).

    So, with such a module (it exist others too (as you can read above)) it's at least possible to block websites, additionally to IPs via Windows Firewall.

    If a system wide blocking is desired, you could block over the hosts file (for example).
     
  8. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    OK, but F secure will alert you about a connection to that website? Otherwise is very simple to block any connection on your DNS , setting it to 0.0.0.0

    But first you have to be aware about the website's existence....
     
    Last edited: Dec 1, 2019
  9. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    551
    Location:
    Switzerland
    @popescu

    For http it alert you even without extension, for https it give also alerts if you use the "Browsing Protection by F-Secure" AddOn (else it's blocked only). Additionally, it alert you on Google Search with a little status symbol.

    Here examples:

    Google Search ...
    Browsing-Security_Google.PNG
    Red cross = "This website is not safe."
    Question mark = "Website not analyzed (yet)."
    Green hook = "Website should be okay."

    After try to load a such site, here the alert ...
    Browsing-Security_Alert.PNG
    "Schädliche Website blockiert." --> "Malicious website blocked."
    "Diese Website wurde als schädlich gemeldet. Wir empfehlen Ihnen, die Website nicht aufzurufen." --> "This website has been reported as harmful. We recommend that you do not visit the website."
     
  10. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada


    I am sorry , but you did not understand anything from what we were taking about.

    The issue is not to block " malicious website" but to get the domain name (provided by the firewall) to which an applications tries to connect.
    Based on this info, you can decide to block the domain (rather then IP, which can fluctuate for the same domain)

    This is not possible to be dine in WFC
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    This is not possible in Windows Firewall itself. WFC has nothing to do with this.
     
  12. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    I know that, but without the possibility to figure out who is behind each and every IP and without the possibility to block /allow domains rather than IP (for applications using dynamic addressing) we just shoot in the dark , blindly allowing or denying requests.

    In this scenario, with or without firewall will not make any difference.
     
  13. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    131
    For what it's worth, Emsisoft Anti-Malware includes a very competent and customisable Surf Protection module. You can manually add any hostname you like to block -also from a text file- with no performance hit. It can also accept IP addresses but is really optimized for domain names (best to use the WF/WFC for IP blocking), so it works well alongside the WF/WFC.
     
  14. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    551
    Location:
    Switzerland
    No problem :) and again, sorry for the confusion, was not my intention ...

    Those infos were for the case you have the domain name(s) already (for example after analyze with DNSquerySniffer or something like that). Also the alert is always the same after blocking (regardless a site is really harmful or just blocked for another reason).

    I made those infos EVEN because it's not possible to do that with WFC (Windows Firewall). My intention was to show ONE way to handle domain names too - outside of WFC (Windows Firewall).
     
  15. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    That is nice, but first you have to be aware about the intention of a program from your PC to connect to that host. If you do not know the host , how are you going to block ito_O?

    And if you want to block a host , there are a lot of free "Host editors"
     
  16. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    551
    Location:
    Switzerland
    Yes, sure - I have other so called "host editors" too. That was only ONE possibility. The advantage of this solution related to internet browsing CAN be, that this module retrieves also domain names from a cloud - so there is at least a chance that for ex. a harmful domain is already blocked automatically BEFORE a program tries to connect a such destination.

    My suggestion for generally programs (thanks for other postings in this thread too about this, so I can make a suggestion now hopefully) is as following to prevent undesired outgoing connections:

    1) Block "all" outgoing traffic (medium filter in WFC).
    2) Check a related notificiation - if necessary also the connection log - then you have the IP(s).
    3) If necessary try to find out the domain/host-name - for example via DNSquerySniffer (not recommended via Reverse DNS, because you can't properly find out the right hostname in certain cases).
    4) Block this/those IP(s) and if necessary the domain/host-name too via a "host editor" of your choice.
     
    Last edited: Dec 3, 2019
  17. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada

    Yes, these are the required steps:

    But:
    1. there are programs which will use dynamic addressing; in other words , for same ***.exe you can get 20-30 IP. Who has time or desire to investigate all of them , only to notice that next week these changed?


    If you still have access to a Win 7 PC, install PC Tools Firewall Plus 7.0.123 and you will see how a real firewall is supposed to look like.
     
  18. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    551
    Location:
    Switzerland
    Yes, I know, that IS then difficult to handle.

    I had - in earlier times here - installed (and tested) different firewalls including such with stateful inspection and others with packet-filtering, Personal Firewalls (Desktop Firewalls) (for ex. CHX-1, Outpost, Comodo, ZoneAlarm, Norton, etc. etc.) and external Hardware Firewall (Zyxel). Unfortunately not PC Tools - however: after I read some things about it, I can more or less imagine how it works.

    Just - FOR ME PERSONALLY - I decided that my "bundle" Windows Firewall plus WFC in combination with F-Secure (including the HIPS via DeepGuard) plus some other "tools" (like uMatrix & uBlock) is enough FOR ME for my DESKTOP PC.

    Additionally I have also a (dynamically) network based solution via DNS Servers between Provider<->Router in use (Internet Guard), which can block sites as 1st level defensive (a such site can be de-blocked manually if desired).

    Then a router with NAT resp. separated firewall in use which controls some things as personal 2nd-Level-Defensive.

    That means that some traffic will not even reach my LAN (hopefully). Those steps protects also other devices here, like Game Consoles, till to a certain level.

    However: I am not naively - in many cases, the "attack" exist first, then it's known and THEN such a blocking is working finally. Fortunately in some cases, an unkown "attack" can avoided because the traffic is "unusual" resp. suspicious or similar.

    I would NEVER say that this is the best or only solution or something like that. Also, I would never say that my solution is perfect - it's enough good for me currently, that's all.

    PS: Hopefully not too much off topic, I wrote it just to make clear, that my security concept is not only Windows Firewall plus WFC ...
     
    Last edited: Dec 3, 2019
  19. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    131
    It'd be great if a dark-theme interface could make it into WFC. :geek:
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    Try a high contrast theme in Windows and WFC will be magically dark-themed :) This UI change does not add any value to the software and will be hard to get this approved. Sorry, but it will not be done any soon.
     
  21. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    63
    While using a network tool like Fiddler (Fiddler sets the system proxy to itself while it captures), is it normal/expected behavior for all firewall rules to basically go out the window except for Fiddler's, no longer being adhered to, all programs now able to flow without restriction through Fiddler's "phone line"?

    I guess it comes down to where in the stack ordering or pyramid are firewall rules implemented: before or after system proxy'ing. In my current case, it seems that all programs are able to freely interact with the system proxy without restriction even if they have a specific firewall rule forbidding any network inbound/outbound activity. If that's the case, then that means that while using Fiddler, it basically negates your entire firewall, and should be mindful of.

    (...which if this is the case, I'm not complaining about if that's normal, just wanting to understand for clarity, and make sure something isn't malfunctioning on my end)
     
  22. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    131
    Ok, no worries - thanks for the reply. High contrast themes look God-awful. :cool:
     
  23. al3xwild

    al3xwild Registered Member

    Joined:
    Dec 7, 2019
    Posts:
    10
    Location:
    where the streets have no name
    hi ^^

    i'm still using the 5.3.1.0 version on win 10 1903 without any problems.
    Are any security problem if i'm using this version ?
     
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    This is expected behavior when using a proxy which 'hijacks' the network packets. Windows Firewall rules are not applied anymore since all the traffic appears to be made by the proxy, not by the original software.

    I will put this on the list of required features, and at some point it will implemented.

    No problem at all.
     
  25. al3xwild

    al3xwild Registered Member

    Joined:
    Dec 7, 2019
    Posts:
    10
    Location:
    where the streets have no name
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.