Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    505
    Location:
    Switzerland
    @popescu

    You said your Adobe program uses svchost.exe to check for update ... BUT: are you sure it uses the the "C:\Windows\System32\svchost.exe" (or from related System32 path) and NOT for ex. "c:\program files\svchost.exe" or something like that? Because that would (highly probably) mean, it's NOT the Microsoft svchost.exe ... just for clarification ...
     
  2. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,154
    Wouldn't that be malware behavior in that case? That sounds worse.
     
  3. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    505
    Location:
    Switzerland
    @Azure Phoenix

    Yes, that would mean it's malware or AT LEAST "undesired".
     
  4. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    Yes, it uses this svchost.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,566
    Location:
    The Netherlands
    OK thanks, I downloaded it via oldversion.com and installed it via Sandboxie. When I wanted to update, SpyShelter alerted me that AdobeARM.exe wanted to communicate with svchost.exe, it's related to interprocess communication. I do sometimes get to see this alert from legit apps, but never really thought that it might be used to bypass the firewall.

    But anyway, AdobeARM.exe couldn't connect out on my system, even if I allowed interprocess communication. But I can't say if it was blocked by WFC/TinyWall or that Sandboxie simply blocked it from communicating with svchost.exe. But it seems shady, so it's best to dump Adobe Acrobat in my view. And like I said, get yourself a good HIPS.
     
  6. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    And after that, what? Dump Office, dump this, dump that? It happened to notice this behaviour on Adobe, but who knows how many other programs employ the same technique.

    What is a good HIPS? If you set a HIPS to alert you, in short time you will be inundated with alerts and you will not know what to allow and what to deny...

    Truth to be told , there is no practical firewall on the market right now and we try to improvise a workable solution...
     
  7. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    213
    Location:
    Bulgaria
    It's weird but yesterday blocking AdobeARM.exe did the job and prevented Adobe Acrobat Reader DC for checking for updates. Today, despite it was still blocked it was able to check for updates. Running currports shows that AdobeARM.exe is indeed using the svchost.exe (the one used by BITS and wuauserv => C:\Windows\system32\svchost.exe -k netsvcs). Comodo didn't react but this is probably because I am lazy and didn't disable the Cloud reputation service and AdobeARM is trustworthy. I created a custom rule for svchost.exe and I was able to block it without breaking the windows updates. Adobe probably use this method to check not only for updates but maybe the license as well? I am using the free version anyway. Also bitsadmin /reset /allusers returned 0 out of 0 jobs canceled.
     
  8. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,472
    Location:
    USA
    I had a problem with Macrium Reflect (happened after last update) that resulted in my having to reluctantly install and run Windows Repair from Tweaking.com. It cost me a lot including re-installing mail program along with other headaches. I did get things up and running, but WFC is not showing in taskbar. It seems to be running. Customizing task manager indicates it should be showing. Something maybe to do with Malwarebytes? Any ideas?
     
  9. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    uninstall and install version 5.4. (pre-malwarebytes)
     
  10. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,472
    Location:
    USA
    Thanks for response popescu. Cannot locate a safe 5.4 download. Must be another way to fix this.
     
  11. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    301
    Location:
    Canada
    Think it's time you make your own forum topic about this off-topic garbage that has been going on for weeks, this has nothing to do with WFC, so stop bumping this thread.

    Alternatively just block/ignore the nut popescu and he might just go away.
     
  12. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    You can do that but this will not fix the major flaw in WFC which makes the product worthless.
    I repeat, WFC is intended to change the original functionality of Windows Firewall ( block ALL inbound and allow ALL outbound ) and to make it an "user friendly" firewall.

    Unfortunately, the original Windows Firewall is not suitable to be an authentic firewall.
     
  13. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    301
    Location:
    Canada
    WFC does exactly what its purpose is and does it 110%, it never claims to be anything else other then a frontend, if you have issues with the firewall, then make a new topic.
     
  14. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    Not exactly...

    WFC is creating the illusion that the existing "Windows Firewall" can be used as an authentic firewall. And because is free now, a lot of innocent users will use it believing that now they have full control on which app. from their PC can or cannot connect to the internet.

    Which in fact is not true.
     
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,785
    Location:
    Canada
    @popescu

    WFC does not purport to be anything other than a tool that extends the functionality of the Windows native firewall, to make it easier to manage as well as add some new features - none of which imply to be related to HIPS.

    If you use a bit of ingenuity, you can indeed enforce tighter rules on svchost.exe, so that Adobe can only connect to its specific server(s). Think about it for a moment: all Adobe Pro is doing differently than most programs checking for updates, is it's piggybacking on svchost.exe. That's it. If it bothers you, try tightening the rules on svchost as I suggested already, ditch Adobe, or use a firewall that has built-in HIPS.
     
  16. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    You got me wrong, this is not what bothers me. Adobe was one program for which , by luck, I was able to notice a strange behaviour; I had a button"Update" which I can press it and , from here, the whole story.
    Can I create a rule for Adobe o_O Absolutely... Why? Because I am aware about this strange behaviour.

    Can i create a rule if I AM NOT AWARE ABOUT A STRANGE BEHAVIOURo_O Most likely not.

    If you have a malicious software on your PC, undetected by your antivirus, which will employ a similar technique to communicate with the outside world, you will never know , and you cannot create any rules to block it because you do not know about it, hence the futility of WFC.

    I cannot be clearer than that.
     
    Last edited: Feb 17, 2020
  17. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,154
    @popescu

    So, the problem for you is that Windows Firewall doesn't have any sort of IDS or any way to detect malicious traffic? And that WFC doesn't do anything to improve it in that regard?
     
  18. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    The traffic is not "malicious" per se, is just different kind of traffic; not all traffics have to be clearly visible or easy to intercept, however the purpose of a firewall is to be able to do so.

    Windows firewall was never able to do that. But WFC creates the illusion for common user that this is possible.
     
  19. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    94
    Location:
    Here
    Rasheed already stated his setup successfully prevented adobe from updating via BITS, so maybe you have your answer, layers of security. The functionality of one product mitigating or hopefully eliminating the weaknesses in another. If you don't want to install extra software alongside a firewall you'll probably find a security suite out there that will do the job of multiple tools (usually with the resource usage to match).

    Truth is if you have malicious software on your PC and your only defence is a software firewall then it's game over anyway. The only software firewall's that have a chance against complex malware are the security suite types that have the extra functionality people are suggesting you install as seperate programs.
     
  20. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    518
    Location:
    Lunar module
    Disabling the DNSCache service and complete Internet blocking for svchost.exe, or continue dancing on rake :'(
     
  21. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    ...or do not use WFC anymore as will add ZERO value to your security package.
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,869
    Location:
    Romania
    We got it, Windows Firewall sucks, WFC sucks, Microsoft sucks, everyone is deaf and doesn't want to hear the truth. You made your point. Please try to shed some light also to the innocent folks from the TinyWall topic, SimpleWall topic. They are plagued with the same illusion of security since they are all using Windows Filtering Platform, the same way Windows Firewall does it.
     
  23. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    94
    Location:
    Here
    Also remember folk's, anti-virus is often trivial to bypass and is therefore not an additional layer of security, so make sure you uninstall it. HIPS products are too complicated for the "common user" and it may lead to frequent popups, so uninstall that also. Sandboxes can often be bypassed with zero-day OS exploits so they're out too unfortunately. Everyone uninstall any software that either requires a small amount of thought and research to configure/maintain or may have weaknesses if installed on it's own. If you have software that can be configured to add very strong protection then... "who has time for that?".. uninstall.

    This coming from the same person who said:

    So arguing for people not to use WFC because it adds no value while being happy to use a computer with no firewall at all. Okay :thumb:
     
  24. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    518
    Location:
    Lunar module
    popescu there is a troll and flood generator, in other forums it would have been banned 10 times already. Just don't respond to his comments.
     
  25. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,154
    Personally, I fail to see how popescu is a troll simply because he disagrees with the majority here.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.