Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    65
    Hi Alex, I thought I'd share a few feature requests/suggestions I've been thinking about. No pressure, they're not crucial things and I know you're busy. If any are possible, awesome, if not, NBD:

    • [Notifications][Shortcuts] A global keyboard shortcut that brings WFC's Notification popup into direct (input) focus would be awesome, similar to available shortcuts for Main/Rules/Log panels. I rely on WFC's keyboard shortcuts all the time (especially CTRL-TABing between Rules<->Log windows, CTRL-R for refreshing connection log), including the recent in-notification keyboard shortcuts, which I also use often. Adding a global shortcut to bring it to focus would assist with those who have lots of open windows constantly and can't always attend to the notification queue at the moment.

    • [Notifications][Shortcuts] Could a few additional keyboard shortcuts be added for notifications? Namely
      • CTRL-TAB for moving right/up through Notifications queue
      • CTRL-SHIFT-TAB moves left/down through Notifications
      • CTRL-9 jumps to last notification in queue
      • CTRL-1 jumps to first notification in queue
      • These shortcuts mirror all the standard web browsers, and the pattern fits in line with the keyboard shortcuts in the other panels (which also utilize common browser keyboard shortcut functionality).
    • [Notifications] After processing a notification in the stack, ability to maintain current position in Notification stack -- I'll often have a pile of fresh notifications that need processing. As it is now, when processing a notification anywhere in the stack (e.g. "7/13"), after processing that notification, WFC drops you all the way back to the beginning of the stack every time you process a notification. I'll frequently have a handful of MS notifications at the start of the queue that I'll have to deal with later (because of MS entanglements), but processing them soon enough that it isn't worth tossing them onto the silenced-notification list. Could this be changed (or optioned) so that current Notification queue position is held after processing a notification anywhere in the stack?

    • [ConnectionLog] Could an exclusion wildcard be added to the Connection Log's "Search" box functionality? I'll often have a scattered bunch of connections in the log that I'd rather not see, and it'd be great if we could add a "!" in front of a word in the search box which then filters that out of the current connection log view. For example, if the log had a bunch of svchost.exe connections scattered across the log from various Services, typing "!wuauserv" in the search box would filter out svchost.exe connections having to do with that service. Or perhaps if you're focusing on third-party firewalling connection issues, you could type CTRL-F, then "!svc" and all svchost.exe connections would be filtered out of the log temporarily. It'd be super helpful if so!
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    Added them in the backlog. I will review them and update WFC.
     
  3. Webster77

    Webster77 Registered Member

    Joined:
    Nov 23, 2020
    Posts:
    2
    Location:
    Germany
    Hi,
    why is in the Security Tab the Option " Protected Profile " not automaticly set to on?
    Is there a Downside of it?

    Tank you!
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    No downside. It was my choice that extra features will not be enabled by default when you install WFC. If the user reads and understands what a feature does, then he can manually enable it. At least, there is a chance that the user will read what a feature does before enabling it. If WFC would enable by default all these features, this will generate more support tickets. Even after 10 years of development, I receive support emails on weekly basis asking why WFC blocked the Internet after changing the profile to Medium Filtering :(
     
  5. Webster77

    Webster77 Registered Member

    Joined:
    Nov 23, 2020
    Posts:
    2
    Location:
    Germany
    ok i understand you. Thanks!
     
  6. Mincci

    Mincci Registered Member

    Joined:
    Nov 24, 2020
    Posts:
    1
    Location:
    Finland
    Hi, I hope this is the right place for my question. It's been few years since I've used Windows and WFC, but I am back. I remember having this same issue a long time ago. I have a rule to allow any in and outbound connection from the "Microsoft login assistant" service (I hope that it is written that way in english, I just translated it literally from finnish). That is the service, which asks for permission to connect when using Skype. Despite the rule, in the connection log I can see hundreds of attempts from that service blocked and Skype is unable to connect. I've tried creating new rule straight from the log entry and ensuring that ANY connection from that part of svchost is enabled. Service name is shortened to "wlidsvc". Also I've doublechecked that there is no duplicate entries for blocking that connection. Nothing seems to allow it, except changing the WFC profile to "low filtering", but that is not what I want to use. Any ideas?
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    I do not use a Microsoft Account and I do not use any Windows Store app. However, I just installed Skype from Windows Store and I was able to connect to Skype by having only the first rule enabled. Note that the disabled rules were created during Skype installation. I disabled them and created the first one from the notification dialog. And I was able to connect. Anyone else here that is using a Microsoft Account in Windows, how did you solve this?

    upload_2020-11-24_22-33-11.png
     
  8. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    3 quick questions:
    • I have read that any app can change the rules of Windows Firewall (WFW). Q1- Correct of not?
    • Q2- Is there a way to password protect WFW?
    • Q3- Does WFC enable password-protecting WFW?
     
  9. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    1. Yes, unless you use an older version v5.3.1.0 that has an option to prevent this from happening.
    2. No.
    3. No.
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Which is exactly what I have settled on. Works like a charm
     
  11. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    65
    You are the MAN! Much obliged.

    Yes, I've been struggling with this exact same problem. The Windows Store app "YourPhone" (a phone<->PC remote app) suddenly stopped being able to connect despite having worked fine for a couple years without any issue. But recently it stopped being able to connect, as well as not being able to access the Store ("You'll need Internet for this: 0x800704cf"): lots of blocked connections in the connection log for Microsoft Account Sign-in Assistant (and sometimes other Windows related Services) despite having allow-rules set (and recreated/reset). I'd bet money it's from Microsoft once again changing something on the backend with yet another one of their woefully untested updates that they roll out on the world, treating everyone as their "free" beta testers.

    If I set WFC to Low-profile, things start working again. So obviously it's an issue of allow-rules not getting attributed correctly rather than an upstream derivative or tangential block-rule responsible for the blocking. My suspicion is it's stemming from Service-attribution functionality, because I did a test with a vanilla svchost.exe rule with no Services attached to it, allowing everything, and YourPhone + Microsoft Store started working again, as well as other Store apps like SamsungFlow.

    I wonder if it's akin to a game of "Telephone" happening behind the curtain, where connections being called or handed off somewhere along the way confuse the firewall, information skewing so that it misattributes connections as originating from their particular svchost Service/PID.

    If someone could point out how to go about a lower-level debugging trace, I'll gladly go about it. It'd be great if there was a way to more or less set a breakpoint and then step-trace through the paths from initial source/requester of a network connection, tracing step by step until it passes out of the firewall's domain. Not sure how to go about this, however.
     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    Q1 - Correct if "any app" has Administrative privileges.
    Q2 - Not really.
    Q3 - No, but setting a password in WFC will also remove access to WF user interface (the icon from Control Panel and wf.msc).
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    This can't be debugged from WFC because WFC does not do any packet filtering.
    The only way to debug this is to:

    1. Wait for something to be blocked.

    2. Execute netsh wfp show netevents D:\netevents.xml

    3. Execute netsh wfp show state D:\wfpstate.xml

    4. Open netevents.xml and identify your blocked connection. From the XML structure locate the the filterId value.
    <item>
    ...
    <classifyDrop>
    <filterId>73053</filterId>
    </classifyDrop>
    ...
    </item>


    5. Open wpfstate.xml and do a search for the filterId value. From the search result, locate the displayData to find out which filter allowed/blocked the connection.
    <item>
    <layer>
    ....
    <displayData>
    <name></name>
    <description></description>
    </displayData>
    ...
    </layer>
    </item>
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    BTW, is it true that WFC will block Windows SmartScreen in Medium Filtering? Or do Secure Rules and Secure Profile also play a role?
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    True. Not true.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Then how to enable SmartScreen, how to give it outbound access?
     
  17. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    @Rasheed187

    Something like the following should be enough:

    fwrule_sc.png

    PS: Perhaps Port 80 is not (no more?) necessary ...
     
    Last edited: Dec 6, 2020
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Thanks, I forgot that SmartScreen has his own process, will check it out.
     
  19. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    It needs remote port 80 as well as 443.
     
  20. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Ok, good to know and thanks for clarification!
     
  21. Paul04

    Paul04 Registered Member

    Joined:
    Mar 4, 2020
    Posts:
    9
    Location:
    Colorado
    I have a peek at this sub-forum every few months and always pick up a useful tip or two.
    But my post today is just to thank Alexandrud for creating WFC and keeping it in shape.

    WFC was instrumental in getting me to a place where I feel comfortable creating and playing with firewall rules. Before WFC I really didn't have much of a clue. So it has made the windows firewall accessible to me; now I am even game to edit rules in the 'raw' firewall. So a big thanks to Alexandrud for creating and maintaining this app, which I now class as "mature software".

    Also a little thanks to forum regulars like Alpengreis (and others, my apologies for not naming you all) who contribute generously with their time to explain things. When I read questions posed on the forum I tend to shut up and listen to them because I'm still too much of a learner and don't want to confuse anyone.

    Lastly I'll just mention that, by far the most important use of WFC for me, is to stop automatic updates of Windows 10 for a period of weeks/months while I use my audio studio software. From past experience, updates often break things and it can take many frustrating days for me to get the studio workstation back to where it was, diverting me from studio work. Sometimes I need outside tech assistance just to fix what an unsolicited win10 update broke. So, in particular, the WFC default rule/set of rules allowing control of windows updates was an invaluable starting point.
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    Thank you for your kind words.
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    Happy New Year 2021! Thank you everyone.
     
  24. Mike Evans

    Mike Evans Registered Member

    Joined:
    Jan 1, 2021
    Posts:
    1
    Location:
    USA
    I can no longer install WFC6. I uninstalled Malware bytes and it seems to have uninstalled WFC. All I get is this error message and then it exits.

    https://i.imgur.com/IFfUmhT.png
     
  25. IRONY

    IRONY Registered Member

    Joined:
    May 29, 2013
    Posts:
    43
    Really wish WFC had an interactive menu like OSS/Sygate. Missing items such as temp (timed) allow and the ability to customize an interactive alert rule.

    Also, the ability for boot protection like OSS.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.