Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    You can not remove a product. Only the product can remove itself during a proper uninstallation. Maybe the vendor has a cleaning tool which can properly unregister it.
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
    Tried that tool but it doesn't see it either.

    I did actually reinstall it on one machine and uninstalled it with HiBit Uninstaller but it didn't help.
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
    Maybe I'd need someone skilled with Farbar Recovery Scan Tool, or FRST and have the time to spare to lend a hand... times two machines.
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,524
    Location:
    Flat Earth Matrix
    Uninstalling AV is like mission impossible. It is better to restore a system image prior to installing it or just clean install Windows.
     
  5. benkre

    benkre Registered Member

    Joined:
    Oct 5, 2024
    Posts:
    2
    Location:
    somewhere over the rainbow
    @alexandrud as an addition to my post I thought, the notification could look something like this:
    wfc-notification.jpg

     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    Thank you for your feedback. I will think about it.
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
    Unfortunately, I don't have images taken before the AVs, and they would be many months old anyway. I agree, reinstalling Windows would probably be the best solution, but as Win10 is going EOL next year, I don't think it's worth it. One of my machines will almost certainly get Linux installed (a laptop from 2010 that may die at any moment), but I'm thinking of subscribing to 0Patch on the other, so a reinstall is a possibility for that one.
     
  8. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    238
    Noticed it is not possible to edit and save an invalid rule. Is this a WF restriction or something that could be easily improved in WFC?

    To anyone interested, here are two workarounds:

    1. Put a dummy whateverprocess.exe file in place, edit the now valid rule and delete the dummy.
    2. Export the invalid rule in a .wpw file, delete the rule, edit the file in a text editor and import the edited rule back.
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,524
    Location:
    Flat Earth Matrix
    Thanks, I will use this, but if it works, it makes me doubt the security, since WFC does not even check MD5 signature?! So malware could simply replace any exe, like edge.exe and thus bypass the firewall?
     
  10. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    238
    I don't think WFC is meant to do those type of checks, nor it should be expected to. Local malware detection isn't really the Firewall's job, let alone the Firewall Controller's job.

    Also, we are not replacing anything here. Just creating a dummy, empty text file and renaming its extension from .txt to .exe. Totally harmless.
     
    Last edited: Oct 26, 2024
  11. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,524
    Location:
    Flat Earth Matrix
    Well firewalls 10-20 years did it automatically, it was considered as a norm, I guess times have changed.
    But the firewall does not know that. Anyway thanks, this forces me to rethink using WFC yet again, since this behavior is unacceptable for me. I might as well use no firewall, it only causes issues.
     
  12. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,163
    Location:
    Lunar module
    Boot into Safe Mode and run Kaspersky Removal Tool. Search the disk and registry for the keyword kaspersky and delete what you find. Search the registry for the GUID {774d7037........}, that is shown in your screenshot. This is a suggestion, I don't know how it will help.
     
  13. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    238
    Not sure what you mean here. Did firewalls ever scan your local PC for malware? I don't think so.

    What you probably mean, is that the firewall might be able detect a malicious process if it was trying to connect. This still sounds like a job for the anti-malware module, rather than the firewall. Some a/v suites have blurred the lines between Firewall and A/V.

    In the case of Windows Firewall, I believe it is still "just" a firewall and you will still need Microsoft's Defender or 3rd-party A/V to do what you are asking.

    Windows Firewall Control is completely irrelevant to all this. It's not a firewall, and it's certainly not an anti-virus. If you want to blame someone here, blame the Windows Firewall. There's nothing to blame though. An empty text file is not dangerous to report, no matter what name you give it. Even edge.exe or superdangerousmaliciousfile.exe.
     
  14. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,524
    Location:
    Flat Earth Matrix
    Windows Firewall uses hash to verify exe, I will just use it instead of WFC, thanks. I have find out, how to block DNS system wide, so I do not need WFC anymore.
    Code:
    netsh advfirewall firewall add rule name="DNS Block" dir=out action=block protocol=UDP remoteport=53
     
  15. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    238
    But WFC does not replace the WF. You are still relying 100% on the WF, with or without WFC. And you can still use the WF interface or whatever method to edit rules etc. WFC does not interfere with any of that. It adds convenience and some additional features, including security-related ones.

    Just not the one you mentioned earlier, since it's not a firewall per se, or a security product at all for that matter. Official description:

    "It extends the functionality of Windows Firewall and provides new extra features which makes Windows Firewall better."
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,503
    Location:
    Romania
    WFC prevents on purpose saving an invalid rule as a prevention measure. It forces the user to provide a valid path to an actual file that exists (not mistyped). I can remove this validation but in this case you can put any string inside the Program property, like "fakenewprogram". This path makes no sense, the rule makes no sense. This is why the validation exists in WFC. It checks that the file from the Program property actually exists. If the file does not exist anymore, why do you need to edit the rule? Fix the path and you are allowed to save it again. If the path is not available rule editing is not allowed. If I remove this validation, then WFC will not detect anymore invalid rules. Which is better?
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
    The tool does not see Kaspersky, so that would not help. You need to select which K product to uninstall and Kaspersky Plus, or earlier, Kaspersky Security Cloud doesn't show up. It's a moot point now anyway, Kaspersky is not installed, WFC is running perfectly, so I'm not worried about it. It was just a message displayed when first installing WFC that can be ignored.

    Cheers.
     
  18. AmigaBoy

    AmigaBoy Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    238
    Obviously, the better choice is to not touch it! I was thinking of edge cases, like editing rules for processes with the bad habit of appearing and disappearing in the same temporary folders, or rules for programs that are not yet installed.

    The workarounds are more than enough. :thumb:
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
    Strangely, I just got a pop up alert for mbam.exe, but I had already allowed malwarebytes.exe. Checked both files at VT and they have exactly the the same hash and other details, as far as I can see. Only difference I can see is the scan time at VT. They are not shown as duplicates in WFC Rules Panel though.

    Any ideas?
     
  20. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,606
    Location:
    Location Unknown
    Are the paths the same?
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
    Well, File Explorer shows two different files. One is Malwarebytes.exe, the other is MBAM.exe. Both created at the same time.

    MBAM.PNG
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,358
    Location:
    Among the gum trees
    I just used their Support Tool to reinstall MBAM and both files were recreated, and checking my other machines shows both files too, so I guess they are both supposed to be there.

    Haven't been prompted for mbam.exe on the other machine yet though.
     
  23. antdude

    antdude Registered Member

    Joined:
    Apr 10, 2010
    Posts:
    24
    Location:
    An Ant Farm
    I just manually updated my W10 Pro.'s security protections and mpdefendercoreservice.exe notifications kept popping up so I had to tell MWFC to not to display these notifications.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.