Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    58
    Hi Alex, I thought I'd share a few feature requests/suggestions I've been thinking about. No pressure, they're not crucial things and I know you're busy. If any are possible, awesome, if not, NBD:

    • [Notifications][Shortcuts] A global keyboard shortcut that brings WFC's Notification popup into direct (input) focus would be awesome, similar to available shortcuts for Main/Rules/Log panels. I rely on WFC's keyboard shortcuts all the time (especially CTRL-TABing between Rules<->Log windows, CTRL-R for refreshing connection log), including the recent in-notification keyboard shortcuts, which I also use often. Adding a global shortcut to bring it to focus would assist with those who have lots of open windows constantly and can't always attend to the notification queue at the moment.

    • [Notifications][Shortcuts] Could a few additional keyboard shortcuts be added for notifications? Namely
      • CTRL-TAB for moving right/up through Notifications queue
      • CTRL-SHIFT-TAB moves left/down through Notifications
      • CTRL-9 jumps to last notification in queue
      • CTRL-1 jumps to first notification in queue
      • These shortcuts mirror all the standard web browsers, and the pattern fits in line with the keyboard shortcuts in the other panels (which also utilize common browser keyboard shortcut functionality).
    • [Notifications] After processing a notification in the stack, ability to maintain current position in Notification stack -- I'll often have a pile of fresh notifications that need processing. As it is now, when processing a notification anywhere in the stack (e.g. "7/13"), after processing that notification, WFC drops you all the way back to the beginning of the stack every time you process a notification. I'll frequently have a handful of MS notifications at the start of the queue that I'll have to deal with later (because of MS entanglements), but processing them soon enough that it isn't worth tossing them onto the silenced-notification list. Could this be changed (or optioned) so that current Notification queue position is held after processing a notification anywhere in the stack?

    • [ConnectionLog] Could an exclusion wildcard be added to the Connection Log's "Search" box functionality? I'll often have a scattered bunch of connections in the log that I'd rather not see, and it'd be great if we could add a "!" in front of a word in the search box which then filters that out of the current connection log view. For example, if the log had a bunch of svchost.exe connections scattered across the log from various Services, typing "!wuauserv" in the search box would filter out svchost.exe connections having to do with that service. Or perhaps if you're focusing on third-party firewalling connection issues, you could type CTRL-F, then "!svc" and all svchost.exe connections would be filtered out of the log temporarily. It'd be super helpful if so!
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,975
    Location:
    Romania
    Added them in the backlog. I will review them and update WFC.
     
  3. Webster77

    Webster77 Registered Member

    Joined:
    Monday
    Posts:
    2
    Location:
    Germany
    Hi,
    why is in the Security Tab the Option " Protected Profile " not automaticly set to on?
    Is there a Downside of it?

    Tank you!
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,975
    Location:
    Romania
    No downside. It was my choice that extra features will not be enabled by default when you install WFC. If the user reads and understands what a feature does, then he can manually enable it. At least, there is a chance that the user will read what a feature does before enabling it. If WFC would enable by default all these features, this will generate more support tickets. Even after 10 years of development, I receive support emails on weekly basis asking why WFC blocked the Internet after changing the profile to Medium Filtering :(
     
  5. Webster77

    Webster77 Registered Member

    Joined:
    Monday
    Posts:
    2
    Location:
    Germany
    ok i understand you. Thanks!
     
  6. Mincci

    Mincci Registered Member

    Joined:
    Tuesday
    Posts:
    1
    Location:
    Finland
    Hi, I hope this is the right place for my question. It's been few years since I've used Windows and WFC, but I am back. I remember having this same issue a long time ago. I have a rule to allow any in and outbound connection from the "Microsoft login assistant" service (I hope that it is written that way in english, I just translated it literally from finnish). That is the service, which asks for permission to connect when using Skype. Despite the rule, in the connection log I can see hundreds of attempts from that service blocked and Skype is unable to connect. I've tried creating new rule straight from the log entry and ensuring that ANY connection from that part of svchost is enabled. Service name is shortened to "wlidsvc". Also I've doublechecked that there is no duplicate entries for blocking that connection. Nothing seems to allow it, except changing the WFC profile to "low filtering", but that is not what I want to use. Any ideas?
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,975
    Location:
    Romania
    I do not use a Microsoft Account and I do not use any Windows Store app. However, I just installed Skype from Windows Store and I was able to connect to Skype by having only the first rule enabled. Note that the disabled rules were created during Skype installation. I disabled them and created the first one from the notification dialog. And I was able to connect. Anyone else here that is using a Microsoft Account in Windows, how did you solve this?

    upload_2020-11-24_22-33-11.png
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,135
    Location:
    Hawaii
    3 quick questions:
    • I have read that any app can change the rules of Windows Firewall (WFW). Q1- Correct of not?
    • Q2- Is there a way to password protect WFW?
    • Q3- Does WFC enable password-protecting WFW?
     
  9. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    362
    Location:
    .
    1. Yes, unless you use an older version v5.3.1.0 that has an option to prevent this from happening.
    2. No.
    3. No.
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,735
    Location:
    U.S.A. (South)
    Which is exactly what I have settled on. Works like a charm
     
  11. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    58
    You are the MAN! Much obliged.

    Yes, I've been struggling with this exact same problem. The Windows Store app "YourPhone" (a phone<->PC remote app) suddenly stopped being able to connect despite having worked fine for a couple years without any issue. But recently it stopped being able to connect, as well as not being able to access the Store ("You'll need Internet for this: 0x800704cf"): lots of blocked connections in the connection log for Microsoft Account Sign-in Assistant (and sometimes other Windows related Services) despite having allow-rules set (and recreated/reset). I'd bet money it's from Microsoft once again changing something on the backend with yet another one of their woefully untested updates that they roll out on the world, treating everyone as their "free" beta testers.

    If I set WFC to Low-profile, things start working again. So obviously it's an issue of allow-rules not getting attributed correctly rather than an upstream derivative or tangential block-rule responsible for the blocking. My suspicion is it's stemming from Service-attribution functionality, because I did a test with a vanilla svchost.exe rule with no Services attached to it, allowing everything, and YourPhone + Microsoft Store started working again, as well as other Store apps like SamsungFlow.

    I wonder if it's akin to a game of "Telephone" happening behind the curtain, where connections being called or handed off somewhere along the way confuse the firewall, information skewing so that it misattributes connections as originating from their particular svchost Service/PID.

    If someone could point out how to go about a lower-level debugging trace, I'll gladly go about it. It'd be great if there was a way to more or less set a breakpoint and then step-trace through the paths from initial source/requester of a network connection, tracing step by step until it passes out of the firewall's domain. Not sure how to go about this, however.
     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,975
    Location:
    Romania
    Q1 - Correct if "any app" has Administrative privileges.
    Q2 - Not really.
    Q3 - No, but setting a password in WFC will also remove access to WF user interface (the icon from Control Panel and wf.msc).
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,975
    Location:
    Romania
    This can't be debugged from WFC because WFC does not do any packet filtering.
    The only way to debug this is to:

    1. Wait for something to be blocked.

    2. Execute netsh wfp show netevents D:\netevents.xml

    3. Execute netsh wfp show state D:\wfpstate.xml

    4. Open netevents.xml and identify your blocked connection. From the XML structure locate the the filterId value.
    <item>
    ...
    <classifyDrop>
    <filterId>73053</filterId>
    </classifyDrop>
    ...
    </item>


    5. Open wpfstate.xml and do a search for the filterId value. From the search result, locate the displayData to find out which filter allowed/blocked the connection.
    <item>
    <layer>
    ....
    <displayData>
    <name></name>
    <description></description>
    </displayData>
    ...
    </layer>
    </item>
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.