Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    140
    That is some of the limitations that WF has among others.
     
  2. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    205
    Location:
    Canada
    So, basically is useless as more and more programs are using dynamic IP's ( a good example is Windows update)
     
  3. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    140
    What computer security experts preach -I don't make names, I speak in general- is that the windows firewall is enough and the reality is that it is a colander.
     
  4. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,671
    Not in Windows Firewall.
    Domain allowing/blocking is not easy to build but Sphinx engineers did it. Incluedes syntax for wildcards.
    So if you are really interested, take a look at Sphinx firewall which has it. Good for Windows 7, 8, 10, Vista and XP.
    http://www.sphinx-soft.com/Vista/index.html
    Its official name is Windows 10 Firewall Control and there's a thread here about it. Also there is a good, helpful, forum:
    https://www.tapatalk.com/groups/vistafirewallcontrol/
    with downloads list on this page
    https://www.tapatalk.com/groups/vistafirewallcontrol/the-latest-betas-releases-t6.html

    Hope my answer does not violate forum's A vs B rule as I don't mean it as such, it's just FYI :)
     
    Last edited: May 20, 2020 at 10:25 PM
  5. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    518
    Location:
    Lunar module
    Outpost Firewall also works with domain names.
     
  6. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    501
    Location:
    Switzerland
    And hostnames/domainnames can also change - more or less dynamically too - and even on the top level. An example are cloud services, which are related to your location. Or if a domain name is blocked (for ex. because it's a malware site), they will change probably the domain name too) - the probability is also high that they will start with MANY domain names to spread the malware as much as possible overall ...
     
  7. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    205
    Location:
    Canada
    So , basically what are you saying is having a firewall adds ZERO value to your security concept.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,652
    Location:
    Among the gum trees
    Please, can this thread not go down that road again. Thank you.
     
  9. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,083
    Location:
    Member state of European Union
    Generally something must be static or at least generated in pre-determined way. Without it malware would not know where to connect at first launch. It may be IP address, domain name or onion address (Tor). There may be exceptions for that for some specific malware cases, but most malware does that this way.

    @alexandrud
    Can WFC use file with multiple IP addresses, IP ranges or CIDRs to create rule? Let's say I have text file with 5,000 IP ranges (5 thousand). I would like to create rule(s) that blocks incoming connections from these. Could WFC do that for me? Something like:
    https://serverfault.com/questions/6...dress-ranges-en-masse-performance-considerati
    https://stackoverflow.com/questions...ple-remote-address-to-firewall-rules/35367349
     
  10. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    518
    Location:
    Lunar module
    No. This is possible from the command prompt or PowerShell if you disable rule protection in WFC. Like this https://www.youtube.com/watch?v=CX-T3gY3Rdg
    Or download SEC05 https://blueteampowershell.com/ and see \Day4\Firewall\Import-FirewallBlocklist.ps1
    @alexandrud
    Icons of the color corresponding to the applied action will improve the user's understanding. The user first sees, and only then reads.
    ScreenShot_19.png
     
    Last edited: May 22, 2020 at 6:26 AM
  11. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    501
    Location:
    Switzerland
    Yes, that is of course fully right in this sense.
     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,866
    Location:
    Romania
    I would advise against firewall rules that contain so many IP ranges because each rule is evaluated on each connection. Parsing a big list will increase the CPU usage. I don't even know if Windows Firewall API can take such a big parameter list. Anyway, such inbound block rule is not even required. By default, any inbound request that is not permitted by an allow rule is blocked. Defining a block rule is useless in this case, unless you created an allow rule to allow all inbound connections which would be a bigger mistake from the start.

    I will give it a try.
     
  13. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,083
    Location:
    Member state of European Union
    Ideally it would be one rule with big list/set of IP ranges inside. Something like ipset for iptables (Linux, deprecated in favor of nftables) or Tables in PF (OpenBSD). Searching ipset or pf's table is very fast regardless of its size.
     
  14. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    140
    It is Windows FW alone it is disastrous but with a manager like WFC it fulfills the basic function of a Firewall.
     
  15. Bsrco

    Bsrco Registered Member

    Joined:
    May 18, 2020
    Posts:
    2
    Location:
    australia
    Heya all,
    I'm having an issue where i can't get any customize rule or properties panel to show.
    There are two main types of "System.Windows.Threading.DispatcherUnhandledExceptionEventArgs was caught" errors in the WFC event log

    Exception: System.ArgumentException: An item with the same key has already been added.
    and
    Exception: System.NullReferenceException: Object reference not set to an instance of an object

    Each have params of various lengths throughout the log, it's kind of consistent though. Now I've reinstalled WFC clearing all reg keys as suggested as a solution to the first exception way back in this thread.

    My Windows 10 is in Windows Insider mode, so i have a feeling it may be related to an update. or worse, some .Net files are corrupt and require reinstalling which requires a bit of effort. Running Win10 Pro, version is 10.0.19041 Build 19041.

    Anyone have any thoughts? I'll attach the event log for further info.
    Thanks!

    https://drive.google.com/open?id=1y6G06YyozEBNB416CsiKV9uQwlKkVSgp
     
  16. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    76
    Feature Req: wild card blocking for executable names or software, for example, *installer* *.msi
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,866
    Location:
    Romania
    Mostly a .NET update. It was reported before but I could never reproduce it on my side. When the Properties dialog is opened it takes as argument the selected rule. For some unknown reason the selected rule appears to be null when launching the Properties dialog and this is why it is not displayed. I wish I could be able to reproduce this to see what is going on but unfortunately I can't.
    Wrong place to ask for this feature. Windows Firewall is developed by Microsoft and they should be able to add wildcards support. WFC can't add support for this.
     
  18. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    76
    Sure you can, you don't need microsoft windows firewall to support such a feature; for example, windows firewall does not have temporary rule or secure boot features, you added that to WFC yourself. you can make WFC automatically whitelist or blacklist based on a filename rule. That doesn't mean you will, or will want to do that, but don't lie to yourself or put limits upon your own creative potential. You can accomplish anything you put your mind to.

    Such a feature can help improve productivity. And help prevent malware potentially... if you can block based on folder as well, for example, %temp%
     
    Last edited: May 23, 2020 at 6:23 PM
  19. Bsrco

    Bsrco Registered Member

    Joined:
    May 18, 2020
    Posts:
    2
    Location:
    australia

    Blah. I was hoping it was something else. down the .Net repair/revert rabbit hole i go.. weeee!

    Thanks for the response though. Good to see an active dev helping people out!
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,866
    Location:
    Romania
    When you use Medium Filtering (outbound filtering enabled in Windows Firewall) anything without an allow rule is by default blocked. Creating block rules with this profile makes no sense and just clutters the rules list. When you use Low Filtering (outbound filtering disabled in Windows Firewall) anything without a block rule is by default allowed. This mode that automatically blocks certain wildcards would work by checking the recently allowed connections and creating block rules based on the wildcards defined. Or, if you are after blocking things, then you should not use Low Filtering profile in first place. For this reason, I will probably not implement this feature.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.