Discussion in 'other firewalls' started by alexandrud, May 20, 2013.
Ahh, very good, thanks!
i have a problem with WFC and the Secure Boot option. It simply start working only if WFC tray icon is loaded on Windows boot. Before, all outgoing/incoming network data is not blocked by WFC. Makes Secure Boot useless. I searched a bit here for a solution but didn't found something related.
Actually WFC v220.127.116.11 on Windows 11 Pro #22631.3227 RP but didnt work since some WFC versions/Windows Updates. No other third party software installed like AV/FW!
WFC service is subscribed to system shut down event. When this event is received, if Secure Boot is enabled and the profile is not already High Filtering profile, then it will attempt to set High Filtering profile. If your system is not busy, WFC service will be provided enough time (from the operating system) to perform this action. However, if your system is loaded with many processes and background tasks the operating system may decide to kill WFC service and other Windows services abruptly, before it can switch the profile. Secure Boot should work even if the tray application is running or not. Nothing is blocked or allowed by WFC. Windows Firewall does the allow/block.
Ok, understand you but why no network filtering if WFC is not loaded in tray? Tested it several times. If WFC is loaded in the tray the profile is High Filtering so Secure Boot is working and no network transfer possible then (WFC service subscribed to system shut down event successful). I'm a bit lost here.
Tried with re-install of WFC but didn't help.
(no more duplicates, so that issue was definitively caused by the Microsoft telemetry blocked IP ranges)
Don't know if this has been suggested before, but here's an idea: a separate Rules Editor, only meant to open, edit and save .wpw files. This way we can easily manipulate our Rule files, without the risk of messing with the actual Windows Firewall rules. It would help for easier import/export, manage and group "category" rules etc.
I am sorry but I do not understand. The network filtering is done by Windows Firewall, not by the tray process wfc.exe.
If you start wfc.exe and the profile is High Filtering it means Secure Boot did set the profile. When you shut down your machine, which is your profile? Medium Filtering? When you machine starts, which is the profile?
If you enable Secure Boot in WFC, it works independently of the tray app (wfc.exe), it works even if the tray app is not running. wfcs.exe (the service) must be running and this one is in charge of applying High Filtering profile at shut down.
That tool is called Notepad++ . You are asking too much from a freeware software maintained by one developer.
Of course, you are right. Notepad++ is good enough, especially after your recent fixes which allow direct .wpw editing. It is no longer required to rename to .xml and there are no longer sorting issues when exporting rules.
This is the behavior what i see. Windows starts and after login i open immediately a cmd with ping heise.de. Ping success. In this moment where WFC is visible in the tray ping is blocked. So maybe 10-15s without Windows Firewall filtering.
At shutdown Medium Filtering is active.
At machine start High Filtering of WFC is active.
Maybe something set the Windows Firwall back to normal filtering but i have no clue how investigate this problem. Again i'm using no other AV or FW. Only WFC.
Maybe your wfc-service starts with a delay? In a process manager that has filtering capabilities (e.g. Process Hacker), enter wfc in the filter field and check immediately after booting, when pinginging, if wfcs.exe is there.
And alternative solution.
But what i understand now from alexandrud is if WFC toggle to High Filtering on shutdown/reboot it doesn't matter when wfc service is starting at boot. Windows Firewall is blocking then the network till the WFC Profile gets changed. Confused
I'll check this behavior on another Windows next day.
Separate names with a comma.