Windows Firewall Control (WFC) by BiniSoft.org

Yes, they are special. Svchost.exe is used by all Microsoft Windows services to connect to the Internet. The operating system has some restrictions on which protocols and ports some of these services are expected to execute. This is why for certain services, a generic allow rule will not apply. The same thing for SYSTEM, certain network related actions are expected to happen and allowed only in certain circumstances. If you check the Windows Firewall default rules, there are many rules for svchost.exe and System. They can't just be replaced with 2 rules only.

 

Thanks!

So other than the Windows default rules + WFC recommended rules, it's fine to just ignore any other svchost.exe and System notifications and leave them blocked?

 

WFC recommended rules is a subset of Windows default rules, a minimum ruleset required for basic networking operations. You can use WFC recommended rules as a starting point, on top of which you will add new rules for your custom programs. If you don't need to access/ping your machine from your local network, you can delete all the inbound rules from this subset. Below is my starting ruleset:



No inbound access, my web browser allowed and the rules required for my printer to print papers.

 

@alexandrud do you think these two fields are needed to be included in WFC?
TIA

 

They are not really needed. Windows Store apps/games automatically add the required Windows Firewall rules when you install them as part of their installation routine. This use case where the user will start defining by himself firewall rules for these app packages ids is not a very common use case. In the worst case scenario, where you delete these rules, WFC will notify you to allow directly executable files located under %ProgramFiles%\WindowsApps subfolders. These firewall rules work too, even if they are not targeting a specific package id, but the actual executable file. WFC was never intended to replicate all features from Windows Firewall, especially the ones that have little use. There is no plan to add support for these.

 

Hello
I have not been lucky to find an answer to the following question:
Is it possible to create a rule that allows connections only to the local network, but also to 1 external (internet) ip?

I tried to create 2 rules:
1. Allow rule with a keyword LocalSubnet
2. Allow rule with specific external ip

But it doesn't work for external ip, as a result only LAN is allowed... As soon as i disable 1-st rule, i can connect to external ip.