Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Claudio R

    Claudio R Registered Member

    Joined:
    Jan 22, 2018
    Posts:
    52
    Location:
    Italy
    Restart PC

    I don't like taskkill very much... Is there a way to close wfcui.exe from the command line (it's not mentioned in the manual...)?
     
  2. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    666
    Location:
    Switzerland
    @Claudio R

    No, you don't have to use taskkill.

    Just make a right click on the WFC tray icon and close WFC. Then after restart it, it's restricted again (within restricted windows user account).
     
  3. Clarensio

    Clarensio Registered Member

    Joined:
    May 4, 2014
    Posts:
    4
    @Alpengreis
    Yes, of course... but in doing so you need to click on 2 links...

    Instead, I was asking if there was an option to close wfcUI.exe from the command line, as well as, again from the command line, (wfcUI.exe -mp) restart it so I can do it in a single batch...
     
  4. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    666
    Location:
    Switzerland
    @Clarensio

    Ooops, yes you are right, I should read more carefully, sorry!
     
  5. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    666
    Location:
    Switzerland
    @Claudio R (@Clarensio)

    Then I would also prefer to have a own command line switch instead to use "brutal" taskkill.


    @alexandrud

    Could you implement addidional/ly command line switch(es)?

    Something like the following:

    wfcUI.exe -r | restart

    ... or at least a proper shutdown switch like:

    wfcUI.exe -s | shutdown

    Then users could easy create a related batch file for restarting the GUI with non-elevated rights (in restricted user accounts).
     
    Last edited: Feb 4, 2024
  6. Clarensio

    Clarensio Registered Member

    Joined:
    May 4, 2014
    Posts:
    4
    @Alpengreis
    Exactly... you understood my question...
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,397
    Location:
    Romania
    This switch exists since many years ago. Use: wfcUI.exe -exit

    Restarting the machine was never required in relation to WFC.
     
  8. Claudio R

    Claudio R Registered Member

    Joined:
    Jan 22, 2018
    Posts:
    52
    Location:
    Italy
    Thank you so much...
    It was clear that it "existed" (the [Exit] button...) but as mentioned it is not documented... :)
     
  9. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    666
    Location:
    Switzerland
    @alexandrud

    Thank you!

    And yes, it's not in the documentation.
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,397
    Location:
    Romania
    Yes, I know, not all switches are public, some of them are for internal use. Now that someone mentioned a need for a nice exit instead of taskkill, I mentioned it here :)
     
  11. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    666
    Location:
    Switzerland
  12. dead bolt

    dead bolt Registered Member

    Joined:
    Mar 25, 2010
    Posts:
    2
    Hello,

    Windows Firewall Control is my favorite soft firewall and I prefer it to my current Sphinx firewall control.
    However I'm using Sphinx because it's learning mode creates allow rules regardless of programs being signed.
    In this way, my wife has no knowledge of the firewall, she uses her computers normally and I periodically review the rules.
    I'm hoping there may be a setting somewhere that will allow this?

    Thank you
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,397
    Location:
    Romania
    There is no such setting and there is no plan to change it. If you enable outbound filtering in Windows Firewall (Medium Filtering profile), Learning Mode will not create allow rules for unsigned programs. Any unsigned software connection attempt should be reviewed by the user. Learning mode should be used for a limited time when you reinstall your OS or restore the default rules and have no backup of your custom rules. Not all programs on your machine should be allowed, otherwise what is the purpose of enabling the outbound filtering (Medium Filtering profile)? If you allow everything, then it is better to use the default outbound filtering mode (Low Filtering profile).
     
  14. Nehel

    Nehel Registered Member

    Joined:
    Oct 27, 2023
    Posts:
    4
    Location:
    LA
    I'm probably still the only one who has dealt with the problem mentioned in post 6965 and 6981? - Secure boot is activated, but on restart the profile is green.
    In the meantime I have installed the newer versions, but the problem still persists.
    But I have noticed the following:
    -most of the time I shut down my laptop by myself via the start menu. Then secure boot does not work. - The next time I start the computer, the icon is green, although it should be black.
    -but sometimes I use the program JDownloader. There is an option to shut down the computer automatically after the last download. And whenever the program shuts down the computer, secure boot works. - The icon is black at the next start, as it should be.
    Does this perhaps help to find a solution to my problem?
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,397
    Location:
    Romania
    For Secure Boot, the existing code did not change recently. WFC service is subscribed to system shutdown event. This event is triggered when you shut down or restart your Windows machine, but not when the machine enters sleep mode.

    I just tried on my laptop a restart and a shutdown and Secure Boot works as expected with these versions 6.9.2.0/6.9.9.3/6.9.9.4. The same in some virtual machines in VMware. According to Microsoft a service normally has about 20 seconds to shut down before the system gives up and shuts down anyway. However, there is no guarantee that a service gets enough time to properly shut down, so the OS might kill it before it has a chance to perform extra steps. Unfortunately, there is nothing which can be done to improve this. Secure Boot works in general (it depends on how many services are running, CPU usage at shut down, etc), but there may be cases when WFC service does not get enough time to accomplish this.

    The alternative is to manually set High Filtering mode before shut down.
     
    Last edited: Feb 10, 2024
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,397
    Location:
    Romania
    Windows Firewall Control v.6.9.9.4

    Change log:
    - Improved: Request elevation button will not restart wfcUI.exe anymore. Instead, it will remove the read-only state from the current non-elevated executing instance.
    - Improved: When a new rule is created by the experimental notification exception feature, Rules Panel will refresh if it is open.

    Download location: https://binisoft.org/download/wfc6setup.exe
    SHA256: 47c3314ebfbb9111da98b576486db872a68bb14bdf3e4fc032d5465ca45f9189
    SHA512: f5292d276834241907b8a899ea991fea537b572c53376bffb3c3518c72700c4a99fa47304c4458123ce57fd7e59d62384fa54e07e45a4fcb3ded36027df715d6

    This is the latest improvement for standard user accounts. Instead of restarting wfcUI.exe process, when you press on Request elevation button and the UAC dialog is displayed for a second instance, if an administrator account confirms the UAC dialog, the new elevated instance closes itself and the read-only mode is removed from the old non-elevated instance. In this way, if you are a standard user account and receive a notification about a blocked connection, once you request elevation you can continue with the existing displayed notification dialog which is now fully unlocked.

    Thank you for your feedback and your support,
    Alexandru Dicu
     
  17. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,085
    Location:
    Lunar module
    An alternative solution is to automatically turn off network adapters on shutdown or reboot (.bat + Local Group Policy Editor -> User Configuration -> Scripts (Startup/Shutdown). The computer will boot with the network adapters turned off, you will need to turn them on, e.g. with another .bat.
    Thank
     
  18. kilves76

    kilves76 Registered Member

    Joined:
    Feb 11, 2012
    Posts:
    26
    Please do elaborate and save us the googling, what commands to use to turn nic off and on?
     
  19. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,085
    Location:
    Lunar module
     
  20. kilves76

    kilves76 Registered Member

    Joined:
    Feb 11, 2012
    Posts:
    26
    Thank you, very useful :thumb:
     
  21. kilves76

    kilves76 Registered Member

    Joined:
    Feb 11, 2012
    Posts:
    26
    Installed WFC 6.9.9.4 to a new installation, imported existing options and rules, noticed that the Authorized Groups list is not included in the saved user settings? This resulted in quite a lot of extra work. Tried importing options and rules 3 times just to make sure i didn't miss anything or if it would matter in which order they're loaded.

    Edit add: There is something strange about the options export, while rules export saves to a hyper-v host \\tsclient\ folder, options export will not result in a file. Had to save to C:\tmp first and then move from there. I do see that the Authorized Groups are saved in the file, but for unknown reasons they did not get applied when importing. The import was also from a \\tsclient\ drive, could there be something there.

    And about High Filtering Profile rules, would it be possible to have at least as an option for advanced users to have separate rules at least for TCP and UDP? It'd be nice to be able to always connect to selected DNS servers and keep the Time by NTP so things don't go haywire with Windows. Now if one uses *.pool.ntp.org it cannot be made to work with the current rules, as the ip's vary. One would have to be able to make an UDP:123 out rule.

    I'm sure there's plenty of other uses too. Loading an entire ruleset just for this, every single time one wants some high filtering, is so cumbersome it really isn't an option. Unless there was an option (checkmark and file path under each?) for each profile to load an optional ruleset when switching profiles, so one could have 3 different rulesets for High, Medium and Low.
     
    Last edited: Feb 14, 2024
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,397
    Location:
    Romania
    Yes, there is a bug in the recent versions. The authorized groups list is imported, however, the service does not refresh the list. If you restart wfcs service, they will appear. I will fix this in the next WFC release.
    I could update WFC to create two outbound block rules, one for TCP and one for UDP. However, I do not know if this will help with the described scenario.
    A different firewall rules set for different profiles asks for troubles. I will say no to this idea.
     
  23. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    666
    Location:
    Switzerland
    @alexandrud

    Suggestion for those users (like me) which like to be generally in restricted mode.

    Sometimes (many times), I used the elevation process for certain things - but then, I forgot to switch back to restricted mode because I can't see which mode is active without looking IN WFC.

    So it would be more comfortable if the tray icon would be a little different for elevated mode - if possible. With a red dot/line or a small UAC symbol or something like that - without disturbing the actual color.

    Greetings
     
  24. atguardlover

    atguardlover Registered Member

    Joined:
    Jun 25, 2014
    Posts:
    4
    An edge case to save people some time:
    Yesterday had a testlaptop with a "hardened" (=configured to death) Win10. Last installer on the USB stick was v6.9.9.1. Worked. Updated to v6.9.9.4 => exclamation mark. So i started digging ;)

    Eventlog:
    Explanation:
    Starting with v6.9.9.2 additional security checks and changes were introduced (CurrentSessionId => CurrentProcessId, FileVerifier.Verify)
    And here it was a little bit misleading:
    WFCS.ProxyServer => Subscribe => Verify failed with status "UntrustedRoot" which exited with "Autheticode signature error" in FileVerifier which led to "Peer not authorized" which ultimatively led to ProxServer.Subscribe failing with above exception.
    A quick signature check indeed showed a failing sigchain due to an untrusted MS crosschaining cert ("Microsoft Identity Verification Root Certificate Authority 2020" / "5498d2d1d45b1995481379c811c08799")

    Solution:
    The following reg entry was set which resulted in the cert not ending up in "Trusted Root Certification Authorities store"
    So either trust MS or manually import them via
    Have a nice day and thousand thanks for still developing WFC!!
     
  25. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    204
    Another example of Microsoft Teams not playing nice with the experimental feature. Description of all those duplicate rules:

    "Outbound rule to allow Microsoft Teams (work or school) (ms-teams.exe). Auto rule created by exception MS-TEAMS.EXE" - WFC 6.9.9.4

    Teams.png
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.