Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,155
    Location:
    Lunar module
    Blocking. If you look at whois, these IPs look more like telemetry collectors. There are no such connections in WFC v6.9.9.1 without telemetry. WFC checks for program updates on 66.198.240.5:80, 443 if nothing has changed since then.
     
  2. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    730
    Location:
    EU
    @aldist
    Thank you, so i've create a blocked rule for that.
     
  3. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    730
    Location:
    EU
  4. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    730
    Location:
    EU
    After investigation, you're totally reason @aldist, when no rule created, NextDNS logs show this :
    nextcapt.PNG

    If i create a blocked rule on tcp 80, malwarebytes disappear from my nextDNS log (tested on several computers).
    wfcru.PNG

    And for my previous post about Microsoft Network Realtime Inspection Service, i've allowed on port 80.
     
  5. HMP

    HMP Registered Member

    Joined:
    Nov 10, 2019
    Posts:
    24
    Location:
    Earth
    How do I enable Dark Mode Theme on Malwarebytes WFC official version 6.11?
     
    Last edited: May 27, 2024
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,493
    Location:
    Romania
    ... "future improvements, like dark theme" ... "that will come"
    Dark theme is not yet implemented.
     
  7. Alexical

    Alexical Registered Member

    Joined:
    May 28, 2024
    Posts:
    1
    Location:
    USA
    Hi,

    I have 6.9.2.0 installed on a computer, I am trying update after a long time to a newer version but it seems their is a password lock that I have forgotten the password to. I have tried pressing ctrl+alt+u but it doesnt seem to do anything. Is their away to bypass this? Or would I need to reinstall windows.

    Thanks,

    Alexical
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,493
    Location:
    Romania
    There is no need to reinstall Windows. If the password dialog closes when you press Ctrl+Alt+U combination, it means it worked. Now, try to unlock with the password: binisoft

    If this does not work, create a *.reg file with the following content:

    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{WD2827D4-F8E0-B379-I229-D89D12E4642A}]
    @="6KNBqRJsJqCi7AEZ+kUvni2tHHZfEXQoMpzSOT5tCJVyi/TrEmWHieiYGyWfTQLRlWVm+zUeG5nh02x6y9yq4Q=="


    1. Save it and import it in Windows Registry.
    2. Restart WFC service.
    3. Now, you should be able to unlock the software by using the password "binisoft" (without the quotes).
     
  9. billdoors

    billdoors Registered Member

    Joined:
    May 21, 2024
    Posts:
    1
    Location:
    please delete my account
    I have disabled "Cloud-delivered protection" and "Automatic sample submission" in my Windows Security settings, and it says the last update it received was hours ago, so it is updated through the normal Windows Update service.

    I wonder why Antimalware Core Service (mpdefendercoreservice.exe) still keeps trying to connect to Microsoft IPs.
     
  10. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    233
    Magic word is 'Microsoft'. It would be unusual if it didn't try to connect.
     
  11. Mario R

    Mario R Registered Member

    Joined:
    Mar 25, 2024
    Posts:
    7
    Location:
    Italy
    Hi Alexandrud, if I activate the default rules of Windows, and also the rules recommended by WFC, are there any contraindications?
    It is probably useless, but I would like to know if there may be problems.

    In addition, I ask you if the presence of hundreds of rules in the firewall has an impact on performance or is negligible.

    Thank you
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,406
    Location:
    U.S.A. (South)
    Fantastic front end and i still depend on it going on years now. Wonderful firewall improvement. Thanks So Much @alexandrud
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,493
    Location:
    Romania
    For the notifications system, less rules are always a better choice than a larger set of rules because on each blocked connection, the matching is made against all the existing rules. It is always faster to match a connection against a 100 rules set than a 1000 rules set. With hundreds of rules there is no performance impact. However, thousands of rules will require more CPU processing. If the notifications system is disabled, then there is no performance difference, it is just hard to maintain the rules.
     
  14. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,155
    Location:
    Lunar module
    The Windows default rules contain many unnecessary rules for both outbound and inbound connections. The best practice is to remove all default Windows rules and use the recommended WFC rules, adding your own custom rules to them as needed.
    With this approach, the operating system has no problems.
     
  15. Mario R

    Mario R Registered Member

    Joined:
    Mar 25, 2024
    Posts:
    7
    Location:
    Italy
    Thanks Aldist and Alexandrud. With a home network, it is also necessary to save the rules “File and Printer Sharing” and "Network Discovery", as reported by the WFC manual.
    My doubts are these: if in the future I will change the settings of the operating system that require the presence of rules that I have deleted, it will be complicated to discover the cause (exactly as in the case of the home network).
    I use WFC to improve security and I am less interested in privacy (I resigned myself!). So I accept that Windows does what he believes as long as he has no problems. I'm interested in checking other software.
    I therefore thought that (on a clean and software -free system) it is reasonable to leave all the rules of Windows and then add the rules recommended by WFC. I added svchost.exe and System to the exceptions.
    Some requests have appeared from Windows: systemsettings.exe, taskhost.exe, mousocoreworker.exe, dxgiadaptercache.exe, dashost.exe, devicecensus.exe, smartscreen.exe, lsass.exe, sihclient.exe, rundll32.exe, explorer.exe, Windows Web Experience Pack, Mail and Calendar, textinputhost.exe, photos.exe, apphostregistrationverifier.exe.
    To avoid any limit or problem I authorized everything. Only after did I start installing the programs, which of course generated requests that, in this case, I evaluated from time to time.
    What do you think? Sorry for the length, thanks again
     
  16. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,155
    Location:
    Lunar module
    I think you've allowed these applications network activity for nothing.
     
  17. Mario R

    Mario R Registered Member

    Joined:
    Mar 25, 2024
    Posts:
    7
    Location:
    Italy
    Do you know in detail what are these executable files for?
    I personally don't know, for this reason I avoid blocking them. I don't want to worry if something of the operating system does not work. If someone wants to explain to me what they are for, I will be grateful.
    I find WFC excellent software, well done and potentially very useful. But I struggle to understand what to allow and what does not. It does not seem to me a good idea to block everything.
    If blocking some exe I immediately understand the effect they have, but other things I may not notice the effect. Example, if Windows Update blocks everything will seem to work properly, but in this way my safety worsens. Other exe may be responsible for useful things for me too, not only in Microsoft.
    If I unlock the whole EXE that I have reported, are you sure that you can say that I will not have any limit (of functions and safety) of use of the operating system?
     
    Last edited: Jul 23, 2024
  18. vampgirl

    vampgirl Registered Member

    Joined:
    Jul 24, 2024
    Posts:
    3
    Location:
    France
    Hello!
    I am sorry if this question has already been asked before, but I could not find it in this huge thread.
    There is a problem with WFC and Nvidia on PCs with advanced Optimus. These laptops have 2
    graphic cards and will switch between intel and nvidia depending on which application you are using.
    In the last few years when optimus PCs were released many software would cause problem but all of
    them are now fixed. The only remaining one is WFC. Can you please look into this and see if there is
    a way to fix this problem?
    https://i.imgur.com/4TiHBtQ.png
    So to resume everytime Nvidia tries too change the display mode by Advanced Optimus, we get an error saying that
    it was not able to change the display mode and it gives a list of applications preventing the display change. As soon as
    we close WFC, the display change happens with no problem.
     
  19. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    730
    Location:
    EU
    @vampgirl
    Let me explain in french :
    Bonjour,
    vous pouvez tenter ceci :
    aller dans les logs de WFC, vider la liste de tous les logs, recommencer ensuite votre manipulation et lorsque le blocage arrive, retourner dans les logs pour voir ce qui a été bloqué par WFC et créer une règle pour autoriser ce qui a été bloqué et retenter la manipulation, si rien n'est bloqué dans les logs, le developpeur vous viendra surement en aide.
     
  20. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    279
    Location:
    etc
  21. vampgirl

    vampgirl Registered Member

    Joined:
    Jul 24, 2024
    Posts:
    3
    Location:
    France
    @Rules
    Merci beaucoup. Je viens d'essayer et rien n'est bloqué par WFC.
    @tnodir
    Thanks a lot. I have no hdmi device connected to my laptop.

    If you do a search you will see many posts on reddit from people having this same problem and everyone is desperate to find a solution.
    I tried to post few links here, but the forum blocked my post.
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,493
    Location:
    Romania
    Take a look here: https://www.thewindowsclub.com/unable-to-change-display-mode-nvidia-error-fix
    WFC is set to use software rendering mode which means the CPU is used to render the user interface, not the GPU. It should not matter if you use the integrated graphics card or Nvidia GPU. What graphics card do you have and which driver version are you using? This should be fixed by a newer driver from Nvidia.
     
  23. vampgirl

    vampgirl Registered Member

    Joined:
    Jul 24, 2024
    Posts:
    3
    Location:
    France
    Thanks a lot for your reply. I have a RTX3070Ti and I am using the latest official drivers from Nvidia. I as many others have already tested all steps here posted on a reddit subgrp
    and it didn't fix the problem for non of us. One of the advice on the page you posted is to set the card to Optimus (instead of automatic select) which kills the purpose of paying for
    a system with advanced optimus. (meaning that instead of changing from integrated to discrete Gpu) optimus will render the game from dGPU, through iGPU. I am happy that I was
    able to communicate this problem with you. and at least you now know about it.
     
  24. Pc2058

    Pc2058 Registered Member

    Joined:
    Jul 31, 2024
    Posts:
    6
    Location:
    KSA
    I need Help Please , I can't understand the rules and connections Log. in Rules I have a rule Action is "Allow" but in Connections log it says Action is "Block" ?
    can anyone explaine for me is this a bug!! or it is a Microsoft log Bug? I Know wfw reads connections log generated by windows.


    Malwarebytes Window Firewall Control v.6.11.0.0

    I can't upload image to the fourm "There is no option for me to upload a file"
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,493
    Location:
    Romania
    You don't have to upload a file. When you have your screenshot in Snipping Tool, press Ctrl+C to copy it to clipboard and then press Ctrl+V in your forum post to paste it. This should post your screenshot.

    Anyway, you can write here the details of the Allow rule and the entry from Connections Log. From Connections Log you can use the right click context menu -> Copy -> All. This will copy to clipboard the entire entry which you can paste here. What did you allow and was still blocked?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.