Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. RedDwarf

    RedDwarf Registered Member

    Joined:
    Apr 25, 2020
    Posts:
    8
    Location:
    United Kingdom
    I got one of those hashes from my exe and the other from the Binisoft webpage.
    Ah I checked the Details tab and it shows it as being 6.10.0.0 but the filename says 6.11.0.0 hence the file hash. I think I got it from the softpedia link this time and I got it back in July from somewhere which might of also been softpedia as I tend to use that site. Softpedia shows the newer version number but their own d/l link is for 6.10.0.0. Problem solved.
     
  2. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,065
    Location:
    .
    @alexandrud what do you need to resolve my issues?
     
  3. vvirvol

    vvirvol Registered Member

    Joined:
    Apr 24, 2024
    Posts:
    3
    Location:
    Cyprus
    Could i somehow disable elevation for users without admin rights?

    Bcs automatic rules creator in Notification area doesnt work without elevation....

    And users cannot start apps that needs to be updates automaticaly, for example, discord
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    The logging is made by the Windows Filtering Platform into the Security event log. There is no way to exclude programs from the logging. It is all or nothing. If the Connections Log has too many entries, from the right side, change the Entries combo box to Last entry so that you see only the last entry of all distinct applications.
    I need to be able to reproduce it. Currently, I can not reproduce it. If you switch the profile and restart wfcUI.exe do you see the new profile set? There are currently 2 reports from Windows 7 x86 where the profile does not update in UI until you restart the process. I wonder if this is the case too or if it slightly different.
    As mentioned before, the last version which allows standard user accounts to make changes to Windows Firewall without elevated privileges will remain 6.9.9.1. Use that version and do not update WFC to a newer version. Below is the download URL for it: https://binisoft.org/download/old/6991/wfc6setup.exe There is no workaround. No elevation, no rule is created. It wasn't my decision, but since this guy decided to report this CVE-2023-36631, we should thank him for these "improvements" I had to do recently.
     
  5. WFC_userO

    WFC_userO Registered Member

    Joined:
    Sep 10, 2024
    Posts:
    2
    Location:
    Germany
    I have installed version 6.11.0.0 today, and I found that the keyword "LocalSubnet" in the field "Custom Addresses" of rule dialogue "Properties / remote IP" will not be accepted: The command field "Apply" will not be activated, so I cannot enter this setting! Otherwise I can see, that some of the automatically created rules contain this keyword.

    What is going wrong?
     
  6. WFC_userO

    WFC_userO Registered Member

    Joined:
    Sep 10, 2024
    Posts:
    2
    Location:
    Germany
    Sorry, my fault: I entered LocalSubNet...
    Capitalization is important.
     
  7. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    238
    I've asked this myself in the past. I know you have limited time and resources, but perhaps a "filtering out" option could be considered? The user would select which entries/processes are not to be displayed there. They'd still be logged of course, just not displayed. An option to add "filter out" processes, and an on/off Filter out toggle in the Connections Log.

    Last entry is a good workaround, admittedly.
     
  8. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    I think a better solution would be to filter out loopback and multicast connections. This will remove a lot of junk from the Connections Log.
     
  9. benkre

    benkre Registered Member

    Joined:
    Oct 5, 2024
    Posts:
    2
    Location:
    somewhere over the rainbow
    Hi alexandrud, a happy longtime user (over 11 years now) of your software here.
    Since the "elevated mode" button was added, I was wondering if you could add the button in the notification popup as well? That would save a few clicks.
    Or is it possible, to add an option, to allow a specific "normal" user, to always allow/deny connections and add/delete rules?
     
  10. antdude

    antdude Registered Member

    Joined:
    Apr 10, 2010
    Posts:
    24
    Location:
    An Ant Farm
    Hello,

    Blocking my updated 64-bit W10 Pro.'s msmpeng.exe's outoging Internet access asks me to reboot. Is it because W10 thinks it's an attack? If so, then does it really need to access the Internet? I'm using all updates including Malwarebytes Windows Firewall Control (v6.11).

    Thank you for reading and hopefully answering soon. :)
     
  11. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,163
    Location:
    Lunar module
    msmpeng.exe performs Automatic Sample Submission function, it can be harmlessly disabled in system settings. Disabling network connections for msmpeng.exe also has no side effects.
     
  12. antdude

    antdude Registered Member

    Joined:
    Apr 10, 2010
    Posts:
    24
    Location:
    An Ant Farm
    Its automatic sample submission function was already disabled. When I tell WCF to block msmpeng.exe, it wants me to reboot to fix it. :(
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    Msmpeng.exe is the Microsoft antimalware service executable. When you create a firewall block rule, it detects this rule as an attack, it removes the rule and asks to reboot, even if a reboot is not really necessarily. Since you are using Medium Filtering profile and you received a notification for it, it means it is already blocked. Creating an explicit block rule for it, will trigger the behavior you mentioned. Just add msmpeng.exe in the notifications exceptions list so that notifications for it will not be displayed anymore.
     
  14. antdude

    antdude Registered Member

    Joined:
    Apr 10, 2010
    Posts:
    24
    Location:
    An Ant Farm
    Thanks. I never used that feature. So, is this OK as shown in my below screen shot/capture?
    upload_2024-10-13_1-57-35.png
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    Yes. Correct.
     
  16. digidad

    digidad Registered Member

    Joined:
    Oct 6, 2010
    Posts:
    3
    Hello, I have narrowed down recent WinOS installs of WFC to display the following alert from Windows Security/Defender. This typically comes up shortly after install and I've searched the thread here on "wdblockfirewallrule.p" with no results.
    After the reboot, the problem does not reappear...nor in further hard drive scans. I did however have one OS image where this popped up more than once.
    I am using WFC v.6.11.0.0 and the SHA 256 matches the download location info.

    Any ideas, or has this been seen?
     

    Attached Files:

  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    I don't see the relation between this screenshot and WFC. Did you use WFC to create a firewall block rule for svchost.exe? I know Windows Defender goes crazy if you create a block rule for mspeng.exe. It deletes the rule and requires a reboot even if it is not required at all. Is it possible that the same behavior was extended from Microsoft side also for svchost.exe? If so, don't create a block rule for svchost.exe. Instead, add it in the notifications exceptions list. If you see a notification for it, it is already blocked by having the outbound filtering enabled (Medium Filtering profile in WFC), so there is no need for an explicit block rule. If I did not understand this correctly, please give more context.
     
  18. digidad

    digidad Registered Member

    Joined:
    Oct 6, 2010
    Posts:
    3
    Hi alexandrud,

    Apologies if not descriptive enough: I have been installing both Win10 2021 LTSC and Win 11 2024H2 LTSC images on both hardware and virtual installs. I have both installed WFC immediately at desktop start (after install) and installing PC drivers before WFC (and seeing the pic I uploaded).
    After WFC install and run, I immediately set the following options: Medium Filtering, Notification On. I do choose the use the known windows services at WFC install.
    On the most recent WFC/Win11 OS install, I hadnt blocked anything in Windows Firewall, nor made a decision to permanently block any of the WFC notifications until a reboot. I may have chose the "block for now and ask me later" option before rebooting.
    To your recommendations, I did not see svchost or mspeng blocked on my current microsoft surface install but will keep your notes to mind.
     
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    Windows Firewall Control v.6.12

    Change log:
    - New: Added 'Skip loopback and multicast' checkbox in Connections Log which will filter out these kind of connections from the results list.
    - Fixed: Remote address/port are switched with the Local address/port in Connections Log for inbound connections in Windows 10/11 and Windows Server 2019/2022.
    - Fixed: When switching to High Filtering profile, you have to manually refresh Rules Panel to see the special rules created for this profile.

    Updated translation strings:
    060 = Settings
    062 = Skip loopback and multicast

    Download location: https://binisoft.org/download/wfc6setup.exe
    SHA256: 3598f39c809c7fb3c3f301bb4c5764459eae483b5c3f96dd6cf3de0f0d476087
    SHA512: c9a10cc8337917b9648d82ca6ad55df73b9a15c578b8b962becd3b3f49a6b296d871fcced143a1189ce875c794e4ec5fba512fd506aaf5cfb43952a5a3ced924

    Thank you for your feedback and your support,
    Alexandru Dicu

    upload_2024-10-17_15-9-30.png
     
    Last edited: Oct 17, 2024
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
    i decided to give WFC another go and I have to say that so far it's great! It's working fine on my two Win10 machines.

    Nice job, @alexandrud ! Thank's for providing and continuing development of your fine program. :thumb:
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
    I'm not sure this is the right place to post as it's not a fault of WFC, but on both machines when installing WFC I got a message that another program (Kaspersky) was controlling the firewall. Kaspersky Plus has been uninstalled from both machines, so I found that a little strange. Norton has been on one of them since Kaspersky anyway. I searched the Registry and deleted a few keys related to K + that I found but still got the message. Microsoft / Windows Defender only shows the MS programs in Manage Providers and doesn't mention Kaspersky at all.

    Anyway, as WFC is running exactly as designed, I'm not concerned about it.
     
  22. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    460
    Location:
    CSA Consulate, Glos., UK
    You might try a Kaspersky removal tool to get rid of leftovers. There's one at https://support.kaspersky.com/common/uninstall/1464
    There are others. can't vouch for any since I removed Kaspersky a long time ago. Revo uninstaller also has a 'logs' mode, which lists 3 Kaspersky versions that can be used to uninstall remainders. Better than messing with the registry.
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    Take a look here: https://www.wilderssecurity.com/thr...-by-binisoft-org.347370/page-274#post-3158905
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
    Ah ha! Now I've found it.

    Simple WMI Viewer.PNG

    Now, How do I remove it?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.