Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,880
    Location:
    Under a bushel ...
    Also Emsisoft, AdGuard, etc., etc., etc.? :rolleyes::isay:
     
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,083
    Location:
    Member state of European Union
    Does WFC can filter traffic based on account name?
    It will be not a problem if Windows would use one-binary-per-service, but unfortunately it is not.

    Does WFC can filter traffic based on account name or group account belongs to? One may block svchost from SYSTEM and Administrator accounts while working on account belonging only to account belonging only to users group. Malware infection most likely would infect this work account, because most things would be done from this account.
     
    Last edited: Feb 19, 2020
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,869
    Location:
    Romania
    WFC does not do any packet filtering and is not aware of any active connection.
     
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,083
    Location:
    Member state of European Union
    Ok. WFC uses Windows Filtering Platform. Does Windows Filtering Platform allow to filter packets based on user account name?
     
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,869
    Location:
    Romania
    WFC is just an alternative UI for Windows Firewall. Windows Firewall does the filtering based on the existing firewall rules. Windows Firewall is just an implementation over the Windows Filtering Platform. WFP is very capable but you have to call it by using C++. Maybe the author of Simplewall can answer this question since he took this route and he has more knowledge about this. His product talks with WFP directly from C++.
     
  6. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,974
    @popescu if I remember correctly, if a program uses a dll as a service to perform updates and other net activities it will connect under the svchost.exe name.
    The default allow rules (wf) do not have an svchost.exe rule for a reason... and if you create an svchost.exe rule for a specific service, windows firewall will warn you for the risks in doing so...

    @Rainwalker I have uploaded v5.4.0.0 and v5.4.1.0 here in case you still need it.

    Panagiotis

    edit: replaced (wfc) with (wf).
     
    Last edited: Feb 20, 2020
  7. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    The recommended WFC rules include a svchost.exe, wide open on TCP /80,443

    upload_2020-2-20_16-32-40.png
     
  8. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,974
    Sorry I meant wf instead of wfc. I never used the wfc recommended rules.
     
  9. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    Both downloads seems to be dammaged.
     
  10. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    163
    those versions are still available via binisoft official website

    5.4.0.0: https://binisoft.org/download/old/5400/wfc5setup.exe
    5.4.1.0: https://binisoft.org/download/old/5410/wfc5setup.exe
     
    Last edited by a moderator: Feb 20, 2020
  11. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,974
    Can you post a screenshot? On my end they download and extract correctly.
    after extracted
    v5.4.0.0 should have a SHA-256 hash
    FE81A44112861276AF83FDBCFE1A86BCD641DF93781D016D9B5978830FD011EF
    and
    v5.4.1.0 should have a SHA-256 hash
    8DD146F054D1667187D11D242E51877B480D69061695991573940BDE7F2D6285
    same hashes as those from the binisoft links @yeL posted.:thumb:
     
  12. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,472
    Location:
    USA
    Thank you folks. I have the downloads.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,501
    Location:
    U.S.A. (South)
    Same. Both in working order on this end as well. Thanks
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,785
    Location:
    Canada
    And you should know you can tighten that rule considerably. I've actually tried really hard to help you.
     
  15. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    56
    Location:
    Turkey
  16. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    518
    Location:
    Lunar module
    Individual rules for services, running through svchost.exe, worked in Windows 7, but did not work in Windows 8.1 and Windows 10.
     
  17. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    upload_2020-2-21_4-19-28.png

    tried both Firefox and Edge.
     
  18. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    518
    Location:
    Lunar module
    Update the version of the archiver!
     
  19. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    yes, this was the problem, thanks!
     
  20. Erastus Seymour Pott

    Erastus Seymour Pott Registered Member

    Joined:
    Jan 17, 2017
    Posts:
    11
    Location:
    UK
    BITS is often overlooked, but it is a very viable method of circumventing protections - https://attack.mitre.org/techniques/T1197/
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,785
    Location:
    Canada
    Solution: tighten firewall rules for C:\Windows\System32\svchost.exe

    Of course it's best not to allow the malware to run in the first place.
     
  22. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    Easy to say, impossible to do it.

    There is no way to "tighten" firewall rules for svchost.exe as long as you do not know who or what generated the request and who or what is on the other end of communication (IP)
     
  23. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,785
    Location:
    Canada
    You are wrong! I would suggest you spend some time and effort researching basic networking fundamentals.
     
  24. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    207
    Location:
    Canada
    I may be wrong, but this is what I found:

    This is an "official' answer from Microsoft


    "Hi,


    For security purposes, the IP address for the Windows Update web site constantly changes and it is not a fixed address. Also, there is no official publication of the IP addresses. We normally advise against defining IP addresses on the firewall for this purpose. Instead, we suggest either allowing all outbound connections to http & https ports or defining the DNS addresses as permitted destinations for traffic via the firewall.


    For up-to-date information about the IP's being used by Windows Update, use the DNS system, as this is the only reliable up to date source of information. If you use DNS, make sure the following destination hosts are specified:


    http://windowsupdate.microsoft.com

    http://*.windowsupdate.microsoft.com

    https://*.windowsupdate.microsoft.com

    http://*.update.microsoft.com

    https://*.update.microsoft.com

    http://*.windowsupdate.com

    http://download.windowsupdate.com

    http://download.microsoft.com

    http://*.download.windowsupdate.com

    http://wustat.windows.com

    http://ntservicepack.microsoft.com

    http://stats.microsoft.com

    https://stats.microsoft.com


    Thanks for your understanding.


    Best Regards

    Nina"
     
  25. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,974
    @popescu I do not understand this "debate".
    If you do not want dlls that run as services to connect through the "svchost.exe" name -> do not create a rule for "svchost.exe" (not even for specific services).
    If you do not trust a program that wants admin rights to install, you should not install it, in the first place.

    A program that runs with admin rights can modify/create/delete outgoing WF rules at will, and the only way to restrict it is by enabling the group policy (not available in windows home).
    http://woshub.com/windows-firewall-settings-group-policy/
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.