Windows Firewall Control (WFC) by BiniSoft.org

Currently, when you export/import a full policy file in WFW format, netsh.exe is used for this. When you import a WFW file, it may fail and the import works until it reaches a problematic entry. Everything after that, is not imported anymore. I have in plan to remove the support for exporting all rules to WFW file format which is a Microsoft format and which generates some unexpected errors when reimporting it. WFC will use instead the WPW format which is actually an XML file which can be viewed/edited in any text editor. This is easier to debug because you have all the rules, they get imported one by one, if one fails WFC skips it and continues with the others.

Multiple keywords are not supported.

 

I don't see any way to make a poll here. Anyway, I wanted to ask you for WFC 7.x.x.x, what do you think about a switch from .NET Framework 4.x to .NET 7 or 8? NET Framework is becoming outdated. With .NET 7 or 8 we can also have a WFC version that runs on ARM CPUs.
What does this mean? It means that in order to use WFC in the future, a user will have to install .NET Desktop Runtime as a prerequisite on their machines.

 

A categorical NO! Then you will lose a lot of users, including me, although we do not bring you any monetary income. Let there be two options, 4.x and 7 or 8.

 

I do not mind, I already have 3.5 because of an old game, but I could never figure out, which one apps ask for, since there are several, like NET Runtime, Core Runtime, Desktop Runtime, etc, it is confusing, unlike with 3.5/4.8

 

No, please not - please stay with "official" MS .NET versions. I still have .NET 4.8.x on my Windows 10 Pro system and don't want to install the v7 or v8 until MS does it automatically.

Greetings
Alpengreis

 

I don't know.
1. I'm pretty sure that I didn't change anything in the system or the WFC settings between the update from 6.9.2 to 6.9.6 and 6.9.7 (cause I rarely change or install anything). Somehow secure boot did not work under 6.9.6 and 6.9.7 as before.
2. I definitely know that I didn't change anything in the system or WFC when I switched from 6.9.7 back to 6.9.2 (flight mode on, 6.9.7 uninstalled without deleting the rules and settings, 6.9.2 installed, flight mode off - nothing more).
I restarted the system the next day - since then secure boot has been working normally again.
3. I never close WFC manually - the icon in the tray is always there
4. I never use sleep mode. My laptop is either running normally or switched off.

 

I am not sure I have time to maintain two code bases.

But .NET 7 is official from Microsoft. .NET Framework comes embedded in the operating system but is not developed/updated anymore, all updates/improvements/bug fixes go to the .NET (without Framework in the name) which is cross platform and portable.

 

yep it makes sense, but maybe have 2 available versions so the older users that dont wish to upgrade can still access the legacy/retired version (and disable auto updates)
and then you only have to maintain the one codebase, makes total sense tbh.

 

MS keeps old runtimes for compatibility reasons, even though they are highly insecure, just like NET Framework 3.5/4.8 or PowerShell 5. It might take another decade till MS will deprecated them, if at all, just look at VisualC++.

 

With "official" I meant, not official automatically installed on all Windows 10 machines. HERE in my Windows 10 Pro version (Microsoft Windows 10 Pro x64 [19045.3636] [22H2] [de-CH]) it's NOT embedded! Maybe if I WOULD reinstall ... but not in the current state. The latest is v4.8.x here.

You would really have problems then with many people, I think ...

Greetings

 

It is not the latest, it is the last. Even MS recommends to upgrade to .NET:

 

It's the latest, which is installed from MS AUTOMATICALLY (through Windows Update) on my system here!

I saw the recommendation, yes, thanks.

 

@alexandrud

I will see, what I can do about this (.NET v7.x) ...

Greetings

PS: Ok, I could now install the .NET Desktop Runtime 7.0.13 and this seems enough already (at least Biniware Run runs now with .NET v7.0 version). Then I am open now too for a such WFC version now.

Important would be that you can make it VERY clear for users that the .NET Desktop Runtime (v7.0) is enough (no need for the SDK) and please link to the related MS site (https://dotnet.microsoft.com/en-us/download/dotnet/7.0).

 

same for me, no..

 

I updated the codebase so that I can keep the NET Framework 4.8 version and also make new builds for .NET 7 (.NET 8 later this month).

Who wants ARM support, faster execution, better memory usage will use the .NET 7/8 version.
Who wants to use the NET Framework 4.8 version, it will still be available and updated.

Any new update will be for both. Everyone is happy.

 

Hello, on Windows 11, when using "Import group names from the current existing rules" a lot of entries like these can be seen:https://s.go.ro/a6kcncgq

 

Alexandru: you're the best ! (from a very old customer who has paid for your great soft! you are a real programmer).

 

@alexandrud

Sounds GREAT! Thank you!

 

Yes, the group names are inside those dlls as resource ids so that on different operating systems their localized names is used for display purposes. Windows Firewall internally uses those ids and it gets their display names from those dll files. I always wanted to add the same logic in WFC but I never got to this. I will give it a try for the next WFC version.

 

Ok, but this looks like a bug, since multiple imports result in duplicates with the same IDs, or the comparison with existing rules fails because of the weird "names"? And I think that the entries are there already by name since I don't think that any group is missing from that list (did not compare, yet, will get back on this). Hmm...

 

What kind of multiple imports? Where are these "duplicates with the same IDs"? Multiple rules can share the same group id/name. The Authorized groups names list does not allow duplicate entries.

 

Anyone? Or am I missing something obvious?

 

Your machine has IP 192.168.1.103 in your local LAN. That is the Local IP, not the Remote IP. Your defined rules say that you accept incoming connections to your machine from a machine with IP 192.168.1.103 from the remote port 43191. That is not a remote machine, that is your machine. Just remove the ports and the IP addresses from your rules. Leave one inbound rule for UDP and one inbound rule for TCP. You don't know the remote IPs and ports from other peers, so don't assign any values.

 

Ooops, completely reversed the remote/local configs, thanks for pointing them out.

 

Windows Firewall Control v.6.9.8.0

Change log:
- Improved: Retrieving the group display names uses now shlwapi.dll. This fixes group names with dll names and resource ids.
- Improved: Default option is now the third one in the uninstall dialog. This will leave the firewall rules untouched during uninstall.
- Improved: The speed of importing a *.wpw file was improved by updating the internal cache mechanism.
- Improved: The speed of deleting multiple rules at once was improved.
- Fixed: Can't load language files which have a language code that is not 2 letters.
- Fixed: Experimental feature that auto allows certain paths/file names does not work anymore.
- Fixed: During uninstall restoring default/previous Windows Firewall rules fails if Secure Rules is enabled.
- Fixed: Deleting multiple rules at once may fail if Secure Rules is enabled.
- Fixed: Search functionality may result in a crash in Rules Panel and Connections Log.
- Fixed: Revert profile timer is not updated unless the revert profile is unchecked and checked again.
- Removed: Exporting/importing to/from *.wfw file (Windows Firewall format) was removed due to unreliable results. This still can be done from WFwAS, but not from WFC anymore.
- New: Added translation for Serbian language.

Download location: https://binisoft.org/download/wfc6setup.exe
SHA1: c420ce25d217551dfb8b6760142c37a8cef60161
SHA256: f696d6fae4491b1297834092a4ffce5c65a41506b72d0c8417e3e72b5f030c69

Thank you for your feedback and your support,
Alexandru Dicu

Please let me know if the reported problems are fixed. And any other unresolved problem