Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Pc2058

    Pc2058 Registered Member

    Joined:
    Jul 31, 2024
    Posts:
    6
    Location:
    KSA
    Thank you @alexandrud for your kind replay, and tip on how to upload the image.
    upload_2024-7-31_19-1-26.png

    as you can see in the image in the Rules Panel the Sharex.exe app has been granted "Allow" in the Action (Blue box) (any address, any port,any protocol) .
    but in the Connections log, ShareX Action is Block!! (as in blue Box). this is not only for this app. but applied to all apps!!.
    upload_2024-7-31_19-15-50.png





    Best Regards.
     
    Last edited: Jul 31, 2024
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,492
    Location:
    Romania
    If this happens with all programs which you allow and they are still blocked, it means there is another software on your machine which doesn't work nice with Windows Firewall itself. Do you use any VPN, a proxy or any web filtering software? Try to disable them one by one and see which one generates this behavior. Unfortunately, the problem you have is not with WFC since it doesn't block or allow any connection, but with Windows Firewall and some other software that is installed on your machine.
     
  3. Pc2058

    Pc2058 Registered Member

    Joined:
    Jul 31, 2024
    Posts:
    6
    Location:
    KSA
    Thank you @alexandrud for your kind replay, I do not use any program for AV or vpn, the blocked Apps are working fine,they are connected to internet, I can check thru Resource monitor.
    but the Connections Log is displaying a wrong information.
    is this happing only for me or there are same to other users?
     
  4. Pc2058

    Pc2058 Registered Member

    Joined:
    Jul 31, 2024
    Posts:
    6
    Location:
    KSA
    I would like to recommend you to add a function "What is it?" to the Rules Panel's right click menu.

    upload_2024-8-1_12-14-15.png

    it would be an easy access to open google and search for that file
    Now I copy the name of the file and paste it in the Browser to search for that file.

    upload_2024-8-1_12-10-11.png

    best regards...
     
  5. Mario R

    Mario R Registered Member

    Joined:
    Mar 25, 2024
    Posts:
    7
    Location:
    Italy
    A similar thing happens to me to that described by PC2058. In Rules I have a rule Action is "Allow" but in Connections log it says Action is "Block".
    The rule is "WFC - Windows Firewall Control Updater" for the "WFCUI.EXE" file, that generated by the recommended rules.
    In the connections register, however, there are many blocked attempts.
    The block was repeated after the PC restarts.
    I use the program in version 6.11.0.0 and the manual verification of a new version, it works correctly.

    upload_2024-8-15_6-53-53.png
     
  6. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    730
    Location:
    EU
  7. Mario R

    Mario R Registered Member

    Joined:
    Mar 25, 2024
    Posts:
    7
    Location:
    Italy
    Then, I leave the recommended predefined rule: "WFC - Windows Firewall Control Updater" for the "WFCUI.EXE" file (as indicated in the image of my previous post). And I don't worry about the blocks shown on the connections register. Did I understand correctly? Thank you
     
  8. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    730
    Location:
    EU
  9. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,155
    Location:
    Lunar module
    @alexandrud
    A lot of users loved v6.9.9.1 and don't want to update it. As you know, it has only one bug- it is impossible to create a duplicate for the top rule.
    Users would be very grateful if you could find a time to re-release this version with a fixed bug, maybe even as a patch.
    Thank
     
  10. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    691
    Location:
    Switzerland
    @aldist

    I can understand that you and others too would like that, BUT:

    It's a bad idea, because then the CVE-2023-36631 would come back. That would create a bad reputation for the program and even for Alexandru.

    I am sure, Alexandru will not do that and this is good so.

    I think it's really not a big deal to work with the newest version since Alexandru made some optimizations related to (un)restricted handling IMHO.

    Further disadvantages would be: more complicated to support here and via mail and more complicated to support two code bases.

    Greetings
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,492
    Location:
    Romania
    An update to an older version than the latest one is not possible and the changes for standard user accounts access will not be reverted. If you ask me, I am using an administrator account, I always had. With an administrator account there is no need to elevate wfcUI.exe and the latest version 6.11.0.0 works the same as 6.9.9.1 did.
     
  12. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,551
    Location:
    Location Unknown
    ha....I'm still on 5.4.1.0 before the GUI went to ewww
     
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,034
    Location:
    .
    WFC 6.11.0.0 on Windows 11 is not adding High Filtering profile - Block inbound connections and High Filtering profile - Block outbound connections rules to enable High Filtering profile so is not working anymore.

    Do you think it has to do with a tweak I made to this reg key?
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers

    TIA
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,492
    Location:
    Romania
    I also use Windows 11 and High Filtering profile works. However, if Rules Panel is opened while you switch to High Filtering profile, you must manually refresh the rules list to see them in top of the list, but they are created. I will add a callback so that the rules list gets automatically refreshed if it is open. If the rules are not there even after manually refreshing the rules list, check the WFC event log.

    I don't think it is related to any tweaks made to this key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers. By the way, which tweak did you apply?
     
  15. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,034
    Location:
    .
    Deleted the whole key, that's it.
    No is not the case.
    Great, thanks.
    Nothing important, old logs.

    wfc log.png
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,492
    Location:
    Romania
    @Mr.X High Filtering profile creates two firewall rules the same way it creates the others. Can you create a new rule? Do you use Secure Rules? If so, try to disable/enable it once and then try to switch again to High Filtering profile.
     
  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,034
    Location:
    .
    I already know. You've explained it before and we have the user manual.
    Yes I can. Three ways as usual. Manually editing the blank rule, allowing an exe from context menu and creating a rule right from the connections log.
    Yes I do. Secure Rules > Delete unauthorized rules.
    Did it, no joy.
     
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,034
    Location:
    .
    Also I tried uninstalling WFC doing it with the three offered choices (three times) and installed it with using the installer's defaults. Problem persists.
     
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,492
    Location:
    Romania
    If you have the highlighted values, please remove them. With an invalid input, High Filtering profile will fail to be set:

    upload_2024-8-29_11-10-28.png

    But in your case, the system tray icon changes to the black icon? Or does it stay as the previous profile and just the rules are not created?

    upload_2024-8-29_11-13-35.png

    Seems strange that WFC can create any other rule, but not these two basic rules.
     
  20. ackys

    ackys Registered Member

    Joined:
    Feb 28, 2017
    Posts:
    8
    Location:
    Romania
    Hey Alexandru, i am also from Romania and i want to wish you all the best in your work at Malwarebytes. Thank you for a great piece of software. I whould like for the application i already made a block rule for to not be logged. Whould it be possible to disable logging of blocked connections for specific applications? I whould like to have a cleaner blocked connections log. If that is impossible then maybe in the log some filters to hide applications? So it still logs but you can filter out connections? Thank you once again and keep up the good work. Any estimate on the dark theme if that is still on your roadmap?
     
  21. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,034
    Location:
    .
    Those values don't exist in my system.
    It stays as the previous profile, this is an issue I already posted here.

    Hold on, I'm gonna check what other tweaks I made to this installation.
     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,034
    Location:
    .
    What about these tweaks.
    Code:
    rem 1 - Antivirus Disabled Notification
    reg add "HKLM\Software\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications " /t REG_DWORD /d "1" /f
    
    rem 0 - Security and Maitenance Notification
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f
    
    rem 1 - Disable Real-time protection
    reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "AllowFastServiceStartup" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
    
    rem 0 - Disable Logging
    reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
    reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
    
    rem Disable Tasks
    schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
    schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
    schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
    schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
    schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
    
    rem Disable systray icon
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
    
    rem Remove context menu
    reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f
    reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
    reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f
    
    rem Disable services (it will stop WdFilter.sys as well, better not to disable the driver by itself)
    rem reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\System\CurrentControlSet\Services\MDCoreSvc" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
    reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
    
    Code:
    rem Off - Disable Windows SmartScreen / On - Enable Windows SmartScreen
    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f
    
    rem 0 - Disable SmartScreen Filter in Microsoft Edge / 1 - Enable
    reg add "HKCU\Software\Microsoft\Edge\SmartScreenEnabled" /ve /t REG_DWORD /d "0" /f
    
    rem 0 - Disable SmartScreen PUA in Microsoft Edge / 1 - Enable
    reg add "HKCU\Software\Microsoft\Edge\SmartScreenPuaEnabled" /ve /t REG_DWORD /d "0" /f
    
    rem 0 - Disable Windows SmartScreen for Windows Store Apps / 1 - Enable
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f
    
    rem ________________________________________________________________________________________
    reg add "HKLM\Software\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t "REG_DWORD" /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t "REG_DWORD" /d "0" /f
    
    rem 1 - Enable Microsoft Defender SmartScreen DNS requests
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SmartScreenDnsRequestsEnabled" /t REG_DWORD /d "0" /f
    
    rem Remove Smartscreen (to restore run "sfc /scannow")
    takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.exe"
    icacls "%WinDir%\System32\smartscreen.exe" /grant:r %username%:F
    taskkill /im smartscreen.exe /f
    del "%WinDir%\System32\smartscreen.exe" /s /f /q
    
     
  23. RedDwarf

    RedDwarf Registered Member

    Joined:
    Apr 25, 2020
    Posts:
    8
    Location:
    United Kingdom
    Why does the file hash for the current version 6.11.0.0 not match the SHA-256 hash which is shown on the https://www.binisoft.org/wfc website?
    It shows that it is meant to be 16442002148e25cc009ad69e6292ce763eeb93108a9008c35019ec2ca7252f32 when it is actually B9BCB7981E7B408F416EF3B9E6BB7ADB89AC1EB7B7EA93788F58B53BD515CCD2. The Digital Signature is correct which is the most important factor.
     
  24. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,729
    Location:
    USA
    I am showing the SHA-256 hash for 6.11.0.0 to be 16442002148e25cc009ad69e6292ce763eeb93108a9008c35019ec2ca7252f32.
     
  25. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,034
    Location:
    .
    This belongs to v6.10.0.0, look at the dates in the digital signature tab and look in the details tab for the version number.
    Where did you get this installer?

    Official download link
    https://binisoft.org/download/old/61000/wfc6setup.exe
     
    Last edited by a moderator: Aug 30, 2024
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.