Windows Firewall Control (WFC) by BiniSoft.org

I'm having major problems with some connections still being blocked despite having set allow rules via WFC. The problems are Windows programs/services, such as "Microsoft Account Sign-in Assistant" and "Connected Devices Platform". The apps that I'm having trouble with are the Windows Store and "Your Phone" (Windows app to remote-access cellphone from desktop).

I've tried all combinations of blanket allow-all'ing each rule, manually setting source/destination IP's , ports, profile combinations, etc. They are still showing up as being blocked in the WFC connection log. The connections start working and I'm able to use the apps when I lower the firewall profile to "Low Filtering", which means there's no particular block rule they're falling under, rather, their allow rule is not being "seen" or considered for some reason by the firewall.

Any suggestions how I can troubleshoot this further, what to do/try/test next? I don't know what else to try, or how to go deeper at this point.

I'm confused, what are these? Are these rules that WFC doesn't see or have access to?

 

1. HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Windows Firewall rules are stored here. These are available through Windows Firewall API and these are visible and editable in WFC.

2. HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules
Here are stored Windows Store rules that are defined for specific user accounts. These rules can be removed.

3. HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System
Here are stored default service based rules, meaning some services may accept connections only on certain ports, other services may not receive or initiate any connection. These can't be deleted. They are loaded and applied before the ones from 1. Windows Firewall API does not allow access to these, therefore WFC does not display them. Anyway, these should not be modified by the user.

 

Thank you, alex.

Any suggestions on how I can find what's causing Microsoft programs/services to be blocked despite having allow rules set for these things? I suspect it may have something to do with my VPN that's installed (Mullvad), because the source-address changes in the Blocked-Connections log between my standard IP address + the Mullvad adapter address. But these blocks continue to happen even if Mullvad is exited and not running. So perhaps it's due to how Mullvad VPN has reconfigured the networking/adapters.

If that is the case, what should I do here? Some things I'm considering:

• Uninstalling/reinstalling WFC
• Uninstalling/reinstalling Mullvad VPN
• WFC: restore Windows firewall default set of rules
• WFC: restore WFC recommended rules
• Resetting Windows networking stack

The question is -- in what order should these be performed? Is this an issue at the firewall level? Is this an issue at the network stack level? Should VPN's be installed before WFC? After installing WFC?

Does anyone have any thoughts or ideas? I'd rather not have to start with a fresh set of firewall rules, but if that's what's needed to fix this, then I guess I have no choice.

 

Probably none of these will solve the problem. Installing/reinstalling WFC will do nothing since it does not filter any traffic. Reinstalling Mullvad VPN neither. I use Malwarebytes Privacy which is also based on wireguard protocol and it is not related. Unfortunately I do not use Windows Store at all and I do not have a solution. I just tried to install two free apps on my Windows 10 and I couldn't. I even disabled Windows Firewall and the same problem. I think it is related to the fact that I'm not signed in with a Microsoft Account, I just use a local administrator account. I don't think it is a Windows Firewall problem in my scenario since it is disabled and Windows Store still fails to download a simple app.

 

Hello @alexandrud ,
I have a problem when using this fine firewall without the WFC recommended rules. I skipped those, because they often include only the local subnet, even for outgoing rules. Anyway, with WFC rules skipped, I am not able to use Windows Update anymore. It is blocked entirely or WFC is asking but never saving my decision.
So the only way to run WFC securely is with the WFC recommended rules.

 

Here are some pictures to show that behavior:
https://abload.de/img/captureh3jgy.png
https://abload.de/img/capture2m8ki1.png

 

Maybe this post can help.

 

Thank you. I updated my links above. You can see there, I don't block any svchost.exe. So it is probably not the explanation.

 

I understand you don't block svchost.exe explicitly, but is it allowed as explained in my post ? When using Medium Filtering profile, what you don't allow by an allow rule is by default blocked.

 

Hello, long term user here. Thank you very much for this smart little software, I've been using it for ~6 years now

I just recently ran into an issue though, the first one which I can't sort out myself

I bought a game ("Grounded") via the Microsoft Store, firewall rules seem to have been created automatically. (Using "Application Packages")
Up on first start it still asked me to allow the games *.exe, I allowed it.

The game starts fine, but when I want to access the multiplayer it isn't able to log-in (silent return to main menu, no error message).
If I set the Firewall to "Low Filtering" it works fine. As you can guess this is not a solution.

Now, when I look into the connections log for blocked outgoing connections, the games *.exe still shows up, even though there is an "allow" rule for it.
The file path looks like this: "C:\Program Files\WindowsApps\Microsoft.Maine_1.4.14.0_x64__8wekyb3d8bbwe\Maine\Binaries\WinGDK\Maine-WinGDK-Shipping.exe"

After exiting the game and refreshing the connections log, the path to the program changed to something like this: "\device\harddiskvolume13\maine\binaries\wingdk\maine-wingdk-shipping.exe"

So I'm guessing the Windows Store apps are run in some virtual container?!

I also tried to create an "allow" rule for this path as well (which obviously isn't valid), but doesn't seem to work.

I also tried deleting all related rules and create them from scratch using the WFC User Guide and following the "How to allow Windows Store apps that have a different path after an update?" topic.

I tried with outgoing + incoming, still no success.

So I'm kinda running against a wall here and would appreciate the help.

(I'm currently disallowed to attach screenshots, otherwise I would have provided them)

 

I'm fairly sure I know the answer to the first question, but:

If I'm happy with the security (and privacy) of my machine and only want to block one program and it's updater I can create a block rule for that program, then set WFC to 'Low Filtering' and disable it from starting with Windows and my machine will work without issue, block that program and allow all else, right? I know I don't need WFC to do this but the GUI @alexandrud provides makes it so much easier for a neophyte like me.

With that setting, if I enable to check for updates, will it? Or will I need to update manually.

Thanks.

 

I started with fresh rules and I thought I will be asked for permission, so there is no need for creating any rules manually beforehand.
That is why I use this great program in the first place, right?
So what I don't get,
1. if I run Windows without WFC, Windows Update works obviously,
2. if I run Windows with WFC, but without the WFC default rules, Windows Update is not working, either there are no notifications shown or they are shown but decisions are not saved for the future.
(Seems to be dependent if the first checkbox is used:
https://abload.de/img/capturex4njz9.png )
3. if I run Windows with WFC, with the WFC default rules, Windows Update works.

Now if Number 2 is expected behavior (and not a bug) and you have to craft some rules manually beforehand, then I think skipping the WFC default rules shouldn't be an option at all, because it is problematic to run windows without a working Windows Update facility.

To be clear I didn't test this with manually setting the rule you have shown, because for me it is defeating the purpose of this program. If for diagnostic reasons you want me to do it, I can still try that.

 

Microsoft Flight Simulator has the same problem. Even if you allow the executable file from Program Files folder, this game is located on a mounted virtual drive when it is loaded. In this case the problem is Windows Firewall itself. I had a similar problem a while ago with rules created for files from a VHD file mounted to a local folder. Windows Firewall can't handle these paths properly, therefore any firewall rules for them would not work at all. Even if the user sees in Windows Explorer the mounted drive in a path like D:\mounted\games\my.exe, the actual path that Windows Firewall is using is not this one, but a path based on volume GUID. Unfortunately, Windows Firewall can't handle connections for virtual mounted drives and this is a fix that Microsoft should do.

It seems that this game uses a similar method which mounts a virtual drive and then runs the game from that location. There is no way to allow this in Windows Firewall while outbound filtering is enabled. You have to use Low Filtering profile so that it can connect to the Internet. In this way, Windows Firewall doesn't care about outbound connections (unless there is a block rule), therefore the game will be able to connect to the Internet. Sorry to give you bad news, but WFC can't fix this since WFC does not do any packet filtering and is not aware of any active connections.

You can contact the creators of this game and maybe they can explain better how to allow their game in Windows Firewall while outbound filtering is enabled in Windows Firewall. But I doubt they will have a solution.

 

It depends on the update mechanism. If you block the updater process and this is the one that is checking for updates, then it won't be able to check for updates. But if the updater only updates the installation, while checking for updates is done elsewhere, then it may check for updates. It depends on the software.

 

Unfortunately I do not understand the problem that you have. I already described before which rule is required for Windows Update to work. At your point 2. when you use Low Filtering profile, outbound filtering is disabled, therefore all programs without a block rule are by default allowed. If you install WFC and keep Low Filtering, then outbound connections are allowed by default and Windows Update works. If you switch to Medium Filtering profile, which just enables outbound filtering in Windows Firewall, then all programs are blocked until you allow them. Since there is no rule for Windows Update in the default set of rules, you have to create it manually. Or you could use the WFC recommended set of rules which already contains a few rules that you in general would want to have. If not, then you can create your rules as you wish. I don't see anything wrong with WFC from your description.

 

Wrong to me I think is that I am not asked, WU is just blocked or I get asked but my decision is not saved. This only happens with Windows Update. For every other program I am asked if I want to block/allow it. I only use medium filtering. Maybe I am missing something...

 

Hi Alexandrud

I am new to your firewall so please be patient. Thank you

In your post #5940 you mention:-

""WFC recommended set of rules which already contains a few rules that you in general would want to have.""

Where do I find these rules please?

Thanks

Terry

 

When installing WFC, read the messages carefully, there will be a choice of how to apply the recommended WFC rules, and they will be added to the Windows Firewall rules, and will appear in the WFC Rules Panel

 

Hey Alex, thank you for the quick response!

I guess this is one more reason not to buy from the Microsoft Store... Luckily I only got the 1€ Test-Month.

 

In case you did not create them during WFC installation you can recreated them anytime from right click context menu from Rules Panel:



You can find more info here: https://binisoft.org/pdf/guides/Malwarebytes-WFC-User-Guide.pdf#page=23

 

Create manually the rule for Windows Update and you should be fine if this is the only thing that does not work. WFC is just a GUI for Windows Firewall.

 

Thanks.

Sorry, I should have been clearer. I meant that if I have WFC set to not start with Windows it probably won't be able to check for updates to WFC. Not a big deal as I read most posts in this thread anyway.

Thanks for a great program.

 

WFC updates are not published very often, so this should not be a problem

 

Okay, I will use the WFC-Defaults again and modify these as needed. Maybe you could make a warning sign that disabling these, can and will break Windows Update.
Anyway, thanks for your neat program.

 

You were right, they didn't change anything (I tried them before I saw your reply). I ended up raising the white flag and just blanket-allowing svchost.exe to connect how it wants. It's a neverending battle trying to fight the heap of kluge that is Microsoft's Windows 10, and I'm just tired of trying to stay ahead of their telemetry/update messes. C'est la vie, I guess.