Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. aaa839

    aaa839 Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    253
    Location:
    Hong Kong
    I think i face a bug
    started with one of the update
    i didn't see any prompt when i set the notification to low
    and I see the manage rules windows
    all the recent activities windows got the block rules created automatically

    Also sometime I cannot open the WFC windows when I open it it will said Visual J# Error...
     
  2. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    484
    Location:
    USA
    Ok. Everything else is working great. Thanks for all your efforts.
     
  3. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    So, if I understand correctly, you're saying that after some WFC update, you were no longer getting notifications for certain programs while the notification level was set to "Low" AND rules were automatically being created? If so, that's normal; the low notification level automatically allows (and probably creates a new allow rule for) digitally signed programs, with a valid signature, to access the network/internet and displays notifications only for unsigned programs. If you want to see notifications for all non-system applications that attempt accessing the internet, set the notification level to "Medium".

    Sounds like a corrupt installation OR some other program interrupting the start-up. What's the error code?
     
  4. aaa839

    aaa839 Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    253
    Location:
    Hong Kong
    I explain more clearly...
    the problem is after I set to low,WFC cannot create the rules to allow any program with digitally signed programs
    it will create a blocking rules automatically
    also it did not prompt any windows for non-digitally signed programs so it will create a blocking rules for non-digitally signed programs too
    2>
    WFC have start correctly, the Visual J# error was appear sometime only when I open the WFC windows from notification area

    I have try to reinstall WFC but no help...
     
    Last edited: Aug 5, 2014
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,127
    Location:
    Romania
    Something is not right. WFC does not create block rules out of nowhere. If a program is digitally signed and you use Low notification level, it will create a generic allow rule on the first attempt of connection of that program. But never block rules. If a program is not signed you will get a new notification, but if that program already has a rule, the notification will not be displayed.

    1. Which version of WFC do you use ?
    2. Which version of Windows do you use ?
    3. What other security products do you use ? Antivirus, antispyware, etc.
    4. Do you have "Disable the ability of other programs to add firewall rules" enabled ? If you disable this option, do you see new rules added in Manage Rules window after you execute a program without a rule ?
    5. WFC is created in C# (.NET) not J# (Java). I can not see how you could receive such an error from WFC. Can you please post a screenshot of the error ?
    6. Please go to Event Viewer (eventvwr.msc). Under "Applications and Service logs" category, there is a subcategory named WFC. Here are logged all errors from WFC. When you are there, on the right panel is a button named "Save all events as...". Use this button to export an *.evtx file and send it to support@binisoft.org to check the log.
     
  6. aaa839

    aaa839 Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    253
    Location:
    Hong Kong
    Yes wfc not creating the blocking rules
    but after I setting the low it will creating the blocking rules for digital signed program instead of rules of allowing
    because I take a look at the mange rules windows,it showing the blocking rules created by WFC automatically
    (before that I do not have this problem,i was found in one days when I was using the program...quite weried)
    1.4.1.0.2
    2.Windows 8.1 zh-tw Professional X64 with Update 1
    3.Avira AntiVirus Pro(but have not install the management windows firewall component)
    4.I do not enable the Disable the ability of other programs to add firewall rules
    5.it happen before but I can't reproduce now....(maybe I am remeber the wrong name,it may the visual c# error instead of J#
    6.I cannot find the subcategory named WFC in Applications and Service logs category....
     
  7. Paranoya

    Paranoya Registered Member

    Joined:
    Nov 4, 2013
    Posts:
    59
    Are you perhaps experiencing the same behavior as me, that WFC itself seems to be doing some signature validation? Every time WFC prompts about a connection I have 2 additional connection attempts from wfc.exe
    I'm thinking what happens if you have Notifications set to Low and the check for valid signatures fails because of this?
    http://postimg.org/image/n6zxkrcq9/

    But again I'm not exactly sure what the connections from WFC are. I haven't allowed them but still Low Notifications seem to work. I've read that Alexandru said it's the OS making the connections but somehow they appear to come from wfc.exe instead. A .NET thing maybe.
     
  8. aaa839

    aaa839 Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    253
    Location:
    Hong Kong
    No My WFC seems didn't doing the signature validation
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,127
    Location:
    Romania
    Indeed. I was able to reproduce this. The rules created by the Low notification level are block rules in version 4.1.0.2 instead of allow rules. I will fix this in the next version. Until then, please use Medium notification level.
    Those IP addresses are from Akamai Technologies and are not requested by WFC as we are not affiliated to these services. The only IP where WFC should be allowed to connect is 50.87.146.202, but only on manually request for updates. This is our website. Other connection attempts should be blocked, as they are generated by the operating system.
     
  10. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141
    Bonjour Alexandrud,


    Sorry for my english...

    I have a registered account, after uninstalling WFC4 I cannot delete "WFC" in the Windows event viewer, how to do please?



    Windows 8.1 64 bits - antivirus Windows Defender
     
    Last edited: Aug 10, 2014
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,127
    Location:
    Romania
    To manually delete a custom category from Event Log do the following steps:
    1. Run regedit.exe and navigate to the following key: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]
    2. Delete WFC log folder.
    3. Now if you run eventvwr.msc again the category was removed.
     
  12. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141
  13. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Is there anyway WFC can be used for ip addresses only...I had to add some yesterday via the Windows Firewall Wizard however, they were removed if WFC was running...I turned off WFC and went through the Wizard again and they remained after turning WFC back on and showed up on the WFC interface.
     
  14. aaa839

    aaa839 Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    253
    Location:
    Hong Kong
    Hi alexandrud,When I have installed the WFC I didn't see this catalogue folder in event viewer
    How do I manual adding it for troubleshoot?
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,127
    Location:
    Romania
    The WFC subcategory in Event Viewer is added on installation if it does not exist. It is added through functions provided by the .NET Framework. Please backup your rules, uninstall WFC and then make a clean install from scratch of the latest version. It should add WFC in Event Viewer.
     
  16. Blaspie

    Blaspie Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    13
    Does "Find invalid rules" also look for duplicate rules? It doesnt seem like it. Maybe it should.
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,127
    Location:
    Romania
    It finds rules for executable files which are not anymore on the disk. These are considered invalid rules. Duplicate rules are valid rules. Is not that simple to find duplicates rules. Based on which criteria ?
     
  18. Kob

    Kob Registered Member

    Joined:
    Dec 13, 2011
    Posts:
    39
    May I suggest to re-word ""Find invalid rules" to ""Find orphan rules" ?
    "invalid" has the connotation of illegal definition, not a lost association between two related entities.
     
  19. aaa839

    aaa839 Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    253
    Location:
    Hong Kong
    NONO
    Find invalid rules not have grammar mistake
    also invalid in here was not meaning "not in connotation of illegal definition"
    Invalid was an (adj) here, to decript the rules which was not correct format(exist path was not here anymore)

    According to Oxford dictionary
    invalid(adj)
    (Of computer instructions, data, etc.) not conforming to the correct format or specifications.
    http://www.oxforddictionaries.com/definition/english/invalid#invalid-2
     
  20. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK

    I'll take that as a 'no' then.
     
  21. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    From what I have seen, only IP's are used in both W7FwAS and WFC. I haven't seen any option to use domain names instead. I do all of my firewall rule mods in the W7F / Advanced Security window, using WFC as an interface only (mostly for the Connections Log). I haven't noticed any rules disappearing because WFC is running, as long as the "Disable the ability..." option is unchecked.

    In regards to Wizard, are you referring to clicking on "New Rule" on the right hand side?
     
    Last edited: Aug 19, 2014
  22. peter_brown_usa

    peter_brown_usa Registered Member

    Joined:
    Aug 20, 2014
    Posts:
    24
    Hello,

    I am having a little issue with WFC

    I have installed an SMTP server on a home PC to run my emails.

    With WFC switch to NO filtering I can connect to the SMTP server and send/recieve emails. Switching on the filtering to Low or Medium blocks access to sending and recieving emails.

    The mail server only has one rule in WFC and that is to allow all protocols etc so I can not see this rule. I have deleted the rule and tried sending/recieving again but it still is being blocked by some other rule.

    As there is no logging I can not see what rules are being used to blocked as I try a send and recieve.

    Is there something I am missing or could someone shed a light on which system rule might be blocking the connections.

    Thanks
     
  23. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    564
    Location:
    Switzerland
  24. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK


    What I was trying to do was block certain ip's....For example itunes...Instead of blocking the exe. I was trying to ip block the ip's it uses....I find most of those via fiddler, get the ip's from the address and block them....As for the wizard I meant Windows 7 firewall wizard.....As in, new rule> custom > scope....That allows me to block an ip or a range of ip's (no exe or file needed)....I don't see a way of doing that with WFC....If I use the windows wizard to create the rules with WFC running they don't 'set' I have to turn WFC off, set rule and then turn it back on and they then appear on the WFC GUI :)
     
  25. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Ahhhh gotcha now... I have been doing that for the past 2-3 weeks for various IP's, got a decent list going too...
    Wish I could help ya' out... works for me but not for you, that just sucks nuts.

    Fancy trying something, just for the hell of it? Apologies in advance if you have already done something like this...
    1) Disconnect Internet
    2) Export your rules from both W7F and WFC
    3) Uninstall WFC and restore default rules in W7F
    4) Reboot twice then run a registry cleaner, such as CCleaner or PrivaZer (I think for this issue, I'd pick PrivaZer - along with cleaning pagefile at shutdown through the app)
    5) Install WFC 4.1.0.2 (doubt any support can be provided for older versions)
    6) Import your rules back into W7F, activate internet and reboot
    7) In WFC, untick the "Disable the ability..." option and get out of the program (leave it running in the icon section of taskbar)... Make some more IP dependant rules...

    See how that goes... also, what is your UAC setting? Mine is turned off fully (never notify)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.