Windows Firewall Control (WFC) by BiniSoft.org

I use google DOH on 8.8.8.8 or 8.8.4.4 and their corresponding IPV6 versions for DNS in Windows 10 ethernet settings, with both set to encrypted only (preferred works too) I also have (in about:config for firefox & waterfox), network.trr.mode=2 (DOH only, no fallback). I found Cloudflare a bit flakey.

DNS records sometimes take a while to propagate.

 

kronckem, mode 2 allow fallback, to have doh only it's mode 3 https://wiki.mozilla.org/Trusted_Recursive_Resolver

 

Yup, been a while since I changed mine....

 

What kind of Firewall is this? I have not enabled ANY update checks in WFC but still i see several outgoing attempts blocked. To various IPs.

Is that funny or what? A security software trying to phone home?

Pitty. Not sure if this was happening always, i did some tuning this month.

 

Thank you alexandrud very much for your new version v.6.5.0.0

..if you would please still keep the item on your to do list backlog, which I hope it's getting closer to being implemented, the one feature we spoke of previously with a new listing "Allow This Time Instance"

..see your answer for question 2, Here:
https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-243#post-2990663

Thank you very much for keeping this in mind, thank you.

 

@alexandrud

thank you for the new release. Your efforts and expertise are very much appreciated.

 

WFC is NOT a firewall. It controls the one supplied free by Microsoft, which comes with basic rules. The recommended profile (Medium) for WFC is to ensure all attempts to connect outside set the firewall to 'blocked' If no rule allowing it is in force. The default is from Windows, which sets itself to allow outbound connections, and blocks incoming connections. If you haven't ticked the Update Automatically box, or added a rule to allow the connection, I would expect it to block the update call. Most security software 'phones home' (outgoing) to see if updates are available, but don't download them unless you allow it.

So what's the problem? It blocked it. If you accidentally allow a notified connection, or set the options differently at some point, it might have allowed it.

p.s. - The Grammar Police twisted my arm to post that Pity only has one 't'. They don't allow editing their rules.

 

Yes dude not a Firewall but a Firewall control, i apologize. Sorry, mea culpa.

What "update" are you taking about? I have not ticked the update button. What are you talking about? Please read again my post.

Why WFC is trying (SO MANY TIMES as i see now) to contact several IPs?

(did you replied, just to reply?)

 

v6.xxx sends telemetry to Malwarebytes once a day: WFC version, OS version, OS architecture (x64, x86), OS language (English, German, etc.), file system (ntfs, fat32), the process starts from administrator or not, the computer is included in the domain or not, the unique identifier of the machine. Personal data is not collected. The topic has detailed interesting information about this telemetry.
If automatic check for WFC updates is enabled, wfc.exe will try to go online to check for updates 1 minute after each WFC start.

 

Thank You @aldist

Magnificent IMO of a well thought out windows firewall front-end. Something Microsoft I assume gave little value to featuring.

Thank You @alexandrud for the newest version and the ongoing stellar support in answering concerns as well as adding improvements where seen fit.

 

Thanks for the info. Personal data is not collected, so they say. So says Nvidia, Comodo, you name it. How about asking us first?

 

@kronckew You didn't bother me, just not what i asked. And you know what ... i have no idea any more if WFC (or whatever other software) is out to get me, as you say. Who is collecting the data? What do they do with them? How log they keep them?

Is GDPR in use for WFC?

Anyways, we got the picture. Privacy is not respected, so ....

(just checking WFC log and i see the CCleaner that i installed for a while today, made around 10 outgoing connections during installation and 5 during uninstallation. And CCleaner is owned from Avast, as security company. Go figure).

 

This information was previously kindly published on the forum by alexandrud

When installing the NVIDIA driver package, install only the driver, not the entire garbage package, use NVCleanstall 1.9.0 Portable for this

To put it simply, if the firewall is configured correctly, CCleaner and other programs will not be able to connect.

 

Telemetry is common place now days, not a fan of it, but WFC isn't alone in this.

However I do think there should be an option to opt out of it.

 

Please read carefully again

 

Of cource. What i wanted to point out is that security software do not respect privacy, so go figure ...

 

Well "trending" with Telemetry is something i highly dislike.

And i will have to ask again, GDPR is RESPECTED or not? In WFC since we speak for this particular software. Or GDPR is some EU pseudo-law that nobody cares to respect?

 

Feel free to not use WFC then, no one is forcing you to use this free program.

 

I did follow your suggestion but it seems it doesn't work (clean install also). Still Nvidia is creating outgoing connections. Anyways, all those are blocked, i just wanted to inform you.

 

Great arguments guys, thanks.

 

About the telemetry, JFI yet:

See ...

https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-177#post-2772461

... and ...

https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-244#post-2996055

 

I can't ping it either. WFC has not blocked it in the connections log.


Aha! I also use an IP blocker -, ,Peerblock 1.2, it blocked that IP address which it thinks is assigned to bigmanga.com


Something is wrong somewhere...

I note that a whois query tells me that the ICANN dns database hasn't uppdated since about 20:00 (8pm) yesterday. assume that time is GMT UTC.

WFC itself tells me it can't connect to the server if I run the manual update from the About menu item.

Something is up with DNS, some of the dns record types, AAAA for one, are not propagating, while A records are. Other types have a mix some secondary dns servers OK some not.
see https://www.whatsmydns.net/#AAAA/binisoft.org

 

Yes, it is wrong to block this amount of IP addresses:



There is a big chance that you will block too much.
binisoft.org website uses a shared hosting plan. This means this IP 66.198.240.5 can host hundreds of web sites, including binisoft.org website. Since PeerBlock blocks this IP address, the answer is pretty simple.