Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    403
    Location:
    CSA Consulate, Glos., UK
    Thunderbird can now use DOH, and uses ssl/tls security, and can use full email encryption with appropriate settings and certificates. It always shows attached pictures and html inline in the message body for me.
     
  2. Yasha613

    Yasha613 Registered Member

    Joined:
    Jul 17, 2021
    Posts:
    3
    Location:
    DE, USA
    I am having a hell of a time trying to figure out what I'm missing, if anyone's willing to help me out:

    Game firewall rules in place to block UDP on set of ports, with scope entries for all but IPs wanted to go thru on inbound.
    Same for outbound, but just blocking all UDP.

    Allow rules for inbound and outbound with the specific individual IPs in scope entries, again for all UDP.

    Outbound blocks and allows as expected; but I don't see anything for inbound. Is this because they're already set to default blocking by the policy? It's not functioning as expected on friend's PC either. It works in reverse, as in blocking seems to work ok for his inbound, but not out. All entries that could conflict were removed...

    Losin' hair here.
     
  3. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    842
    Location:
    Lunar module
    Show screenshots of the rules.
    The rules are not properly written.
    There is a general blocking rule and blocking rules have a higher priority than allowing rules.
    Change your approach to rule creation and create only an allow rule and specify only allowed IPs in it. Don't create a deny rule for the rest of the IPs, the firewall will show notifications for them.
    Study the log of blocked connections.
     
  4. Yasha613

    Yasha613 Registered Member

    Joined:
    Jul 17, 2021
    Posts:
    3
    Location:
    DE, USA
    I've been rather back to front. Friend's issue seems resolved, as he actually had a second copy of the game in question running, but not seeing any blocking on incoming on my end still remains:

    Below is what I wrote out for a powershell script to simplify it for a friends group, should give the specifics(ips changed a bit....just in case...):
    Code:
    New-NetFirewallRule -Program “D:\GTA5\gta5.exe” -Action Block -DisplayName “GTA Online BLOCK inbound(private lobbies)” -Description “Block unknown IPs from connecting to the public lobby for inbound connections” -Direction Inbound -Protocol UDP -RemoteAddress "1.1.1.1-43.196.12.1","43.196.12.3-69.200.55.108","69.200.55.110-95.115.132.99","95.115.132.101-103.77.235.98","103.77.235.100-192.81.240.1","192.81.247.254-212.146.252.140","212.146.252.142-255.255.255.254"
    New-NetFirewallRule -Program “D:\GTA5\gta5.exe” -Action Block -DisplayName “GTA Online BLOCK outbound(private lobbies)” -Description “Block unknown IPs from connecting to your public lobby for outbound connections” -Direction Outbound -Protocol UDP -RemoteAddress "1.1.1.1-43.196.12.1","43.196.12.3-69.200.55.108","69.200.55.110-95.115.132.99","95.115.132.101-103.77.235.98","103.77.235.100-192.81.240.1","192.81.247.254-212.146.252.140","212.146.252.142-255.255.255.254"
    New-NetFirewallRule -Program “D:\GTA5\gta5.exe” -Action Allow -DisplayName “GTA Online ALLOW inbound(private lobbies)” -Description “Allow known needed addresses for inbound” -Direction Inbound -Protocol UDP -RemoteAddress "192.81.240.1-192.81.247.254","43.196.12.2","69.200.55.109","95.115.132.100","103.77.235.99","212.146.252.141"
    New-NetFirewallRule -Program “D:\GTA5\gta5.exe” -Action Allow -DisplayName “GTA Online ALLOW outbound(private lobbies)” -Description “Allow known needed addresses for outbound” -Direction Outbound -Protocol UDP -RemoteAddress "192.81.240.1-192.81.247.254","43.196.12.2","69.200.55.109","95.115.132.100","103.77.235.99","212.146.252.141"
    
     
  5. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,831
    hi
    is the connection log needed for notification -> display notification ?
    or could be disabled?
    thanks
     
  6. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    842
    Location:
    Lunar module
    In my opinion, the rules are correct in that they forbid connections to multiple IPs other than the excluded IPs and allow connections to excluded IPs. At first it seems that the second pair of rules might be superfluous, but I have had excluded addresses blocked without them too.
    The alerts are independent of the logging, but WFC repeats the activation of the audit policy every time it boots up so that the log is kept.
     
  7. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,831
    hi
    try to disable in the connection log ->log connection ->blocked connection
    you will have no more notifications
     
    Last edited: Jul 19, 2021
  8. Yasha613

    Yasha613 Registered Member

    Joined:
    Jul 17, 2021
    Posts:
    3
    Location:
    DE, USA
    I think I've gotten it sussed out for me anyhow. The extra incoming blocking was redundant, I assume that's what was preventing seeing the incoming blocked connections. The one friend is still having issues, but as he's older and not exactly tech savvy I assume I'll need to remote and poke around as my guess is he's got some overriding rule in place or the like. I appreciate the indulgence, as this was driving me nuts.
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,155
    Location:
    Slovakia
    Is there a way to prevent WFC from removing invalid rules? Every time store or apps update, old rules get removed and recreating 30 IP ranges is annoying as hell, especially if you have to do it every week. I guess copy/paste to txt?
     
  10. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    842
    Location:
    Lunar module
    Try rules export option Rules Panel>Policies>Export selected rules, change the extension to xml, in Notepad++ edit the path of the new application, return the wpw extension and import these rules.
     
  11. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    551
    Location:
    Switzerland
    WFC does not remove invalid or old rules, it's the Windows (Firewall).
     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,056
    Location:
    Romania
    WFC does never automatically remove invalid rules. A rule is considered as invalid if the file path is not found anymore on disk at the path specified in the rule. Secure Rules removes rules if they are not in authorized groups list. Can you post a screenshot of the rules that you think are/will be removed by WFC ? If you update automatically created rules for Windows Store apps and you set custom IPs (useless work in my opinion) and they are removed, they are not removed by WFC. Try to add them into a group, so that the OS will not remove the old ones (your customized ones) when these apps are updated.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,573
    Location:
    U.S.A. (South)
    Cutting in for a moment if I may @alexandrud-
    For you and many others this is elementary but with the the latest 6 version (beautiful work btw), I am running Windows 8.1 Professional (reupping ALL my eights). Which of these 3 Security settings are preferred (recommended) for the workstation. Apologies but am very green as to do with firewalls but spending more time and effort lately studying it.

    2.jpg
     
  14. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,155
    Location:
    Slovakia
    When onedrive or Microsoft store updates, just yesterday, the old rules are just gone. I have once managed to catch an update and copied rules from the old exe to the new one, I guess that upon restart, they are eradicated by something.
     

    Attached Files:

  15. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,831
    hi
    is a wfc rule blocking updateassistant.exe ?
    why does wfc ruleset block updateassistant.exe ?
    thanks
     
    Last edited: Jul 24, 2021
  16. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    403
    Location:
    CSA Consulate, Glos., UK
    I do not have a rule blocking that executeable. Can you post a screenshot of the blocked connection in the log?
    I also do not have an updateassistant.exe on my PC - What version of windows are you using?
     
  17. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,831
    hi
    Code:
    25/07/2021 09:03:05 | 8708 | UpdateAssistant | C:\windows\updateassistant\updateassistant.exe | Block | Out | 192.168.0.4 | 49866 | 20.49.150.241 | 443 | 6 |
     

    Attached Files:

  18. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    403
    Location:
    CSA Consulate, Glos., UK
    Win 11 doesn't have that file, it updates differently.

    Some suggestions:Have you tried changing the rule in the rule panel or by clicking the line in the connections log? does windows update work for you? maybe it's blocked until you log in - see secure boot option, do you have any of the 'secure' options checked? try deleting invalid rules. are you using DOH? Port 443 is associated with DOH -DNS over Https using TCP protocol. Check for duplicate rules from the rules window, block rules have precedence. Finally, the executeable may be running inside another service or app that has a block rule. from reading the earlier posts, you are not alone in seeing 'blocked progs in the connection log for some apps when there doesn't appear to be a blocking rule.
     
    Last edited: Jul 25, 2021
  19. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,831
    hi
    it's a rule made by wfc
     
  20. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    842
    Location:
    Lunar module
    updateassistant.exe gets on your computer when you install some kind of KB update. It will constantly and annoyingly ask you to update Windows to a newer version. This is a useless, even harmful file, if you can detect this KB, uninstall it, or just delete the updateassistant.exe file, or replace it with a pacifier file with the same name and strip it of all permissions.
    In the WFC, turn on Secure Rules so that the rules do not create themselves.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,573
    Location:
    U.S.A. (South)
    Exactly the answer I was looking for myself and you didn't even know it @aldist- Thank You kindly
     
  22. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,831
    Hi
    i have never used secure rules , are made by the windows firewall control 's author?
    but they should be like rules-> restore windows firewall rules or restore windows firewall control recomandated rules
     
  23. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    842
    Location:
    Lunar module
    Secure Rules is not a set of firewall rules, but an option to protect firewall rules from unauthorized creation or modification. See User's Guide page 25.

    https://www.binisoft.org/pdf/guides/Malwarebytes-WFC-User-Guide.pdf
    sr.png
     
    Last edited by a moderator: Jul 26, 2021
  24. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,831
    hi @aldist
    in short ,wfc disable rules create by other programs right?
    have you allow windows store rules enabled ?
    and about secure rules , does give me an warning if a program try to create a rule with secure rules enabled?
    thanks aldist
     
  25. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    842
    Location:
    Lunar module
    Yes. Deletes or disables rules created by programs running with administrator rights without user intervention. Rules can only be created from the WFC interface.
    No. I don't use the Windows Store.
    No. But in the mode as in the screenshot above, unauthorized disabled rules get the prefix U -
    u.png
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.