Windows Firewall Control (WFC) by BiniSoft.org

Restart PC

I don't like taskkill very much... Is there a way to close wfcui.exe from the command line (it's not mentioned in the manual...)?

 

@Claudio R

No, you don't have to use taskkill.

Just make a right click on the WFC tray icon and close WFC. Then after restart it, it's restricted again (within restricted windows user account).

 

@Alpengreis

Yes, of course... but in doing so you need to click on 2 links...

Instead, I was asking if there was an option to close wfcUI.exe from the command line, as well as, again from the command line, (wfcUI.exe -mp) restart it so I can do it in a single batch...

 

@Clarensio

Ooops, yes you are right, I should read more carefully, sorry!

 

@Claudio R (@Clarensio)

Then I would also prefer to have a own command line switch instead to use "brutal" taskkill.


@alexandrud

Could you implement addidional/ly command line switch(es)?

Something like the following:

wfcUI.exe -r | restart

... or at least a proper shutdown switch like:

wfcUI.exe -s | shutdown

Then users could easy create a related batch file for restarting the GUI with non-elevated rights (in restricted user accounts).

 

@Alpengreis

Exactly... you understood my question...

 

This switch exists since many years ago. Use: wfcUI.exe -exit

Restarting the machine was never required in relation to WFC.

 

Thank you so much...
It was clear that it "existed" (the [Exit] button...) but as mentioned it is not documented...

 

@alexandrud

Thank you!

And yes, it's not in the documentation.

 

Yes, I know, not all switches are public, some of them are for internal use. Now that someone mentioned a need for a nice exit instead of taskkill, I mentioned it here

 

@alexandrud

All right, thank you

 

Hello,

Windows Firewall Control is my favorite soft firewall and I prefer it to my current Sphinx firewall control.
However I'm using Sphinx because it's learning mode creates allow rules regardless of programs being signed.
In this way, my wife has no knowledge of the firewall, she uses her computers normally and I periodically review the rules.
I'm hoping there may be a setting somewhere that will allow this?

Thank you

 

There is no such setting and there is no plan to change it. If you enable outbound filtering in Windows Firewall (Medium Filtering profile), Learning Mode will not create allow rules for unsigned programs. Any unsigned software connection attempt should be reviewed by the user. Learning mode should be used for a limited time when you reinstall your OS or restore the default rules and have no backup of your custom rules. Not all programs on your machine should be allowed, otherwise what is the purpose of enabling the outbound filtering (Medium Filtering profile)? If you allow everything, then it is better to use the default outbound filtering mode (Low Filtering profile).

 

I'm probably still the only one who has dealt with the problem mentioned in post 6965 and 6981? - Secure boot is activated, but on restart the profile is green.
In the meantime I have installed the newer versions, but the problem still persists.
But I have noticed the following:
-most of the time I shut down my laptop by myself via the start menu. Then secure boot does not work. - The next time I start the computer, the icon is green, although it should be black.
-but sometimes I use the program JDownloader. There is an option to shut down the computer automatically after the last download. And whenever the program shuts down the computer, secure boot works. - The icon is black at the next start, as it should be.
Does this perhaps help to find a solution to my problem?

 

For Secure Boot, the existing code did not change recently. WFC service is subscribed to system shutdown event. This event is triggered when you shut down or restart your Windows machine, but not when the machine enters sleep mode.

I just tried on my laptop a restart and a shutdown and Secure Boot works as expected with these versions 6.9.2.0/6.9.9.3/6.9.9.4. The same in some virtual machines in VMware. According to Microsoft a service normally has about 20 seconds to shut down before the system gives up and shuts down anyway. However, there is no guarantee that a service gets enough time to properly shut down, so the OS might kill it before it has a chance to perform extra steps. Unfortunately, there is nothing which can be done to improve this. Secure Boot works in general (it depends on how many services are running, CPU usage at shut down, etc), but there may be cases when WFC service does not get enough time to accomplish this.

The alternative is to manually set High Filtering mode before shut down.

 

Windows Firewall Control v.6.9.9.4

Change log:
- Improved: Request elevation button will not restart wfcUI.exe anymore. Instead, it will remove the read-only state from the current non-elevated executing instance.
- Improved: When a new rule is created by the experimental notification exception feature, Rules Panel will refresh if it is open.

Download location: https://binisoft.org/download/wfc6setup.exe
SHA256: 47c3314ebfbb9111da98b576486db872a68bb14bdf3e4fc032d5465ca45f9189
SHA512: f5292d276834241907b8a899ea991fea537b572c53376bffb3c3518c72700c4a99fa47304c4458123ce57fd7e59d62384fa54e07e45a4fcb3ded36027df715d6

This is the latest improvement for standard user accounts. Instead of restarting wfcUI.exe process, when you press on Request elevation button and the UAC dialog is displayed for a second instance, if an administrator account confirms the UAC dialog, the new elevated instance closes itself and the read-only mode is removed from the old non-elevated instance. In this way, if you are a standard user account and receive a notification about a blocked connection, once you request elevation you can continue with the existing displayed notification dialog which is now fully unlocked.

Thank you for your feedback and your support,
Alexandru Dicu

 

An alternative solution is to automatically turn off network adapters on shutdown or reboot (.bat + Local Group Policy Editor -> User Configuration -> Scripts (Startup/Shutdown). The computer will boot with the network adapters turned off, you will need to turn them on, e.g. with another .bat.

Thank

 

Please do elaborate and save us the googling, what commands to use to turn nic off and on?

 

Thank you, very useful

 

Installed WFC 6.9.9.4 to a new installation, imported existing options and rules, noticed that the Authorized Groups list is not included in the saved user settings? This resulted in quite a lot of extra work. Tried importing options and rules 3 times just to make sure i didn't miss anything or if it would matter in which order they're loaded.

Edit add: There is something strange about the options export, while rules export saves to a hyper-v host \\tsclient\ folder, options export will not result in a file. Had to save to C:\tmp first and then move from there. I do see that the Authorized Groups are saved in the file, but for unknown reasons they did not get applied when importing. The import was also from a \\tsclient\ drive, could there be something there.

And about High Filtering Profile rules, would it be possible to have at least as an option for advanced users to have separate rules at least for TCP and UDP? It'd be nice to be able to always connect to selected DNS servers and keep the Time by NTP so things don't go haywire with Windows. Now if one uses *.pool.ntp.org it cannot be made to work with the current rules, as the ip's vary. One would have to be able to make an UDP:123 out rule.

I'm sure there's plenty of other uses too. Loading an entire ruleset just for this, every single time one wants some high filtering, is so cumbersome it really isn't an option. Unless there was an option (checkmark and file path under each?) for each profile to load an optional ruleset when switching profiles, so one could have 3 different rulesets for High, Medium and Low.

 

Yes, there is a bug in the recent versions. The authorized groups list is imported, however, the service does not refresh the list. If you restart wfcs service, they will appear. I will fix this in the next WFC release.

I could update WFC to create two outbound block rules, one for TCP and one for UDP. However, I do not know if this will help with the described scenario.
A different firewall rules set for different profiles asks for troubles. I will say no to this idea.

 

@alexandrud

Suggestion for those users (like me) which like to be generally in restricted mode.

Sometimes (many times), I used the elevation process for certain things - but then, I forgot to switch back to restricted mode because I can't see which mode is active without looking IN WFC.

So it would be more comfortable if the tray icon would be a little different for elevated mode - if possible. With a red dot/line or a small UAC symbol or something like that - without disturbing the actual color.

Greetings

 

An edge case to save people some time:
Yesterday had a testlaptop with a "hardened" (=configured to death) Win10. Last installer on the USB stick was v6.9.9.1. Worked. Updated to v6.9.9.4 => exclamation mark. So i started digging

Eventlog:

Explanation:
Starting with v6.9.9.2 additional security checks and changes were introduced (CurrentSessionId => CurrentProcessId, FileVerifier.Verify)
And here it was a little bit misleading:
WFCS.ProxyServer => Subscribe => Verify failed with status "UntrustedRoot" which exited with "Autheticode signature error" in FileVerifier which led to "Peer not authorized" which ultimatively led to ProxServer.Subscribe failing with above exception.
A quick signature check indeed showed a failing sigchain due to an untrusted MS crosschaining cert ("Microsoft Identity Verification Root Certificate Authority 2020" / "5498d2d1d45b1995481379c811c08799")

Solution:
The following reg entry was set which resulted in the cert not ending up in "Trusted Root Certification Authorities store"

So either trust MS or manually import them via

Have a nice day and thousand thanks for still developing WFC!!

 

Another example of Microsoft Teams not playing nice with the experimental feature. Description of all those duplicate rules:

"Outbound rule to allow Microsoft Teams (work or school) (ms-teams.exe). Auto rule created by exception MS-TEAMS.EXE" - WFC 6.9.9.4