Windows Firewall Control (WFC) by BiniSoft.org

It's unnecessary statistics with no practical use. Use sorting by name, Search field, that's enough to understand.

 

Hello, noticed with last windows update there was some huge ethernet changes to the settings which basically broke my setup.
VPN + WFC + Windows update(24h2) -> Will cause issues.

Had to uninstall NordVPN had to tinker and after like 10 restarts I got i to work as I want again.
1. Uninstall NordVPN entirely
2. Uninstall WFC
3. Restart, check connection.
4. Install NordVPN -> if you use older version due to split tunneling only working with older then make sure you disable nordupdater service (you'll have to do it twice as it activates during initial execution of the app)
5. Make all settings you need for NordVPN, don't enable anything before this -> make the setup then when you are entirely done with nordvpn setup you go ahead to next.
6. Activate nordvpn make sure the connection is as you want.
7. Install WFC, make sure to allow all applications that are running (note it's accepted via nordvpn connection, so you still have to do with your regular connection as they differ to WFC)
8. Block NordVPN updater app via rightclick shell extension of WFC (you can toggle this feature in the app)

If anyone wonder which version works somewhat okay with split tunneling on nordvpn it's: 7.26.2.0

 

I will use this topic to announce a new translation tool which is related to Biniware Run, but also to Binisoft Windows Firewall Control. For multi language support, check this out:

https://www.wilderssecurity.com/threads/biniware-run.411208/page-17#post-3217552

Creating a new translation file or updating an outdated translation file is now an easier task.

 

For anyone looking for an Alternative VPN:

Luckily, I have had no troubles with 24H2 and SurfShark VPN's latest update with OpenVPN or WireGuard protocols. I can designate websites by app or by IP/URL to bypass the VPN (Tunneling?) when required. I did have to uninstall MBAM to get SS to install - it didn't like it. However, it did install OK after I rebooted. WFC seems fine. SS's inbuilt AV works OK now with MBM & WD, but is a resource hog, so I disable the SS AV service. SS's 'CleanWeb' filters out baddies at their server level, so it doesn't impact performance at my end. SS is cheap too!
(You can elect to NOT add their AV at the time of subscription, but it stays in your account until the subscription expires.)

 

Sold, I am on 6.4.0.0 for very long time, but sick of all these program updates in their own version'd folders. Will update and use this feature.

 

Can make onedrive and office less annoying by putting them on enterprise update schedule in group policy, so only about once a month instead of every few days. I do plan to try this new cool auto rule feature though.

 

Did a quick test (mostly by accident) and it seems that an allow rule "wins" over a notification exception i.e. the connection is allowed. Is this expected? Looks like it shouldn't, since firewall allow rules come third on the above priority list/checks.

 

Hey I might have stumbled on a bug with the Request Elevation functionality:
1. Logged in as a local non-admin account on a Windows 10 machine with UAC disabled
2. Clicked Request Elevation; it restarts with read/write access to firewall w/o anymore interactions

 

I am afraid that I do not understand. A notification exception will just suppress a notification. If a connection is allowed the notifications system does not even kick in. Only blocked connections are triggering the logic. An allowed connection is allowed and there is nothing to verify about it. Can you please give more details about your scenario. What notification exception did you create and what was the expected behavior? Thank you.

 

Yes, I now understand, I think. Got confused by this: "A notification exception will stop the evaluation of the existing firewall rules", assuming it included existing Allow rules as well (which would essentially bypass the notifications exceptions).

But now (sorry) I'm confused about : evaluating the event in this order:... ... Existing firewall allow rules

Why would it bother to check Allow rules, if allowed connections won't trigger the notification system anyway?

 

All dropped packets are logged in Security event log. The source of the block may be a Windows Firewall rule, a DNS proxy, a web filtering module from your antivirus, etc. All these dropped packets are logged in Security event log and there is no property saying which is the source of the block. Let's say you allow your browser and create an allow rule for firefox.exe. Now, you want to visit a website which is blocked by your web filtering module of your antivirus because it appear to by malware related. A packet is dropped. WFC receives an event about this and will decide if it should display a notification or not. Since you have an allow rule for firefox.exe, do you want to see a notification for firefox.exe each time your antivirus blocks a website? I guess, not, otherwise you will think that WFC does not know about the allow rule. Why would it show repeated notifications for firefox.exe? You allowed it, right? This is the reason why also allow rules are part of this logic.

 

Many thanks for the explanation.

 

Hi everyone !! I like very much Glass Wire but unfortunately I can afford subscription and I was looking something instead with decent settings functionality and design ! Apparently WFC is what we have so far ! However as soon as I star use it, I run in issues which I cant solve by myself !! Can someone help me ! Where I don't see the problem !?
- So I use Medium Filtering Profile and was ok ! for first 24h but later I realized that 2 programs give me problems I mean can't connect internet no matter how many ways I give them access with right click, in rules panel, so still not full access !! 1 - eMail client 2- Waterfox portable browser ! and don't know other programs ! maybe there a re more but I didn't discovered yet !
Both programs have limited access to internet and when trying to use them in access log I can see a big list of requests and I created custom profile from all that list but still no full access !!
Now my question is why these programs are limited in connection if I already added main program in white list ??! Shouldn't firewall automatically allow any children processes or request to whyte list ?!? where should I look in

 

What is this "whitelist" you mention? Please describe how you are adding programs to it, the exact steps.

 

With these rules in place, everything works correctly.
Firefox.exe.
Allow UDP out - Local ports: all; Remote ports: 80,443,8080,8081; Local IP: any; Remote IP: any.
Allow TCP out - the same.
There is no need for rules for incoming connections.
Some extensions may require you to open some other remote port.
Put firefox.exe into notification exclusions!

Thunderbird.exe.
Allow UDP out - Local ports: all; Remote ports: 443; Local IP: your local IP; Remote IP: any.
Allow TCP out - Local ports: all; Remote ports: 25,143,80,443,465,993,8080,587; Local IP: your local IP; Remote IP: any.
There is no need for rules for incoming connections.
Other clients may need to open some other remote port.

Do not pay attention to 127.0.0.1, LocalHost connections, Windows Firewall cannot handle them, but WFC can issue alerts and log entries.

 

excuse me but i mentioned this "no matter how many ways I give them access with right click, in rules panel, "
1-right click on exe and use MWF menu to allow through WF
2-going to bottom left button with the name Manage WF rules > browse to allow button from right panel !!!
3-going to bottom left button with the name View WF connections logs > then refresh the list > select all connections for the same program (email client in my case) > right click and select Customize and create > then you'll see window like in screenshot below and then create new rule !!
I hope now it clear enough guys !!

Thanks I'll try it right now, also I don't pay attention on the window I uploaded there are a lots of options and ill play with that to see the results !!
However I guess this shouldn't be a problem after I used way described above !!

 

Ok so after few minutes I realise something weir !!
In relation to the browser as you can see in attached images 01 bellow I literally allow every ports ! and still no access to Browser !! but more weird is that as soon I open the browser I'm getting lots of connection request form WF (image 02) and despite the fact that I'm allowing all requests WF still blocking them !!!?? how come ?!
and third weir thing is that eMail client its not visible in list of rules !! I added many times but its not there !!?! I'm not sure now where is the issue !!?? and is the issue in setting or in program !!

 

@marius_ss Install "System Informer" program, open its "Firewall" tab and see which filter rules are blocking your connections.

 

I downloaded the same portable Waterfox browser from https://portapps.io/app/waterfox-portable/ and extracted to a folder. After creating the rule below (from the notification dialog) it can connect:



Let me ask you this. Do you have a rule for DNS Client? This one:



Without this rule, all browsing requests will fail. If you have this rule and the rule for your browser and it still can't connect, please provide more details. Do you have another firewall controller installed, another firewall, any proxy, 3rd party antivirus with web filtering module. Something that may interfere with Windows Firewall?

 

1-I've checked is green allowed
2-I have Pi Hole on my NAS and traffic going through it >>> I turn it off and nothing changes but I should have issues before I installed WF ! never had before any issue like these!

Thanks a lot very useful soft !! I've checked what you mentioned and nothing was there when MWF was off as soon as I turn it to Low filtering profile its start getting big list of "system" "drops" from Port Scanning Prevention Filter! at this point Waterfox working well ! but if I'm switching to Medium filtering which is default mode for me then on list I start having Waterfox and Steam apparently dropping connection out with rule "Default Outbound" , also at the same time receiving request to allow connection for Waterfox and no mater how many times I allow its still blocking it !! I might try to uninstall the WF and install it clean and setup from the beginning !! Didn't expect such pain in ***!! Something is definitely with WF settings or rules !! As soon I turn profile from low filtering to medium **** is starting !! but that still doesn't explain why after allowing nothing is changing and if you want more weird crap without explanation ?! there it is :> in Rules panel some programs or services are blocked ! I'm turning them to allow ! but after refreshing they are go back to red = blocked !?!?! ! I think reinstalling will bring more answers !!

 

Allowing waterfox.exe multiple times does not solve the problem, keep just one rule and remove the other duplicates.

Make a backup of your rules and then restore Windows Firewall default set of rules. Now switch the profile to Medium Filtering profile and start your browser. You should see a notification about it. Create an allow rule and see if it works. If it works, in your original rule set, you had one or more problematic rules. When you try to convert a block rule to an allow rule, does it fail for all rules or just for some specific ones? Did you check WFC log in Event Viewer to see what error is logged in there?

 

so I didn't expect this ! I re set the setting and did as you recommend! but WF still block those apps !!no any notifications from WF ..went to uninstall WP and YES obviously i chose to re set setting as it was before installed WP and automatically did restore point! and guess what ? …… ..
BUT HOLD ON.. I restored the point before uninstall WP! which I just created ! what do you think! crap ! not only give me same BSOD but now no any account to do something
So at this point I don't know what to think ! I rather blame on windows 10 that on WP… But this is the result of trying to use a **** firewall …

 

I am really sorry that you have problems with your operating system. WFC is just an alternative UI for Windows Firewall which brings a few more features which are missing from the Windows Firewall. WFC does not install any driver, does not do any packet filtering, is not even aware of any active network connection, and it is using NET Framework. It can not create a BSOD or break the OS under any circumstance.

 

I'm back in the system but now I'm afraid to uninstall WF !! I blame on widows 10 because since I moved from Win8.1 few weeks ago keeps giving me "surprises" and I don't know how t **** to work with it !! My Win8.1 was working for years without any issues under stress sometimes on hardware designed for Windows 10 !! , What's this Toilet 10 is about don't get it !!

 

Marius, Back to basics, some options:

What version of windows are you using? Have you tried running "SFC.exe /scannow" from an admin command window? it may fix your BSODs. You can also try running "DISM /Online /Cleanup-Image /RestoreHealth" from the admin command window after sfc if it finds/fixes any erors. (you might want to run those commands from a 'safe mode' boot-up.)

have you tried WFC medium profile with notifications set to 'learning mode? (remove all those waterfox rules 1st)
in the OS, find the exe in explorer, right click & select 'allow thru firewall'. What antivirus? VPN? What DNS setting do you have in Waterfox settings. what DNS server are you using in win10 Ethernet settings (DHCP or a manual setting?). If you use 'cloudflare' for DNS, that can occasionally cause connection errors

Do you have any Waterfox extensions? If so try turning them all off, if it works then, turn them on one by one until it breaks, remove that last extension that broke it...

I'm using win 11, WFC & Malwarebytes AV, surfshark vpn & have dns settings inside Waterfox set to turn DOH off. Waterfox 6.5.3 works fine. I used the installer version NOT the portable.

If you are on an earlier version of windows, I always recommend people upgrade to the latest Windows version (win11) to take advantage of it's added security, win 10 & earlier are obsolete and win10 won't be supported soon. If you have a hardware/software reason to NOT upgrade, you might want to bite the bullet and upgrade your kit &/or software.