Windows Firewall Control (WFC) by BiniSoft.org

Out of curiosity, would it be possible to support other default presets, like LocalSubnet (which already is)? My Windows firewall lists these (translated):

• WINS-server
• DHCP-server
• DNS-server
• PlayTo-renderer

I actually don't need these, but perhaps other users might. So it might help them.

 

The keywords Internet, Intranet, PlayTo Renderers, Remote Corp Network which can be set in the Remote Addresses property of a rule from WFwAS are not visible in Windows Firewall Control. This is a problem caused by Windows Firewall API which does not provide these values at all. The other keywords are supported: LocalSubnet, DefaultGateway, DNS, DHCP, WINS. Also for local ports the following keywords are supported: RPC, RPC-EPMap, IPHTTPS, Teredo, Ply2Disc, mDNS.

 

PLEASE add this to the documentation. WFC has so many features that nobody who is not active in the forum knows about

 

Well, some obscure features must remain obscure Otherwise I will get too many support emails asking about these which are actually questions about Windows Firewall, not WFC. I do not have enough free time to provide support for WFC and Windows Firewall too.

 

Small request: in the Connections Log, Display section you have to refresh to enable each change in Connections, Direction etc. It would be nice if this was done automatically, as more or less happens in the Rules Panel (Display, Filter).

 

It was like this at some point but it became very annoying when you wanted to change multiple filters. For example from Blocked/Outbound/All connections to Allowed/Inbound/Last 100 connections. There are 2 extra loading tasks which may take several seconds.

 

Interesting, I've just seen a DLL trying to connect to the internet. I unfortunately saw the notification window too briefly, but the file ended in .dll. Is this normal?

Edit: Please ignore if too offtopic.

 

Are you sure it wasn't rundll.exe? DLL files are loaded into executable files and even if the code that connects to the internet is in a DLL file, the process that loads it is an EXE file. The process that is blocked is the EXE, not the DLL.

 

It really had suffix .dll.

So I tried something:

Code:

cmd
copy curl.exe curl.dll
curl.dll google.de

I'm aware that's this is no DLL, but an application could do the same and start the process. I know some people who manually create rules for EXE files only. But DLLs can also actually be EXE files that can establish a connection on their own. Luckily, WFC detects it, since they're executables only.

That seems to explain what I've seen.

 

The program distribution includes mbcut.dll, mbcut32.dll, Newtonsoft.Json.dll, they collect technical information and statistics to help the author to identify and fix bugs. They are harmless, they do not collect or transmit user's personal data. You may have seen one of them. There was a detailed discussion about it on the forum 2 or 3 years ago.

 

In recent versions of WFC there's no mbcut32.dll anymore and there's a bunch of new files that didn't exist before

 

mbcut32.dll is for x86 operating systems. For x64 there is just mbcut.dll. The recent installer will copy just the one used by the OS architecture. As for the others, they are required since WCF was replaced with Grpc for inter process communication.

 

Appreciate the information, alexandrud

 

Hi, i'm having problems with Malawarebytes Windows Firewall Control after v6.9.9.0 running on Windows 11:
if i set profile to MEDIUM filtering Windows update and WSL2 (only DNS traffic, i can ping for example 8.8.8.8 but not ping or dig google.com) is blocked, no notification will appear, setting profile to low filtering it works.
The system worked fine before the update; i tried resetting all the rules or creating specific rules but it did not fix the issue.

I did not found a place to report issue so i'll post it here.

 

But even then, wfc.exe should appear in the notifications, not the DLL. I think in my case, it was really some application that was just pretending to be a DLL and was correctly blocked.

 

Nothing else changed? Which WFC version did you have before the update? Did you reset your rules? What rules do you have for svchost.exe to allow DNS, DHCP, basic networking? Did you set a different DNS configuration?

 

Current version is absolutely perfect! I'd only wish if you could "harden" the Secure Profile setting more. It can still turn itself off silently - usually by Windows itself but perhaps even 3rd-party programs with admin rights that may tinker with the Windows Firewall.

Perhaps WFC could notify the user when a change or possible problem is detected there?

 

I'm having an unusual problem, and I'm not sure if it's with WFC or not. I just both a mini pc so I can use it as a streaming device for my TV. It works amazingly for that. But I'm also using it to watch things I have on another computer, which acts as a media server using JRiver Media Center. Both devices are on the same network, an nothing is accessible outside that network. Everything works fine if I disable WFC/Win11 firewall. The streaming device cannot reach the server if they are active. I'm not sure why, and there's nothing in the block log. So something's being blocked that is not telling me it's being blocked. Any ideas?

 

Are you on Windows 11 22H2 ? In my case, Hyper V firewall was causing this. Had to allow outbound traffic, see https://learn.microsoft.com/en-us/w...rk-security/windows-firewall/hyper-v-firewall

 

Hello, thank you for the fixes regarding authorized groups importing/displaying. It looks much better now
Just a personal cosmetic suggestion, I don't know if others agree with this, can the generated description for new rules be changed from "Inbound/Outbound rule to allow/block [...]" to: "Inbound/Outbound rule for [...]" ..? This makes changing rules between allow/block a little less painful ^^.

 

I love WFC's keyboard shortcut for switching profiles, and I use it often for quickly and easily "downshifting" firewall protection when installing programs which create temp installer programs needing connections.

However, currently the shortcut cycles first to the highest "High filtering" profile first, which ends up disrupting other program stream connections I have going at the time.

Any chance it'd be possible to either:

• Add a setting defining which profiles are (keyboard) "rotatable"? E.g. "Check the boxes of profiles that can be rotated between"
• Or add a keyboard shortcut which alternates between two profiles only? E.g. "Medium" -> "Low" -> "Medium"
  
• Or have the current keyboard shortcut cycle "downward" through profiles instead, going less-restrictive first? (And then the auto-switch timer would bring it back to the default profile after X minutes)

All that said, no complaints, of course. I love WFC, and it's the first thing I install on a computer! Thanks for all your ongoing effort and support invested into it!

 

On the device which you have your media server running, did you create the appropriate inbound rules to accept incoming connections? What outbound rules did you create so far on the other device? Check the inbound and the outbound blocked connections when you try to connect and create the required firewall rules. If nothing shows up, when you disable Windows Firewall, you could use the Network tab from resmon.exe which shows active network connections. You should see there what component is connected.

There is no need for defining block rules if you use Medium Filtering profile. I will change this in the next version.

 

There is delay of 2 seconds when using the hotkey to toggle the profile. Each press delays the actual action by 2 seconds. This allows enough time to set the correct profile. Since the profile is not set instantly, you have time to make sure you did not set it to No Filtering or High Filtering. The profile changes in one direction only, not in both ways. Let's say you start in Medium Filtering, do you press on the hotkey to go to High or Low? This is why it goes from lower to upper.

 

noticed a slight issue with the "Auto Allow / Uppercase" Notifications feature...

e.g Proton for the last few months has moved from a standard named folder and now each update includes the version in the path
6.9.9.0
the top 2 entries work....... but the bottom one becomes a "block" (guessing as it has 2 x .)
PROTONVPN.EXE
PROTONVPNSERVICE.EXE
PROTONVPN.WIREGUARDSERVICE.EXE

 

@kC_
You specify EXE, but what if you specify PATH?