Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    322
    Thank you both for letting me know
     
  2. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    "Malwarebytes Windows Firewall Control" is indeed loaded and running in Windows Services (I had previously only looked for services starting with "Windows"). I also discovered that the WFC icon was hidden in the tray - believe it or not, it was overlayed by the Kaspersky icon! o_O

    So it seems that the issues I posted above turned out to be a false alarm - sorry.
     
  3. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    706
    Location:
    North America
    Just started using WFC. Have a question about notifications. I keep getting these notifications wanting to connect outbound:

    MoUSO Core Worker Process | C:\windows\system32\mousocoreworker.exe | Block | Out | 52350 | 443 | 6 |
    Device Association Framework Provider Host | C:\windows\system32\dashost.exe | Block | Out | 54428 | 3702 |
    Function Discovery Resource Publication | C:\windows\system32\svchost.exe | Block | Out | 50386 | 3702 | 17 |
    NT Kernel & System | System | Block | Out | 137 | 137 | 17 |
    Cryptographic Services | C:\windows\system32\svchost.exe | Block | Out | 52328 | 80 | 6 |

    Should I allow them to connect outbound? I used sphinx firewall in the past and it would allow such programs outbound only as "read only".
    Input would be appreciated.
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,524
    Location:
    Flat Earth Matrix
    Windows Update, if blocked, updates might fail.
    I have it disabled, I do not share files over LAN.
    NetBIOS, disabled as well, since it is vulnerable.
    It is used to update certificates/digital signatures for Windows, browsers, webpages.
     
  5. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    706
    Location:
    North America
    @TairikuOkami Thanks for the tips. I will allow "out" for #'s 1 and 4 and block 2 and 3. If you don't mind, there might be a few more that I might ask your advice on. :thumb:
     
  6. Claudio R

    Claudio R Registered Member

    Joined:
    Jan 22, 2018
    Posts:
    60
    Location:
    Italy
    Alexandrud et all...

    It is possible to import a file with the rules (WFW or WPW from the command line (I need it during the installation phase already from the command line)...
     
  7. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,163
    Location:
    Lunar module
    netsh advfirewall import "C:\Firewallrules.wfw"
     
  8. Claudio R

    Claudio R Registered Member

    Joined:
    Jan 22, 2018
    Posts:
    60
    Location:
    Italy
    Tnx
     
  9. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    88
    seems i cant get windows remote desktop to work on medium filter. i searched rules for 3389, and i have allowed incoming there.
    Searched connection log and nothing there. Ive enabled the rules in defender.
    any idea what the issue is?
    Skjermbilde 2023-09-29 194120.png

    edit- Tried in a fresh win 11 window and same thing. Icomingremote desktop is blocked in medium filter, despite allow rules created.

    edit 2. on fresh install remote desktop worked with firewall enabled. Tried wfc, blocked with medium. uninstalled wfc and choose reset settings. After that remote desktop is still blocked, and only working when turning off windows firewall..
    https://static1.makeuseofimages.com/wordpress/wp-content/uploads/2023/01/enable-rule-option.jpg?q=50&fit=crop&w=1500&dpr=1.5
     
    Last edited: Sep 29, 2023
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    I have these two inbound rules on one of my machines:

    upload_2023-9-30_19-23-36.png

    On my main machine I need one outbound rule for mstsc.exe. That's all it takes on my side to connect from one Windows 11 to another Windows 11 machine. No domain, just same workgroup in a home network. However, to connect through RDP, you need an account with a password set for that account. If the machine where you want to connect does not have a password, RDP doesn't work. What error does it give you when it fails to connect?
     
  11. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    88
    Did get a quick reply from binisoft. So have been playing with it.
    I use the store remote desktop app and the ms app for andoid. on one machine the rules was in my language and english. so disabled the double rules.

    Reset and configured the rules again and now I can connect from the ms remote desktop app to the computer with setting at medium.

    Its only the android app that no longer connect on medium, just low. Error code 0x104

    no clue why that app only work in low, but the window mascines work now.

     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    To be able to connect from the Microsoft Store Remote Desktop, you will need an outbound rule for rdclient.windows.exe. I also tried from my Android phone to connect to my laptop. The same inbound rules were working fine, I was able to connect to my laptop from my phone. I didn't know there is a RDP Android app which works with Windows machines :)
     
  13. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    88
    strange, the app will not connect on medium for me. Since the windows app works to connect now its fine. Just wonder what blocks the android app from connecting while on medium..
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    Notice the Medium Filtering (green) tray icon. Check the blocked inbound connections in Connections Log when it fails and see what was recently blocked. You should make an idea.
    RDP.jpg
     
  15. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    88
    Skjermbilde 2023-10-03 064304.png ok, found it. this was blocking it.
     
    Last edited: Oct 3, 2023
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    Network Discovery :) Finally you sorted it out. Thank you for posting back that you solved it.
     
  17. Rejerf

    Rejerf Registered Member

    Joined:
    Feb 26, 2023
    Posts:
    2
    Location:
    Poland
    Love this software so I have to ask...

    My WFC config is as presented on the screens. I only use my own set of rules + recommended ones by WFC (these should include local networking). Any other rule is removed.
    https://i.postimg.cc/SkXJYtQ5/wfc-settings.jpg
    https://i.postimg.cc/7qdcYhsd/Untitled.jpg

    Cannot get network discovery to work on Medium filtering. Always gets disabled after every try and the same message appears all over again.
    https://i.postimg.cc/j2PpcVZV/2023-10-10-18-19-13.jpg

    The connection log doesn't show any blocked connections which are set to be logged.
    Everything starts to work on No filtering but I don't want to switch every time.

    What's wrong with my approach or rules? Why's the connection log doesn't show blocked connections?
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    Your posted images can't be found :(
    When you try to enable Network Discovery in Windows, it just tries to enable the firewall rules from the default set of rules located in Network Discovery group. If those rules are not there anymore, it doesn't recreate them. This is why that checkbox doesn't stay checked. Try these steps:
    - Make a partial policy export of your current rules. Include all of them.
    - Restore Windows Firewall default set of rules.
    - Keep the ones from Network Discovery and File and Printer Sharing groups. You can delete any other rule.
    - Import your rules back from the partial policy. You should have now the your rules + the ones from Network Discovery and File and Printer Sharing groups.
    - Now, when you enable that checkbox it will be able to enable the required rules for Network Discovery.
    You did not mention what is your scenario. What do you want to achieve? With WFC recommended minimal set of rules you must use IP addresses to access your machine, not the machine name. At which blocked connections are you looking in Connections Log? Inbound or outbound?
     
  19. Rejerf

    Rejerf Registered Member

    Joined:
    Feb 26, 2023
    Posts:
    2
    Location:
    Poland
    Either this forum doesn't offer/allow me to edit post and replace the links or I don't know how to... never mind.
    Your procedure did the trick and now I'm able to connect to other machines on my LAN.

    I understand that this method could also work in other scenarios when user removes completely Windows Firewall default set of rules.

    Thanks a bunch!
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
    I believe you need a minimum number of posts before you can upload images.
     
  21. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    692
    Location:
    Switzerland
    @alexandrud

    In the test version v6.9.3.0 (maybe in older versions too? I can't remember *g*) we have a column Edge traversal for outbound rules too. That's not useful because Edge traversal is for inbound rules only. Could you remove this column for outbound rules OR make there an "Not available" or something like that instead of "Block edge traversal"?

    Greetings
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    Good catch. It will be fixed in the next release. This is a side effect of the major changes from version 6.9.3.0. The reason why I did not publish yet a new version is the Smart App Control, but I will consider making a new release without Smart App Control support. Once this gets fixed on another team (out of my control) WFC will be compliant with Smart App Control too.
     
  23. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    692
    Location:
    Switzerland
  24. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,524
    Location:
    Flat Earth Matrix
    I hope so, technically people, who use Smart App Control, do not really need a firewall and probably will not anyway. I have removed even the annoying smartscreen.
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    Smart App Control is part of Windows Defender. However, I would not say that a firewall is not needed anymore. People want to block even legitimate programs to connect to the Internet for various reasons. As for inbound access, you still need a firewall.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.