Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    You probably uninstalled the entry named Malwarebytes Windows Firewall Control. Uninstalling Malwarebytes Premium does not uninstall WFC. The error that is: The path is not of a legal form.
    1. Do you try to execute WFC installer from a mounted drive?
    2. Do you use any installation parameter ?
    3. Is this in a VM or your machine ?
    4. Do you have Malwarebytes Premium installed also ?
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    I am not familiar with OSS/Sygate so I don't know what is an interactive menu and interactive alert rule. From the notification dialog for a blocked outbound connection you can create temporary rules since many years ago. Regarding boot protection, what is this supposed to do? WFC has Secure Boot option which can block all connections until you switch the profile manually. Please give more details about these missing features.
     
  3. IRONY

    IRONY Registered Member

    Joined:
    May 29, 2013
    Posts:
    40
    Outpost Firewall Pro/OSS is a discontinued personal firewall developed by Agnitum who cashed out on their IP. You should really know who your competition is and what they offer, as with any developer developing software. OSS provided a windows driver (sys32/driver) named Sandbox64.sys that ran after the Windows Kernel boot which prevented application intrusion/modification at the core level. Windows Firewall does not do this and can be bypassed by some applications, LIKE... Adobe.
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    You probably know this, but WFC is not a firewall, it is just an alternative user interface to Windows Firewall. It also adds a few extra useful features, but this does not make it a firewall. There is no competition to anyone.
    Windows Firewall is just an implementation over Windows Filtering Platform, it is not perfect. It may be possible that Adobe uses BITS to download updates, but even in this case, you can block this service in Windows Firewall. Anyway, a system driver will not prevent this behavior of Adobe.
     
  5. IRONY

    IRONY Registered Member

    Joined:
    May 29, 2013
    Posts:
    40
    Yes, I know and windows firewall is not the greatest.

    A system driver has and will prevent applications from tampering and out/in connections. Agnitum had their act together over and above windows firewall and most any other security software on the market.
     
  6. idforfb

    idforfb Registered Member

    Joined:
    Mar 29, 2019
    Posts:
    4
    Location:
    srbija
    Tray icon disappeared.
    "wfc.exe" and "wfcs.exe" are runing.
    Commands "wfc -mp", "wfc -rp", "wfc-cp" do nothing, i.e. they dont bring up respective pannels.
    Could not uninstall wfc, but i run installer again. Nothing changed.

    Upon system start up, tray icon shows shortly (for a second or two), and then dissapears.

    WFC versin 5.4.1.0.
    Wndows 10.

    Any idea?
     
    Last edited: Jan 7, 2021
  7. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    848
    Location:
    Lunar module
    If you have problems reinstalling WFC, uninstall WFC manually:
    A) Close the wfc.exe process through the WFC tray icon or through the task manager.
    B) In CMD as administrator, run the following three commands:
    Sc.exe stop _wfcs
    Sc.exe delete _wfcs
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Firewall Control" /f
    C) Manually delete the WFC installation folder.
    Your system is now completely cleaned of any traces of the WFC installation (note that your firewall rules and settings still exist and work!).
    You can now do a clean install of the latest WFC version.
     
  8. idforfb

    idforfb Registered Member

    Joined:
    Mar 29, 2019
    Posts:
    4
    Location:
    srbija
    Done that.
    No result. Still no tray icon.
     
  9. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    848
    Location:
    Lunar module
    Your operating system is broken and WFC is out of business.
     
  10. idforfb

    idforfb Registered Member

    Joined:
    Mar 29, 2019
    Posts:
    4
    Location:
    srbija
    OK. But how come only WFC is out of business, and everything else wokrs just fine?
    It's not a problem, i will restore my system from backup, but i'm just curious what's wrong? (I saw that others had similar situation.)
     
  11. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    552
    Location:
    Switzerland
    That's a POSSIBILITY, it's not a must.
     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    Try to repair your .NET Framework installation. A Windows Update intended for .NET Framework can break some framework assemblies.
    Did you check the WFC log? Also the Application Event log.
    Both processes (wfc.exe and wfcs.exe) appear in Task Manager but the tray icon is missing. Is the tray icon hidden? If you kill wfc.exe from Task Manager and then you launch it again does it work?
     
    Last edited: Jan 9, 2021
  13. idforfb

    idforfb Registered Member

    Joined:
    Mar 29, 2019
    Posts:
    4
    Location:
    srbija
    I restored system from backup, it is ok now.
    But if you are interested in solving this problem, i could revert the system back to previous state.
    Anyway, i saw your earlier post about .NET Framework, so i installed latest version of it, but it didn't help.
    I checked Event log, and there was some error in WFC.
    I didn't check WFC log, because i didn't have acces to WFC main panel, and i didn't look up for it manualy.
    Both processes appear in Task Manger, and tray icon is missing (it shows up briefly upon system start up, and then disappears).
    Killing and relaunching wfc.exe didn't help.

    So, as i said, since everything is ok after system restore, if you are willing to try to solve this peculiar problem, i could revert the system back. Otherwise we could just archivate it.
     
  14. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    403
    Location:
    CSA Consulate, Glos., UK
    WFC is NOT out of business, It was just sold to Malware Bytes.
     
  15. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    552
    Location:
    Switzerland
    I didn't said that ...
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    You don't remember what you said ? :D
     
  17. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    552
    Location:
    Switzerland
    @alexandrud

    :argh: Sometimes maybe, hahaha ...

    PS: Have a good sunday yet.
     
  18. kilves76

    kilves76 Registered Member

    Joined:
    Feb 11, 2012
    Posts:
    7
    This is a "forever old" bug which is still present in 6.4.0.0:

    -Make a firewall rule with the "windows defender firewall with advanced security" using Scope remote address of some ipv6 ranges, for example:
    ::2-fc00:: , fe00::-fe80:: , fec0::-ff00:: , ff06::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    -Open the rule with WFC
    -->> Remote Address box is red, it won't accept it, you can't modify this rule using WFC

    The ranges are completely valid for windows firewall, it's WFC ipv6 parsing that has a problem.
     
  19. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    552
    Location:
    Switzerland
    Yes, this behaviour is known (I reported it already some time ago), but it's not really a bug, because there was no support, means no integrated methods in the .NET framework to check ranges of IPv6.

    MAYBE that has changed already in the meanwhile? THEN this could be fixed yet.

    Let us wait for an answer from Developer ...
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    Indeed, IPv6 parsing in WFC validators is incomplete. I have a solution and I have to update the code. Unfortunately, I do not have enough time currently for this. I am working on 3 major projects right now and WFC will come after. I will try to cover this in the next WFC update.
     
  21. kilves76

    kilves76 Registered Member

    Joined:
    Feb 11, 2012
    Posts:
    7
    Found another bug/feature: make a new blank rule, enter 0.0.0.0/0 as (one part of) local/remote address. Click Create, poof, where did the rule go? Windows' own (just call it WDFwAS) will complain with an error popup that the mask is invalid when trying to create a similar rule (microsoftism, there's nothing invalid about 0.0.0.0/0 meaning all addresses). But it's a bit confusing that WFC just throws it away without letting the user know. Maybe it was a typo and user meant 0.0.0.0/8 . Nasty to have to recreate the rule, if one even noticed it went missing.

    But what I really wanted to talk about is multi rule editing. In a new install of Windows there's tens and tens of rules which would need editing, like anything with "Local Subnet" to something more verifiable (what is the local subnet when user is connected to LAN, Domain WAN and 2 VPN's? I'd rather be sure).

    So one should be able to select several rules, edit one properties window, and have the edits applied to all of the selected rules. Even the Program part, what if some one program had lots of rules and the location changed, boring to update the rules one by one. If the Program differs, just show <multiple> or something. This would be a very useful feature that'd really set WFC apart from WDFwAS.
     
  22. kilves76

    kilves76 Registered Member

    Joined:
    Feb 11, 2012
    Posts:
    7
    And related to rule security, because MS is unable to guarantee the evaluation order and acceptance of the rules (the "most specific" is supposed to win, yet another case of "whatever that means"), it'd be useful if WFC could create inverted rules:

    Select an Accept rule with defined Local and Remote addresses, click Invert Rule, and it'd create a Block rule with inverted Local and Remote Addresses. Now one could be sure about what gets passed and what not. Like if Local/Remote is 192.168.0.0/16, the inverted rule will be 1.0.0.0-192.167.255.255, 192.169.0.0-255.255.255.255. I would leave the 0.n.n.n "this network" out unless one can be 100% sure how Windows evaluates and uses it.
     
  23. ahzs

    ahzs Registered Member

    Joined:
    Jan 25, 2021
    Posts:
    1
    Location:
    World
    Thank you for the perfect work. Please modify the default rule for Windows Update - the whole svchost.exe is allowed.
    And then please implement the operating conditions for "\device\harddiskvolumeX\" - this is necessary, for example, if the disk is mounted in a folder.
    Thanks!
     
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    Directly here:

    upload_2021-1-26_22-44-17.png

    I will see if I can improve the user experience for this scenario.

    This would be handy, I agree. If I will have enough free time for this, I will give it a try. Currently, I do not have the time required for this change.
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,058
    Location:
    Romania
    The default rule for Windows Update is a recommendation, not mandatory. It is meant for users the majority of users. Power users can anytime edit this rule. The vice-versa is not always true, editing a rule for svchost.exe can create headaches for majority of users. There is no plan to change that rule to a more restrictive one.

    "disk is mounted in a folder"
    In this case the problem is Windows Firewall itself. Windows Firewall can't handle these paths properly, therefore any firewall rules for them would not work at all. Even if the user sees in Windows Explorer the mounted drive in a path like D:\mounted\my.exe, the actual path that Windows Firewall is using is not this one, but a path based on volume GUID. Windows Firewall can't handle connections for virtual mounted drives and this is a fix that Microsoft should do.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.