Discussion in 'other firewalls' started by alexandrud, May 20, 2013.
Thank you both for letting me know
"Malwarebytes Windows Firewall Control" is indeed loaded and running in Windows Services (I had previously only looked for services starting with "Windows"). I also discovered that the WFC icon was hidden in the tray - believe it or not, it was overlayed by the Kaspersky icon!
So it seems that the issues I posted above turned out to be a false alarm - sorry.
Just started using WFC. Have a question about notifications. I keep getting these notifications wanting to connect outbound:
MoUSO Core Worker Process | C:\windows\system32\mousocoreworker.exe | Block | Out | 52350 | 443 | 6 |
Device Association Framework Provider Host | C:\windows\system32\dashost.exe | Block | Out | 54428 | 3702 |
Function Discovery Resource Publication | C:\windows\system32\svchost.exe | Block | Out | 50386 | 3702 | 17 |
NT Kernel & System | System | Block | Out | 137 | 137 | 17 |
Cryptographic Services | C:\windows\system32\svchost.exe | Block | Out | 52328 | 80 | 6 |
Should I allow them to connect outbound? I used sphinx firewall in the past and it would allow such programs outbound only as "read only".
Input would be appreciated.
Windows Update, if blocked, updates might fail.
I have it disabled, I do not share files over LAN.
NetBIOS, disabled as well, since it is vulnerable.
It is used to update certificates/digital signatures for Windows, browsers, webpages.
@TairikuOkami Thanks for the tips. I will allow "out" for #'s 1 and 4 and block 2 and 3. If you don't mind, there might be a few more that I might ask your advice on.
Alexandrud et all...
It is possible to import a file with the rules (WFW or WPW from the command line (I need it during the installation phase already from the command line)...
netsh advfirewall import "C:\Firewallrules.wfw"
seems i cant get windows remote desktop to work on medium filter. i searched rules for 3389, and i have allowed incoming there.
Searched connection log and nothing there. Ive enabled the rules in defender.
any idea what the issue is?
edit- Tried in a fresh win 11 window and same thing. Icomingremote desktop is blocked in medium filter, despite allow rules created.
edit 2. on fresh install remote desktop worked with firewall enabled. Tried wfc, blocked with medium. uninstalled wfc and choose reset settings. After that remote desktop is still blocked, and only working when turning off windows firewall..
I have these two inbound rules on one of my machines:
On my main machine I need one outbound rule for mstsc.exe. That's all it takes on my side to connect from one Windows 11 to another Windows 11 machine. No domain, just same workgroup in a home network. However, to connect through RDP, you need an account with a password set for that account. If the machine where you want to connect does not have a password, RDP doesn't work. What error does it give you when it fails to connect?
Did get a quick reply from binisoft. So have been playing with it.
I use the store remote desktop app and the ms app for andoid. on one machine the rules was in my language and english. so disabled the double rules.
Reset and configured the rules again and now I can connect from the ms remote desktop app to the computer with setting at medium.
Its only the android app that no longer connect on medium, just low. Error code 0x104
no clue why that app only work in low, but the window mascines work now.
To be able to connect from the Microsoft Store Remote Desktop, you will need an outbound rule for rdclient.windows.exe. I also tried from my Android phone to connect to my laptop. The same inbound rules were working fine, I was able to connect to my laptop from my phone. I didn't know there is a RDP Android app which works with Windows machines
strange, the app will not connect on medium for me. Since the windows app works to connect now its fine. Just wonder what blocks the android app from connecting while on medium..
Notice the Medium Filtering (green) tray icon. Check the blocked inbound connections in Connections Log when it fails and see what was recently blocked. You should make an idea.
ok, found it. this was blocking it.
Network Discovery Finally you sorted it out. Thank you for posting back that you solved it.
Love this software so I have to ask...
My WFC config is as presented on the screens. I only use my own set of rules + recommended ones by WFC (these should include local networking). Any other rule is removed.
Cannot get network discovery to work on Medium filtering. Always gets disabled after every try and the same message appears all over again.
The connection log doesn't show any blocked connections which are set to be logged.
Everything starts to work on No filtering but I don't want to switch every time.
What's wrong with my approach or rules? Why's the connection log doesn't show blocked connections?
Your posted images can't be found
When you try to enable Network Discovery in Windows, it just tries to enable the firewall rules from the default set of rules located in Network Discovery group. If those rules are not there anymore, it doesn't recreate them. This is why that checkbox doesn't stay checked. Try these steps:
- Make a partial policy export of your current rules. Include all of them.
- Restore Windows Firewall default set of rules.
- Keep the ones from Network Discovery and File and Printer Sharing groups. You can delete any other rule.
- Import your rules back from the partial policy. You should have now the your rules + the ones from Network Discovery and File and Printer Sharing groups.
- Now, when you enable that checkbox it will be able to enable the required rules for Network Discovery.
You did not mention what is your scenario. What do you want to achieve? With WFC recommended minimal set of rules you must use IP addresses to access your machine, not the machine name. At which blocked connections are you looking in Connections Log? Inbound or outbound?
Either this forum doesn't offer/allow me to edit post and replace the links or I don't know how to... never mind.
Your procedure did the trick and now I'm able to connect to other machines on my LAN.
I understand that this method could also work in other scenarios when user removes completely Windows Firewall default set of rules.
Thanks a bunch!
I believe you need a minimum number of posts before you can upload images.
In the test version v18.104.22.168 (maybe in older versions too? I can't remember *g*) we have a column Edge traversal for outbound rules too. That's not useful because Edge traversal is for inbound rules only. Could you remove this column for outbound rules OR make there an "Not available" or something like that instead of "Block edge traversal"?
Good catch. It will be fixed in the next release. This is a side effect of the major changes from version 22.214.171.124. The reason why I did not publish yet a new version is the Smart App Control, but I will consider making a new release without Smart App Control support. Once this gets fixed on another team (out of my control) WFC will be compliant with Smart App Control too.
I hope so, technically people, who use Smart App Control, do not really need a firewall and probably will not anyway. I have removed even the annoying smartscreen.
Smart App Control is part of Windows Defender. However, I would not say that a firewall is not needed anymore. People want to block even legitimate programs to connect to the Internet for various reasons. As for inbound access, you still need a firewall.
Separate names with a comma.