Windows Firewall Control (WFC) by BiniSoft.org

Windows Firewall Control v.4.0.9.2 - New Version

What's new:
- Fixed: AppGuard and Steam can still create firewall rules at boot time when their services start before WFC. Now, the WFC service initializes first and intercepts properly these attempts.
- Fixed: The profile is not reverted by the Install Mode if the system is restarted.
- Fixed: Install Mode can change a higher profile to a lower profile which should not be possible. The description of Install Mode was renamed and the profiles available were reduced only to High Filtering and Medium Filtering profiles.
- Fixed: When switching between multiple connections in notification dialog, the Protocol and Direction become unchecked.
- Improved: When opening a file location from WFC, the file is now selected. In the previous versions the folder was opened but the user had to select the file manually.
- Improved: Consecutive notifications are allowed for the same program only after a period of 30 seconds between two blocked connection attempts for the same program. Consecutive notifications are now allowed. Multiple notifications for the same program will not be displayed because many notifications can be generated, but the info for an already displayed notification for the same program will be updated.

Installation notes: This version can not update a previous version. Please first uninstall any WFC version from Programs and Features available in Control Panel and then execute the new installer.

Please let me know if this version solves the AppGuard and Steam problems.

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 31899e77e710620bea96bc765dedc2c881a8e757

Thank you for your support and your feedback,
Alexandru

 

"Install Mode" is fixed in regard to not lowering from High filtering. Good job, thanks.

Ps, as promised, another donation.

 

Nice update..

My problem has been resolved don't know why and how as you didn't mention any related fix in v.4.0.9.2,

 

Great update. Thank you.

I guess both UAC and WFC are useful to prevent malware from adding rules to Windows Firewall. Have tested WFC in this regard - works really well.

I have another suggestion though. Would it be possible to add an option to be able to save the "Manage rules" datagrid to text file. This will be useful for
comparing different rule sets following an update for example. Please forgive me if this capability is already there but I couldn't find it.

 

Go to Manage Rules. Select all rules by using Ctrl+A from your keyboard. Then right click on the selected rules and choose Policies > Export selected rules. This will export an XML file. You can export a new file after a period of time and then use a tool like kdiff3 to compare them. But, I think this is not required because the newly added rules will be always added on top of the list in Manage Rules. So, if you remember the last rule that you had on top of the list it will be easy to see from that point, which rules are new.

 

Cool. Thanks very much.

 

I just started using wfc, so pardon me if this is a rookie mistake.
I am getting notification of outgoing connection blocked for adobe digital editions, when there is a outgoing rule already created for the program. The logs show wfc.exe blocked at the same time.
is it necessary to create rule for wfc.exe? Same thing happens for bingdesktop program.

http://i.imgur.com/yGJAe4L.png

http://i.imgur.com/kFO0PBs.png

 

How do you create an outbound rule for a program that is run from a USB memory key?

I run HitmanPro from the key. I can create a rule with WFC and it works. However, the rule doesn't work when the key is plugged in again at a later time.

Edit: I found that by double clicking on the rule for HitmanPro and clicking Apply (without changing anything) made the rule work again. Is this a bug?

If it is just a feature of how the windows firewall works, perhaps there could be an item in the right-click context menu "re-establish rule", which effectively just does the same as Apply to make the rule work again.

 

Yes, you should be running under a Standard User account with UAC enabled at all times. Elevate or switch to an Administrator account only when necessary. These will definitely shield you from bad stuff more so than running as Administrator all the time.

 

In my view the issue with Steam creating it s own inbound rules is still pending even with this version.

Maybe i was not clear enough in my description regarding my usage scenario.

I do not use Steam with the "Run at start up" option (when PC starts) in it s settings and it s not left to auto log in by itself either.

So in my usage scenario the Steam application is started/initialized when i click with the mouse on it.Then i insert the password or user and log in.
After i manually log in into Steam the rules are there in the Rules list laughing in my face
If i exit Steam delete the rules and then re-enter/re-log in into my Steam account the rules are once again recreated and this happens over and over at every log in.

I have manually created a block rule for all inbound traffic for Steam to get over this problem ,but i have no idea if my block rule has priority over the allow inbound TCP/UDP that the sttuborn application creates.
Are the firewall rules processed in order ,from up to down on the list or the blocking rules are first checked and then the allowed ones.?!
What is the rule processing chain in Windows firewall?
If the blocking rules are always checked first then maybe i should just let this Steam do it s stuff and move on.I can take some time once a month to clear the pletora of rules it doubles over and over regarding this app.

It s good though that now the wfc control loads even earlier.

 

This may be comparable to the effect on TrueCrypt drives (containers) (see my posting https://www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-19#post-2317394) ...?

It may be that a double click and apply is needed to get the rule becomes active again (not tested at the time). Should I even try next time ...

 

AppGuard is still creating rules.

 

Hi,

I want to report a problem when applications attempt to establish outbound connections and change local port and remote ip quickly , and when I want to accept the connection , WFC hangs and shutdown after ~2 minutes , and through this period the connection still blocked ..

I face this problem with two applications , KAV and googleupdate

PS: I can resolve this problem if I waited a few seconds to make sure the local port and remote ip do not change, after that I can interact with the WFC notifications without any problem

 

Hi Alexandrud,

thanks for the update!

1) Problem with deinstallation:

the deinstallation has the same problem as before the installation. With restricted user account, the deinstallation hangs - it was necessary to close WFC first.

Please add a note about this in deinstallation dialogue.

2) It seems that it's necessary to add an additional Akamai Technologies IP-Block:

23.32.0.0-23.67.255.255 (deploy.static.akamaitechnologies.com). As poster "blix" I had also outgoing traffic to at least one IP in this range.

Have a nice weekend!

Alpengreis

 

Hi Blix

- Traffic from IP 23.41.69.163 and 23.41.75.27 is:
also traffic from Akamai Technologies (deploy.static.akamaitechnologies.com) for which there is already a WFC default block rule (if the proposed WFC rules were chosen during setup) - but not yet for this related IP-block.

I have make a suggestion already to add the related IP-range to the Akamai Techn. block rule too.

- Traffic from IP 207.54.136.56 is:
CONTINENTAL BROADBAND PENNSYLVANIA, INC. (acsepub.contentreserve.com)

I do not know for what it is ...

Greetings from Switzerland,
Alpengreis

 

The problem occurs with other programs but this time without seeing any change in ports/ip , and when I wait a little and try to allow it again it hangs and sometime WFC disappears from system tray and I cant open it again from the desktop shortcut

 

He Alex

Hope that you are well?

Just tried to inline update to v4.0.9.2 and was advised that this was not possible, i.e., uninstall previous version first...which I did. Then installed new version and on load WFC4 reported that it could not subscribe/access the Windows Firewall Service, and so could not run. Checked that the service was running, uninstalled this and put back v4.0.9.0 and not problems at all on load...WFC4 working as expected, i.e., subscribed/accessing the Windows Firewall Service.

Wonder if there is a fault with the installer?

Regards


Baldrick

 

Huh, this is happening on my system now with latest version, was not happening on prior version. Does the timing of a program's installation have anything to do with its placement in the startup queue?

 

Hi,

New problem occurred when I change some rules and tried to see outbound connections log , it hangs and WFC kill it self , but this time I can reopen it from the desktop shortcut .

BTW , the old problem from my last comment resolved by making rules for that program from WFC first and don't wait that program to try to establish connection

 

@alexandrud

- A very little "problem":

After "Export selected rules" from Rule Manager and quit the save file dialogue with ENTER, sometimes (really not every time) the selected rule (or one of them) opens.

- IP field length is too short - we had this alredy in thread ...

https://www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-4#post-2240451

Now it's even worse: Input (from copy and paste for example) is truncated after position 64. Can you fix this again to a max of 1024 chars?

Have a nice week!

Alpengreis

 

An interesting thing, yesterday I was checking my WFC settings and found my notifications set to disabled. Now I know I set this to medium after my last install because I went through my most commonly used internet facing applications and set the rule to allow them after receiving a notification. After resetting the notifications from disabled to medium and rebooting yesterday, I received a notification from appguardagent (and several other autostart applications) and also did not find any of the unusual appguard incoming rules that had appeared on their own. This morning the WFC settings are stable so this may have been a one time thing on my computer or possibly an interaction with some other program. Regardless, I will keep an eye on my notification level and update this if I find irregularities in the future.

 

I have reverted to 4.0.8.6 on my main rig.
On a secondary i have the latest one as it loads faster and got rid off of the annoying permision pop up regarding wfc.
On this one i also had issues uninstalling ,it was doing nothing had to turn off the service then uninstall and reinstall 2 times to make it install properly.Loading the previously exported rules also showed a blank confirmation window.Maybe it was related to net framework issues.

On the main though i have reverted to the 4.0.8.6 because with 4.0.9.2 i have had a BSOD at start up after i have had some kind of a crash of the interface when trying to see the logs.As the logs where not loading and the interface kept crashing i have restarted and at the boot-up a BSOD related to kernel as per BSOD viewer.In the event manager only errors referring to the wfc.It s on a SSD drive this one and i may be very well not necesarely related to wfc ,but to the SSD itself ( i wouldn t buy it again in spite of having fast loads ).
As such i have reverted to what worked ,the 4.0.8.6 on the main.
Until the Steam reported issues ,that still happens as described in an upper post (related to the 4.0.9.2) i will be using the older one.

 

Trying the older version 4.0.8.6 as other user mentioned.
Same results APPGuard still setting rules.
Saying: "Disable of programs to add firewall rules" is not true.

 

Related to the first problem, do you use any software proxy on your computer ? Avast WebShield, Avira WebGuard, KAV, NDIS driver ? Regarding the wfc.exe, it should be blocked. This behavior is dictated by the operating system which tries to check for digital signatures. It appears that the traffic is generated by wfc.exe but in fact the operating system make these requests. THis is an old story and there is nothing that we can't do on WFC side to avoid this.

This is not a bug in WFC. This is how Windows Firewall works. Do you use any encryption software on that USB drive ? Windows Firewall rules are applied per path basis and the rule that you have should work without any problems.

Block rules have higher precedence. They apply first and then the allow rules. Your workaround is ok to fool Steam to think that the rule already exists. Probably they check only if that rule exists with that name and does not create it again. I wasn't able to reproduce this but I'm still investigating the problem.

Doesn't happen here, but I am working on this.

I was able to reproduce this only once with Google update. I will provide a fix for this scenario. Probably there is a deadlock when large number of blocked connections occurs in a short period of time.

I will check the first issue and update that rule.

I will do some tests. It shouldn't be like this. Try this: uninstall version 4.0.9.0, restart your computer and then install 4.0.9.2. Probably a registry key was in use and the installer did not register properly the service for the new version.

Probably it happened also with the old version too. Windows services are loaded by their name in alphabetical order. First the ones set to Automatic and then the ones set on Delayed start. This is why the WFC service was renamed to _wfcs in the last version.

Consider them fixed.

WFC can't generate a BSOD because it does not use any driver. It is fully developed under .NET Framework which can't generate such errors to block your computer. However, the .NET Framework sometimes can be very slow, especially when several updates are installed for it and the framework cache is not regenerated properly.

Only the last version of WFC (4.0.9.2) can prevent AppGuard from creating thoese rules. Obviously, not on your machine. I am working on this.

 

Hi Alex

Thanks for the reply and the suggestion...I will give that a try shortly.

Regards


Baldrick