Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. D3ltorohd

    D3ltorohd Registered Member

    Joined:
    Nov 20, 2021
    Posts:
    10
    Location:
    Germany
    Is this a good thing to disable outbound filtering ? The bigger danger is after all inbound or ?
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    By default, outbound filtering is disabled in Windows Firewall. Enabling it is optional and requires the user to do the work of creating allow rules for the programs which are acceptable to connect. If there are some programs that do not work with outbound filtering enabled, you can disable it temporarily. Or you can take the other side, keep Low Filtering profile and manually block unwanted programs. The important thing is to not disable inbound filtering because you will expose your computer to the external world.
     
  3. THZ

    THZ Registered Member

    Joined:
    Dec 29, 2021
    Posts:
    5
    Location:
    Switzerland
    Hello - I have set WFC to Medium Filtering, block any traffic and to display notifications. Whenever I get a notification on a new unknown traffic I confirm either with block or allow, but this takes up to 1 minute when I click on OK. This is on 2 computers that I have, on other computers not. What could be the reason?
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    This was reported a while ago but I could never reproduce it and provide a fix.
    - Please check the Connections Log and see if there is a program that is generating an insane number of connections (in and out) during the same time when you want to create a new rule from the notifications dialog.
    - That 1 minute seems like a timeout to me. After that 1 minute of waiting, is the rule created ?
    - During this waiting time is the notification dialog closed or frozen ?
    - Please check WFC log in Event Viewer and see if there is something logged regarding this.
    - On which operating system do you have this problem ? Net Framework version ?
    - Does this happen only when you create a new rule from the notification dialog, or also when you try to create a new rule from Rules Panel ?
    - Try to identify the differences between the computers where it works and where it doesn't. Do they use the same security software, the same antivirus ?
     
    Last edited: Dec 30, 2021
  5. THZ

    THZ Registered Member

    Joined:
    Dec 29, 2021
    Posts:
    5
    Location:
    Switzerland
    Many thanks. Actually my log doesn't provide anything unusual, but I will verfiy this the next time I will have this issue.

    I can answer your questions so far:
    -The rule is being created after 1 minute of waiting
    -The notification dialog remains frozen
    -This happened with Windows 10 x64 and happens now with Windows 11 as well. Net Framework 4.8.04161
    -All computers have been setup almost identical, no security software, only Microsoft Defender
     
  6. NAMIKAWA

    NAMIKAWA Registered Member

    Joined:
    Jan 8, 2022
    Posts:
    2
    Location:
    JP
    Hello,

    I use WFC, I wanted to turn off the messages that appear that the program needs permission in the firewall.
    https://i.imgur.com/hhYt6P2.png

    But all the notification settings I've tried are probably used (linked) by the WFC program and can't be turned off.

    how can i turn off these annoying messages?
     
  7. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    This has nothing to do with WFC. It should be the following setting (here Windows 10 Pro x64 ... I don't know which OS you have in use) and it's for INBOUND connections:

    Type "Firewall status" or "Check firewall status" or something like that (don't know exactly, because I have a non-english OS version in use) in the Windows Search Field or in Search Field of the Settings window (you should also find it over the "Control Panel, System and Security" somewhere):

    Open it, then you should have a window like this ...

    Notifications_1-2.PNG

    ... click on the text in red square ("Change notification settings"), then you should have a window like this ...

    Notifications_2-2.PNG

    .. now you should be able to disable it for the desired location(s).
     
    Last edited: Jan 8, 2022
  8. NAMIKAWA

    NAMIKAWA Registered Member

    Joined:
    Jan 8, 2022
    Posts:
    2
    Location:
    JP
    @Alpengreis Yes, I tried exactly this setting before I wrote here!
    The problem is that it always returns to the default values.
     
  9. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Last edited: Jan 8, 2022
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Execute wf.msc

    upload_2022-1-9_12-10-43.png

    Then click on this:

    upload_2022-1-9_12-11-54.png

    Then for Private and Public, click on Customize under Settings:

    upload_2022-1-9_12-13-6.png

    And set this setting to No:

    upload_2022-1-9_12-14-55.png

    Now you should not see those WF notifications anymore. If you can still see them let me know.
     
  11. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Yes, over the Management Console is another way ...
     
  12. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    344
    Location:
    Finland
    How effective this FW is against tampering(disabling) vs Comodo Firewall and Zonealarm that runs in their own kernel level driver (ring 0) ?
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    There is no tampering protection in WFC because:
    - WFC is not a firewall
    - WFC is just an alternative user interface for Windows Firewall. It also provides some extra nice features, but this does not make it a firewall.
    - Even if WFC is closed, the firewall rules are still applied by Windows Firewall itself. By closing WFC you just don't have access to the alternative user interface, it is not the end of the world.
    - A real anti-tampering mechanism requires an ELAM driver signed by Microsoft which is not that easy to get, it makes debugging almost impossible (because WFC will be a protected process) and comes with the only advantage that you can't close WFC process. If something goes wrong with the software and it hangs, then, good luck restarting it.
    - A real attacker will probably want to disable Windows Firewall itself, not WFC. Disabling WFC will not help a malicious actor to gain nothing. However, this will attract too much attention, so this is unlikely:
    upload_2022-1-12_20-40-46.png
    - If a malicious software gains enough privileges (the user probably allows it in UAC prompt) to disable a service running under SYSTEM account, the last problem that you have is WFC being closed.
     
  14. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    344
    Location:
    Finland
    Yes, WFC is a frontend for Windows Firewall. Many malwares more or less targeting windows firewall, because malware coders does know that many users does not use 3rd party firewall. Its easy to abuse.
    Personally, i never ever rely any FW softwares that's based on windows own firewall. Comodo / Zonealarm uses their own kernel based filterin driver(s). This solution can and will increase security.
    There's a many ways to disable windows firewall during boot stage.
    Nevertheless, you're a great coder and... mov ax,13h? ;)
     
  15. THZ

    THZ Registered Member

    Joined:
    Dec 29, 2021
    Posts:
    5
    Location:
    Switzerland
    It just happened again. When I get a notification and click either on Allow or Deny, it takes about a minute until the window closes. I then verified the connections log, but don't see any insane number of connections. Sometimtes I have about 8 entries for the same program that I blocked, each with a different source port from my computer (for example 51200, 51201, 51202), but all going to different IP addresses.
    What I have seen, is that WFC itself blocked a few minutes ago an outgoing connection to edgecast.com (93.184.220.29), which I can't remember having blocked manually?

    Another issues is with an Intel Driver Update utility (idsaupdate.exe), which again and again prompts me to allow or deny, an all computer the same, I always allow but several times a day I again receive this popup.
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Just add idsaupdate.exe in the notifications exceptions list and forget about it. Probably the path is different each time in a temporary location and this is why you see multiple notifications, they are for different paths where this file is extracted. Drivers are not released multiple times a day. In fact, if your hardware is older more than a year, forget about new drivers. I would uninstall completely any driver update utility software.

    As for the freezing notification dialog, I will investigate it.
     
  17. Mannard

    Mannard Registered Member

    Joined:
    Jan 19, 2022
    Posts:
    1
    Location:
    Cape Canaveral, Florida
    I have an issue with WFC. It won't allow any programs outbound access when I run them from a ramdisk unless I switch Profile to Low
    I'm using Softperfect Ramdisk.

    OS: win7 64 vers 6.7.0.0
     
  18. THZ

    THZ Registered Member

    Joined:
    Dec 29, 2021
    Posts:
    5
    Location:
    Switzerland
    Thank you for this hint! I realized that idsaupdate.exe is being executed from a TEMP folder, which is different each time, so this notification is popping up all the time. I know added it to the notfications exception list and so far no more popup! My hardware is much older than a year... so I may also manually search for updates from times to times.
     
  19. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,102
    Location:
    Lunar module
    Last edited: Jan 19, 2022
  20. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    After every window update, I have to reinstall WFC and restart to get notifications and logs working. It is a minor inconvenience, since it is once every 2 weeks, but this "fix" always helped me.
     
  21. THZ

    THZ Registered Member

    Joined:
    Dec 29, 2021
    Posts:
    5
    Location:
    Switzerland
    By the way - in addition: when the notification dialog pops up, the new rule is created instantly and also works instantly, it's just the dialog which is freezing then.
     
  22. Real_Marshal

    Real_Marshal Registered Member

    Joined:
    Jan 27, 2022
    Posts:
    2
    Location:
    Moscow
    I have a weird problem with network drives. With medium profile and all recommended WFC rules enabled like Network Discovery, File and Printer Sharing etc. I lose access to my network drives after some time. If I set profile to low though they immediately become available.
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Check my answer from here.
     
  24. Real_Marshal

    Real_Marshal Registered Member

    Joined:
    Jan 27, 2022
    Posts:
    2
    Location:
    Moscow
    So those WFC rules related to Network Discovery, File and Printer Sharing etc. don't really matter and I need both default Windows rules and WFC recommended ones? What's the point of recommended WFC rules then? And how can I make a partial export? I only see full .wfw policy export in default windows firewall.
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    I am thinking if it wouldn't be better to change the description of the rule instead of its name. Will these programs stop creating new rules if they find their rule disabled based on the rule name, or will they keep creating new rules anyway?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.