Windows Firewall Control (WFC) by BiniSoft.org

Ahh, very good, thanks!

 

Hi,
i have a problem with WFC and the Secure Boot option. It simply start working only if WFC tray icon is loaded on Windows boot. Before, all outgoing/incoming network data is not blocked by WFC. Makes Secure Boot useless. I searched a bit here for a solution but didn't found something related.

Actually WFC v6.9.9.4 on Windows 11 Pro #22631.3227 RP but didnt work since some WFC versions/Windows Updates. No other third party software installed like AV/FW!

 

WFC service is subscribed to system shut down event. When this event is received, if Secure Boot is enabled and the profile is not already High Filtering profile, then it will attempt to set High Filtering profile. If your system is not busy, WFC service will be provided enough time (from the operating system) to perform this action. However, if your system is loaded with many processes and background tasks the operating system may decide to kill WFC service and other Windows services abruptly, before it can switch the profile. Secure Boot should work even if the tray application is running or not. Nothing is blocked or allowed by WFC. Windows Firewall does the allow/block.

 

Ok, understand you but why no network filtering if WFC is not loaded in tray? Tested it several times. If WFC is loaded in the tray the profile is High Filtering so Secure Boot is working and no network transfer possible then (WFC service subscribed to system shut down event successful). I'm a bit lost here.

Tried with re-install of WFC but didn't help.

 

(no more duplicates, so that issue was definitively caused by the Microsoft telemetry blocked IP ranges)

Don't know if this has been suggested before, but here's an idea: a separate Rules Editor, only meant to open, edit and save .wpw files. This way we can easily manipulate our Rule files, without the risk of messing with the actual Windows Firewall rules. It would help for easier import/export, manage and group "category" rules etc.

 

I am sorry but I do not understand. The network filtering is done by Windows Firewall, not by the tray process wfc.exe.

If you start wfc.exe and the profile is High Filtering it means Secure Boot did set the profile. When you shut down your machine, which is your profile? Medium Filtering? When you machine starts, which is the profile?
If you enable Secure Boot in WFC, it works independently of the tray app (wfc.exe), it works even if the tray app is not running. wfcs.exe (the service) must be running and this one is in charge of applying High Filtering profile at shut down.

 

That tool is called Notepad++ . You are asking too much from a freeware software maintained by one developer.

 

Of course, you are right. Notepad++ is good enough, especially after your recent fixes which allow direct .wpw editing. It is no longer required to rename to .xml and there are no longer sorting issues when exporting rules.

 

This is the behavior what i see. Windows starts and after login i open immediately a cmd with ping heise.de. Ping success. In this moment where WFC is visible in the tray ping is blocked. So maybe 10-15s without Windows Firewall filtering.

At shutdown Medium Filtering is active.
At machine start High Filtering of WFC is active.
Maybe something set the Windows Firwall back to normal filtering but i have no clue how investigate this problem. Again i'm using no other AV or FW. Only WFC.

 

Maybe your wfc-service starts with a delay? In a process manager that has filtering capabilities (e.g. Process Hacker), enter wfc in the filter field and check immediately after booting, when pinginging, if wfcs.exe is there.
And alternative solution.

 

But what i understand now from alexandrud is if WFC toggle to High Filtering on shutdown/reboot it doesn't matter when wfc service is starting at boot. Windows Firewall is blocking then the network till the WFC Profile gets changed. Confused

I'll check this behavior on another Windows next day.

 

Let's take out Secure Boot from this equation. Your complaint is that with High Filtering profile, at startup, you can open a CMD window and ping a website. You expect this ping command to fail since you are on High Filtering profile. Correct?

Please set manually High Filtering profile and check in Rules Panel if two new 2 block rules were created (they should appear on top). The system tray icon is the black one. Restart your machine. Open a CMD window and try the ping command. Is it blocked or allowed? Remember that you manually left the profile set to High Filtering. It should not matter if the tray app is started or not or if WFC service is started or not. The blocking is done by Windows Firewall itself and when you set High Filtering profile in WFC, it just creates 2 BLOCK ALL rules, one for inbound connections, one for outbound connections. Since block rules have higher precedence than allow rules, any allow rule will be overwritten by these 2 BLOCK ALL rules.

If you are able to ping a website with these 2 rules in place, it means Windows Firewall does not work as it was expected. Do you use a VPN?

 

Correct.

Check.

ping heise.de -t90

Allowed, wfc tray icon not visible yet! I know it doesn't matter but really, ping is successfully blocked in this moment where WFC is visible with High Filtering Profile in tray!

Again, i know and understand but this is exact the behavior what i described above.

Nope, no VPN related or anything else. In this moment where i set to High Profile the two rules are added and no ping possible. So Windows Firewall works.

What i tried to investigate this problem now:
Uninstalled WFC v6.9.9.4 completely and restored Windows Firewall default rules.
Rebooted.
Reinstall WFC and create WFC recommend rules. Didn't change anything in WFC options.
Set to High Profile and rebooted.
Ping successful till WFC tray icon is loaded. WEIRD!

I tried to check this behavior on kids pc but WFC loads to fast.

 

THAT seems already wrong ... it should be the high filtering profile!

 

Sry, misspelled! I mean High filtering profile.

 

hi
i would like to upgrade ,but i got immediatly a warning about rules
what should i do?
export all my rules, uninstall wfc , reboot , re-install and import my rules?
thanks

 

I am not saying that is not like you describe it. I tried another thing on my machine. I manually set High Filtering profile, then I went in Connections Log and I pressed on Clear log so that all entries were removed. I restarted my laptop and opened again Connections Log. The profile is still High Filtering. I wanted to see the recently allowed outbound connections. The result is below:



As you can see, during the startup of my laptop, these are all outbound allowed connections. These are expected because Windows Firewall does not block loopback connections made to 127.0.0.1. It looks like there is no connection which got out of my machine. Please perform the same test and post here a similar screenshot. If you have here allowed connections to IP addresses other than 127.0.0.1. then probably there is a small timeframe when Windows Firewall rules are not applied on your machine.

 

Upgrade from which version? What kind of warning?
Yes, export your rules to have a backup of them, uninstall WFC, reinstall WFC, import your rules. Reboot is never required.

 

hi
i'm upgrading from 6.5.0.0 to 6.9.9.4 warning about rules , the upgrade will remove the rules
thanks

 

I could be that in the last three years you didn't upgrade he changed something (format or whatever) about the rules.

 

hi
yes but i don't want to loose all my custom rules

 

In the uninstall dialog use the third option which will not touch the rules during the uninstall. Anyway, always make a backup of your rules if you care about them. I personally don't use backups because I can easily recreate around 10 rules which I usually need.

 

Hi everyone,

I'm reaching out to see if anyone has encountered and resolved an issue I'm facing with WFC and Windows Sandbox on my W11 system. Despite having the most up-to-date version of WFC installed, my sandboxed VM can't seem to access the internet unless I deactivate the Medium profile/firewall at all.

I've tried several troubleshooting steps including deleting all WFC rules, restoring them to the recommended settings, activating learning mode, and allowing svchost.exe whenever prompted. But WFC's logs still show svchost.exe being blocked. I'm experiencing the same problem when trying to run a Sunshine server.
Has anyone faced a similar issue or have any suggestions on what might be causing this and how to resolve it? Any insights or advice would be greatly appreciated!

Thanks in advance!

 

I just enabled Windows Sandbox on my laptop. Inside the Windows Sandbox, if you install WFC you will notice that Windows Firewall works the same way as on the host machine. Regarding the host machine, I disabled all my rules one by one and I found that the Windows Sandbox machine requires only this rule on the host machine to be enabled:



With this rule enabled, the Windows Sandbox has Internet access. All other rules were disabled on my laptop.

 

Windows Firewall Control v.6.9.9.5

Change log:
- Fixed: When importing user settings the authorized groups list is not refreshed.
- Fixed: The experimental feature which auto creates allow rules for certain paths generates duplicate rules if a blocking rule prevents certain connections.
- Fixed: The tray icon does not offer any clue if the program runs in standard user mode or in elevated mode.
- Fixed: Learning mode tray context menu item remains disabled even after elevated rights are granted.
- New: Added a new WFC recommend rule for wwahost.exe which is required to reset a Windows PIN. Without this rule it is impossible to reset a Windows PIN.

Download location: https://binisoft.org/download/wfc6setup.exe
SHA256: cf5ec3ba3ca300bc4bb844446e26c4b921cf1097c7c387b37a8c23df37dfcf31
SHA512: cbb19e5eebc6e026b7e0db64a0b5c00084249262545a36c95c3b5d1ac6a50d57b3ab7e24da8a83e94f4dd35d95e7773714baa20e989ba4f7a27fe09d6008cb8c

Thank you for your feedback and your support,
Alexandru Dicu

@Alpengreis I could not find a better way to indicate in a 16x16 icon that the software runs under a standard user account and not an elevated one. I tried with a small UAC overlay and a small dot and in both cases, the icon looked bad. Anyway, I am open to other designs if you or anyone else think that we could differentiate better through an 16x16 icon the different states.

Left icon, the tray has full access, administrator account.
Right icon, the tray is in limited mode, standard user account.



@AmigaBoy Please let me know if the duplicate rules with the experimental feature are fixed now.