Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,164
    Location:
    Romania
    WFC recommended rules are just a recommendation. They are a minimum required set of rules that allow those functionalities when using the IP of the devices. If you want to access them by their name, some of those extra rules from Windows Firewall default set of rules are required. Otherwise the OS does not consider those functionalities as enabled. To export your custom rules, open Rules Panel, select them, right click, Policies, Export selected rules.
     
  2. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,878
    Hi
    there is not a rule hierarchy in wfc (and windows firewall ) ,isn't ?

    I mean i can't allow a program to connect to specific ips and add a rule to block ?
    I wanted to create tighten rules for an email client ,there is only 1 google accounts , and found the google ip range and set wfc medium filtering
    in short
    1) rule allow google ip range
    2) rule allow google ip range
    3) block everything

    with the 3 rule , there is no way to let thunderbird work , without rules with medium filterting , there are not other connections then the rules created by me
    is there a way to let a program connect to specif rules and after add a block ?
    thanks
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,164
    Location:
    Romania
    There is no hierarchy. Block rules have higher precedence over allow rules. Let's say you want to allow thunderbird.exe to access only these IP ranges 2.2.2.10-2.2.2.30,5.5.5.40-5.5.5.90 (notice the comma and no spaces). You create an allow rule for thunderbird.exe it and define these IP ranges in the remote addressees property. If you use Medium Filtering profile, there is no reason to create a block rule because other connections will be blocked anyway since outbound filtering is enabled in Windows Firewall.

    However, if you later decide to use Low Filtering profile and still want to allow thunderbird.exe only on that specific IP range, then you can create an opposite block rule for thunderbird.exe and specify the remote addresses like this:
    1.1.1.1-2.2.2.9,2.2.2.31-5.5.5.39,5.5.5.91-255.255.255.255 So only two rules are required. If you do not use Low Filtering profile and the reason to create the block rule is because you want to get rid of other notifications for thunderbird.exe for other IP addresses, then it is easier to add thunderbird.exe in the notifications exceptions list and forget about it. WFC will skip future notifications for it.

    I hope this helps.
     
  4. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,878
    Hi
    yes i guess i got it , i have to exlude all the ip range that are not needed
    by the way the weird is that thunderbird try to conenct to 157.249.73.170 , based on who.is is RIPE Network Coordination Centreo_Oo_O
     
  5. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    577
    Location:
    Switzerland
    Hello
    No, RIPE is the REGISTRY.

    It seems it's somebody from Oslo, Norway.

    See here:
    https://dnslytics.com/ip/157.249.73.170

    Greetings
     
    Last edited: Feb 5, 2022
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,164
    Location:
    Romania
    Windows Firewall Control v.6.8.1.0

    Change log:
    - Improved: The logic of disabling unauthorized rules was changed to update the rule description instead of the rule name to avoid repeated rule creation as a result of different rule name.
    - Fixed: The programs executed from Tools tab can be used for privilege escalation. For standard user accounts, these tools will prompt the UAC dialog so that only administrators can launch them with full privileges.
    - Fixed: Creating new rules for files with empty file description creates new rules with an empty starting space. These rules can't be modified from WFwAS.
    - Fixed: Icon from profile switch notification is not the correct one.

    SHA1: 0c3c060a5d1f5d4d64bf3d92acf4384c787fd9b8
    SHA256: 1a23764d7895d9affa57b56f0be8c347c95e6a267be370918fff10ba9ca897e6

    Thank you for your support,
    Alexandru Dicu

    P.S.: I also tried to provide a mechanism to auto allow those programs that have a different path after an update, by matching them in a user defined list that supports wildcards. However, the final result was not as I expected, therefore this feature is not included in this release. It still needs to be polished.
     
    Last edited: Feb 10, 2022
  7. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    577
    Location:
    Switzerland
    @alexandrud

    Important fixes, thank you very much!

    Would be cool, if you could find a solution yet for the wildcard "thing".
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,164
    Location:
    Romania
    Yesterday, I released version 6.8.0.0 but I forgot to add one more check in code, therefore this one:

    - Improved: The logic of disabling unauthorized rules was changed to update the rule description instead of the rule name to avoid repeated rule creation as a result of different rule name.

    did not work in all cases. I had to publish patch version 6.8.1.0. Now everything should be fine with the new release. :)
     
  9. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    915
    Location:
    Lunar module
    Please show a screenshot of what this will look like. In v6.7.0.0 it was like this
    scr.png
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,164
    Location:
    Romania
    Evidently, this new logic applies to existing rules too. If an existing rule Name contains 'U - ', the new logic will add 'U - ' to the Description property. Your screenshot shows the correct behavior.
     
  11. WaMister

    WaMister Registered Member

    Joined:
    Feb 20, 2022
    Posts:
    2
    Location:
    Germany
    Hi,
    I am not able to switch the profile.
    I'm on "Medium Filtering" and I want to switch to "High Filtering" to block the internet, but it switches back instantly to "Medium Filtering".
    I right-click onto the taskbar icon and choose "profile" and then on "High Filtering" but it stays on "Medium Filtering"
    I left-click onto the taskbar icon and choose "profile" and then on "High Filtering" but it stays on "Medium Filtering"
    When I use the Windows start menu ans use "Start as Administrator" there is no difference: I cant change the filtering mode.

    Version 6.8.1.0

    PS: I use the german language version and so "Medium" and "High Filtering" are maybe not the right translations.
     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,164
    Location:
    Romania
    Maybe Secure Profile is not in sync anymore ? Try to check and uncheck this checkbox and then try again. If this does not help, open WFC event log and check if there is an error logged when you try to switch the profile.

    upload_2022-2-21_9-9-1.png

    It works on my German Windows installation:
    upload_2022-2-21_9-18-3.png
     
    Last edited: Feb 21, 2022
  13. WaMister

    WaMister Registered Member

    Joined:
    Feb 20, 2022
    Posts:
    2
    Location:
    Germany
    Hello Alex,

    Check and uncheck "Secure Profile" was helpful.
    Now I can switch the profiles again.

    Thank you.
     
  14. freaker

    freaker Registered Member

    Joined:
    Mar 3, 2022
    Posts:
    2
    Location:
    Germany
    Hello

    Is there a full firewall rule for import to block everything? If i allow firefox that this is working with all core...?
     
  15. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    427
    Location:
    CSA Consulate, Glos., UK
    Choose High Filtering Profile.
    upload_2022-3-3_14-18-4.png
     
  16. freaker

    freaker Registered Member

    Joined:
    Mar 3, 2022
    Posts:
    2
    Location:
    Germany
    On Medium i mean.Rules that block everythink, except my Applications that i allow.
     
  17. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    577
    Location:
    Switzerland
    @freaker

    From the binisoft.org website:

    Medium Filtering - Outbound connections that do not match a rule are blocked. Only the programs that you allow can initiate outbound connections.
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,164
    Location:
    Romania
    On Medium Filtering profile, there is no need to create block rules. Programs without an explicit allow rule are blocked by default.
     
  19. antdude

    antdude Registered Member

    Joined:
    Apr 10, 2010
    Posts:
    20
    Location:
    An Ant Farm
    Does anyone know what rules need to be open for MS' Stores to download and upgrade its apps in updated 64-bit W10 Pro? I have to turn off the firewall to make them work. I tried allowing winstore.app.exe, but that didn't help. :(
     
  20. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,124
    Location:
    Location Unknown
    I just had the below rule by default. If you can't download from the MS store with it something else must be denying it. In which case, check the log.

    ScreenShot_20220326201714.png
     
  21. antdude

    antdude Registered Member

    Joined:
    Apr 10, 2010
    Posts:
    20
    Location:
    An Ant Farm
    Yeah, the logs were confusing me. I managed to fix it by telling WCF to "Restore Windows Firewall Control recommended rules" without losing my custom rules. I noticed my firewall rules list is very long. Maybe I need to nuke all back to defaults to start clean which is annoying. :(
     
  22. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    915
    Location:
    Lunar module
    One of the rules is "allow all connections for svchost"
     
  23. deckie49

    deckie49 Registered Member

    Joined:
    May 25, 2004
    Posts:
    34
    Greetings everyone,
    I have upgraded to W10 21H2. Now, I am unable to connect to internet unless I briefly set the profile to "No Filtering." Afterwards, I can set profile to Medium and everything works well. This repeats everytime I restart or awaken the machine.
    Can anyone offer any ideas as to what is wrong>? Thanks.
     
  24. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    427
    Location:
    CSA Consulate, Glos., UK
    Check your 'Security' settings in WFC, make sure 'secure boot' is off.
    upload_2022-3-29_17-17-50.png
     
  25. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    915
    Location:
    Lunar module
    First help - see the log of blocked connections.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.