Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    614
    Location:
    EARTH
    I' ve just installed WFC, and there is something i don't understand :

    The setup run fine, but after restart, no system tray icon appear (so no notifications),even if wfcs.exe process run in the task manager at each startup , i've to manually added the executable wfc.exe via msconfig, and after a restart the system tray is there, but whyo_O.
    No matter which antivirus i use, i try severals and same thing appear.

    I actually run W7x64.

    Thanks

    Rules.
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    I don't think this is possible so easy. Block rules have always higher precedence in Windows Firewall than allow rules. When High Filtering profile is used in WFC two new rules are added, one that blocks all outbound connections for all programs and one that blocks all inbound connections for all programs. When the user switches to a different profile, these two rules are deleted. To achieve what you have called "High Filtering - External Only" you should have the following setup: Medium Filtering profile, no custom rules made by the user (they must be disabled, but based on what ?), two new rules that will allow all inbound/oubound connections for all programs. These rules must have the Remote Addresses field set to the keyword LocalSubnet. This will make the rules to allow the traffic only in the local network. As you can see, it is not something trivial even if it seems to be. If you have in mind another approach for this, please share it. This is just my first impression on this topic.
    Thank you for reporting this. I can reproduce it too. The problem is that this exe file does not have a name. When WFC creates a new rule for it, it retrieves the name of the program and then it uses this name as a rule name. Because the name is empty, when the rule is about to be created, Windows Firewall API rejects it because the rule name is an empty string. If you go to Connections Log, you will see that this progam opera_autoupdate.exe does not have a name. I will update the code to assign something if the name is empty.
    Windows Firewall has two parts: wfcs.exe (Windows service) and wfc.exe (the GUI, with the tray icon). After you restart your computer you should see both processes started. When you have installed WFC, did you check that checkbox named "Start automatically at user logon" ? If you go to Main Panel from WFC, under the Options tab, do you have the "Start automatically at user logon" checked ?

    When this option is enabled, a new shortcut is created in the following folder:
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Windows Firewall Control.lnk
    This ensures that the wfc.exe will start no matter what user will log in into Windows the next time when the computer starts. Do you have this shortcut ?

    The current backlog contains:
    - Install mode which will revert the previous profile used after a given period of time
    - Find a way to prioritize the start-up of wfcs.exe to ensure that other services does not start earlier and create new rules in Windows Firewall, before the start-up of WFC
    - Various small bug fixes
     
  3. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    614
    Location:
    EARTH
    @alexandrud

    thanks for your support :

    "Start automatically at user logon" is checked.
    When i start computer, only wfcs.exe is present in the task manager, so no GUI popup alert.
    I also have the shortcut in the same location.

    Alls needed services are On (Windows Firewall, Workstation, DNS client, tcip/netbios helper).

    When i look the you tube videos on your website, normaly the tray icon appear just after click exit at the end of the setup, nothing for me.

    Like i say before if i add wfc.exe in msconfig startup all run fine, i also try other programs with a startup entry at restart and all worked fine, so why just WFC.

    Maybe, the GUI need something more particular than the service to be launched at startup?

    Just for be sure in the Program Folder of wfc i have 3 files : the wfc the wfcs and the restore.wfw, for the last one i ve read somewhere, that is restore.dat, maybe the problem is here, i don't know.

    I really want to use it so if you get solution, i'm going to be very happy, as i am a registered of your great product.

    Thanks

    rules.
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    This changed in the latest releases. The EXIT button just exits the installer. You must press on the RUN button instead to launch WFC, but this will launch it with administrative privileges. Administrative privileges for wfc.exe are required only at uninstall. In other scenarios, if the wfc.exe requests administrative privileges, it means that it can't connect to the service, wfcs.exe. Launching wfc.exe with administrative privileges will attempt also to start the service if it is stopped or disabled.
    Please go to Event Viewer (eventvwr.msc). Under "Applications and Service logs" category, there is a subcategory named WFC. Here are logged all errors from WFC. When you are there, on the right panel is a button named "Save all events as...". Use this button to export an *.evtx file and send it to support@binisoft.org to check the log.
    If the solution that you have achieved from msconfig works, use that for now. Strange, because that shortcut that I've talked you about also appears in the start-up list when you check in msconfig. What other security products do you use ?
     
  5. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    614
    Location:
    EARTH
    @alexandrud

    I' ve just sent you the event viewer files, it's clear something wrong appears.

    No the shortcut you've talked doesn't appears in msconfig, until i added it manually.

    Actually i've no AV installed, no third-party firewall and hips, just AdMuncher.

    Thanks for your support, i'm very interesting to know what's happening and i'm sure you will get the answer.

    rules
     
  6. Kob

    Kob Registered Member

    Joined:
    Dec 13, 2011
    Posts:
    39
    I appreciate the preliminary analysis of my request.
    In the coming days I will experiment with your suggestion, and if I have something meaningful to report back, I will do that.

    Thanks.
     
  7. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    63
    A question and few suggestions, if I may:

    Question:

    ? Sometimes rules are created without names, like "(TCP-Out)" as the rule name instead of the program's name or .exe -- how come? Any way to resolve this?

    Suggestions:


    -Ability to temporarily disable firewall for X minutes. This stems from issues with installation/update programs that extract and run an executable from a temp folder. It's difficult to custom/temporarily allow it, especially if it uses more than one port connection because WFC will only notify on the first connection, suppressing any others, requiring a viewing of the log and trying to define rules that way -- *but* unable to create these temporarily. This requires a tedious process of either running and re-running the program, creating temp rules each time, or manually creating a rule from the blocked-connection log, but unable to make it temporar, so you have to remember to go back afterward and manually delete it. This becomes tedious enough that I've started manually disabling the firewall altogether for an install/update, like Adobe Flash, for example.

    -Ability to create temporary rules from *within* WFC, not just via popup alert. This builds on the above issue. It'd be great if we could customize/create temporary rules from within the blocked connection log, so we don't have to remember to go back and delete a rule that we don't want to be permanent (e.g., like temporary installation/upgrade .exe's).

    ***-Ability to allow multiple/subsequent pop-up notifications for each connection a program attempts. This is a big one, in my opinion. Currently, WFC suppresses all notifications after the first pop-up (for a period of time). However, programs often use more than one protocol and/or ports. So if I run a new program and get a pop-up that it's doing a TCP port 80 outbound and I allow it, I won't get notified when that program immediately attempts outbound port 443 connection or UDP connection. I used to get confused wondering why programs still couldn't connect, until I found further connection requests were being suppressed. This has fostered an unsafe habit of, when getting a new WFC pop-up, automatically allowing ports 80 + 443 for the program even if it hasn't requested it yet.

    -Ability to sort rules list by date/most recently added
     
  8. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    I'm having a problem with WFC un-registering itself. It does at at anytime during a session on my pc.

    Win 7 32 bit.
     
  9. Blaspie

    Blaspie Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    13
    Could you add an option for inbound connection filtering and notifications?
     
    Last edited: Apr 28, 2014
  10. Blaspie

    Blaspie Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    13
    I have no inbound rules defined and yet connections log shows lots of blocked inbound connections (svchost.exe and System). How is that possible?
     
  11. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    Windows Firewall itself blocks everything inbound, without a rule. If you want to allow an inbound you have to create a rule.
     
  12. ferenczy

    ferenczy Registered Member

    Joined:
    Feb 21, 2014
    Posts:
    13
    Location:
    Czech republic
    Hi Alexandru,

    sometimes it happens, that notification window from unknown reason changes its position and size. Now I have notification window in the center of screen and it fills almost whole screen. You mentioned to execute WFC with the "-reset" parameter. What it's exactly doing? I mean what it resets? Everything what is under the "HKEY_CURRENT_USER\Software\BiniSoft.org\Windows Firewall Control" registry key only? Or something else? If so, I'll backup this key, do the reset and then restore everything except the key "PlacementNotification". Or maybe it would be easier to edit that key manually. Its value is now "50'50'1440'743'120'Normal". First 2 parameters are X and Y, next 2 window width and height, right? What's the last numeric parameter? And what are default values of width and height?

    Maybe it would be nice to have a command line parameter to reset notification window size and position, because it's for the 3rd time I have experienced this. And I don't like to reset whole settings.

    Thank you and have a nice day.
     
  13. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK

    Resolved, I was unwittingly deleting a registration entry relating to the licence.
     
  14. ferenczy

    ferenczy Registered Member

    Joined:
    Feb 21, 2014
    Posts:
    13
    Location:
    Czech republic
    Yep, I have checked that rules at first. Everything looks that it should work, but it work with "Low filtering" only. Active network is private and rules are for private network. I think I quite understand Windows Firewall, so I checked it before I have asked. BTW there are for example connections to remote port 1900 and 5357 (to the IP address of my router) in blocked connections, what's Network directory. But these rules are allowed, exactly the same as you sent in the screenshots.


    I had in mind the "port" column. Oh, I didn't notice that there can be for example text or range.


    That's a pity because without that it's really hard to "debug" connection problems (like my sharing one).
     
  15. Blaspie

    Blaspie Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    13
    But my inbound connections are not blocked, I can browse the internet normally and inbound connections log shows lots of entries..
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    The name is contains the internal name of the assembly. Some developers don't set this property for their assemblies. This will be fixed in the next version. I will use the exe name if the name is empty.
    I will add a new option under the Profiles tab where the user will be able to select a profile from a combo box and a period of time. If the user changes the profile to a different one than the one selected in the combo box, then a timer will start and after the configured period of time, the selected profile will be reverted automatically. This will be the Install Mode. Without creating new entries in the menus. Then, when the user will have to install something, he can change to Low Filtering or No Filtering, and after 5,10,20,30 minutes the profile will be reverted to Medium Filtering.
    Not possible.
    If a program is blocked, it is added to a blocked list and it is removed only after 30 seconds from this list. So, if you receive a notification for a program, only after at least 30 seconds you can see a new notification for the same program. This is needed because when a program gets blocked, it will try to connect immediately to a different port. This means that a new connection will be blocked. Without this list, you will receive hundreds of different notifications in just a few seconds for the same program, but for different ports. This is how it works.
    Not possible. The rules from Windows Firewall don't have a time stamp in their properties and WFC can't extend this. Anyway, the most recent added rules will always be displayed on top of the data grid in Manage Rules.
    WFC was developed to configure outbound control. By default, inbound access is blocked by Windows Firewall and this is how it should remain. Displaying notifications for inbound connections is just a waste of time because you will see there thousands of blocked attempts from the Internet and anyway, you want them blocked.
    When you browse the Internet, outbound connections are generated, not inbound. This is normal. If you see a lot of inbound connections blocked, it means that they are blocked.
     
  17. Blaspie

    Blaspie Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    13
    I see. I thought when you block inbound connections the computer will only communicate one way, lol.

    However I still see lots of allowed inbound connections in that log. Is this normal?

    https://www.dropbox.com/s/odstge2zycq8arg/muh connections.jpg
     
    Last edited: Apr 29, 2014
  18. ferenczy

    ferenczy Registered Member

    Joined:
    Feb 21, 2014
    Posts:
    13
    Location:
    Czech republic
    Well, it seems, that if your notification window suddenly changes its position and size, you can simply reset it to the default values by changing X or Y coordinates somewhere outside of the screen. To do it, change value of the PlacementNotification under the registry key HKEY_CURRENT_USER\Software\BiniSoft.org\Windows Firewall Control. Format should be "Y'X'WIDTH'HEIGHT'?'WINDOW_STATUS". So change for example value of Y coordinate to the higher number than the height of your screen. WFC should reset notification window placement and size to the default settings.
     
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    The values stored there are: Top, Left, Width, Height, ExtendedWidth (something internal regarding the aspect ratio), WindowState. When you restore the window, if the Top or Left values are out of any active screens, the default location is used instead. The default values for width and height are 342 and 306. The quickest way to reset the position of this particular window is to delete the PlacementNotification value. The "-reset" parameter will clear the entire key from "HKEY_CURRENT_USER\Software\BiniSoft.org\Windows Firewall Control". This is the place where the user defined preferences are stored.

    Do you use multiple monitors or a projector with your computer ? It is strange that you have such big values for width and height because the notification window is fixed and can not be resized.
     
  20. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Here's a possible quick route; have a separate set of rules for the High Filtering (Global), High Filtering (External Only) and other profiles. That is, for the High Filtering (External Only), when that profile is activated:
    - WFC could backup the current firewall settings (to say it's "Program Files" directory). If the profile the user is switching from is the "High Filtering (Global)" profile, back-up the rules as say "HFG.wfw", otherwise, bak-up the rules as say "Other.wfw".

    - Delete ALL rules and restore a pre-maid set of rules (from say a "HFEO.wfw" file), which by default will be the stock default rules + those two rules​

    Also, there should be a pre-maid set of rule for the "High Filtering (Global)" profile; could be the stock default rules + the block-all rule (or just the block-all rule). When the user switches from that profile:
    - WFC backs up the rules (to say it's "Program Files" directory) for use with that particular profile; to the "HFEO.wfw".

    - Deletes ALL the current rules and restores the one of the backup it created, depending on which profile the user is switching to. If the "High Filtering (Global)" profile, it restores the "HFG.wfw" backup, if the Medium/Low/Disabled profile, it restores the "Other.wfw" file.
    However, to avoid scaring some users into thinking they've lost all their rules, I suggest that there should be a 1-time warning window displayed to the the user, informing them of this, when they switch to either of the High Filtering profiles.

    Also, don't forget about the "Restore Windows Firewall default set of rules" command at Main Panel > Rules. I suggest having a confirmation window (after the current one in place), which asks the user if they want to restore ALL profile rule sets to their defaults or just the current profile set. If the latter, do the same as currently in place, if the former, WFC does as follows:
    - Restore the stock default set of rules, creates a backup to the "Other.wfw" file

    - Add the 2 LocalSubnet rules, create a backup to the "HFEO.wfw" file

    - Delete ALL rules, make a block-all rule, create a backup to the "HFG.wfw" file

    - Restore the appropriate backup depending on which profile the user currently has selected​

    Hope that helps in making this program even more extra-ordinary :)

    Looking forward to it :thumb:

    You can do this by right-click one of the column headers and selecting "Reset sorting".
     
  21. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    63
    Brilliant! This is what I was looking for. I wished there was a way to reset it, because it seemed to remember the ordering on its own when first opening. This also gives access to a "new" local address column which is also utmost useful as well. Thanks for opening mine yes! :)

    And of course, thanks for all the hard work + continuing support, alex. A fantastic program.
     
  22. xedoc

    xedoc Registered Member

    Joined:
    May 1, 2014
    Posts:
    1
    Can anyone help me to create a outgoing rule for the Hyper-V Manager under Windows 8.1 (Update 1)? I can connect to other servers if I set the profile to "low filtering". Interesting is that no popup comes up, even if I set the notifications to "High". My current workaround is to set the filtering to "low".
     
  23. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    63
    Is there a programmatic way to determine/track what program/service is calling a gateway executable like java*.exe or svchost.exe?

    If not, is there a way to better track and secure rules like these for gateway-type programs?

    For example, in the W7 Java control panel, I just checked for official updates. WFC popped an alert for javaw.exe. I created a rule allowing it for the specifically requested IP + port. However, now I have a "generic" rule, so to speak, which any other JVM-accessing program could also use. Granted, it's to a specific IP and port, but it's still a potential doorway out.


    I'm guessing it's probably not easily determinable (programmatically), at least within the confines of WFC doing so. If not, what does everyone do for programs like these? Is there anything special you do, besides restricting the "generic" rule to an IP/port?

    If anything, I'm guessing it'll just require extra awareness whenever a gateway program pops an alert, hopefully timing closely enough with a manually-run program to connect who's doing the calling -- perhaps adding a parenthetical note in the rule name for which program is doing the beckoning.
     
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Windows Firewall Control v.4.0.9.0 - New Version

    What's new:
    - New: Install Mode. This new mode available in the Profiles tab will automatically revert a chosen profile after a given period of time if the user changes the profile and forgets about this.
    - Fixed: When using "Disable the ability of other programs to add firewall rules" some programs that use Windows services can still create firewall rules through these services before the start-up of WFC.
    - Fixed: The scroll position in Main Panel does not automatically scroll to top when changing between the tabs.
    - Fixed: The automatic rules creation for digitally signed programs does not work with Low notification level if the file description is an empty string. If the file description is missing the file name will be used instead

    Installation notes: Just use the installer to update to the latest version. However, some options will have to be set again in the Main Panel because they were renamed internally. So, please check your settings after updating to the new version. These are the new translation strings, related to the new Install Mode:

    111 = Install mode specifies the profile that will be reverted after a given period of time when the profile is switched
    112 = Automatically set
    113 = after
    114 = minutes
    934 = This field must be a numeric value between 1 and 60


    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 28f2976a18c6eec7969b86d81e774e33947eac6e

    Thank you for your support and your feedback,
    Alexandru :)
     
  25. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    797
    Got it, thanks! :)


     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.