Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    I'm having difficulty allowing internet explorer? I have no problems with firefox, or any other programs I've allowed.
    I tried making rules by selecting the exe, and also clicking the active window. I've even created rules to allow all the other ie related exe's
    iediagcmd.exe, ieinstal.exe, ielowutil.exe I know I shouldn't have to do that, but I can't think of anything else?
     
  2. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    If you are on a 64bit Windows you will have two versions of IE: the 32bit and the 64bit.

    If you want to allow both versions you will have to allow
    c:\Programs\Internet Explorer\iexplore.exe (=64bit) as well as
    c:\Programs (x86)\Internet Explorer\iexplore.exe (=32bit)

    HTH :)
     
    Last edited: Oct 20, 2014
  3. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    doh :confused:
    I should have figured that out.
    Thanks!

    It still puzzles me why it didn't work when I used the "click a program window to allow connecting" function?
     
  4. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    My guess is that you probably allowed IE clicking the 64bit window - and started the 32bit IE afterwards. Or vice versa.
    Just check your IE-symbol(s) and look to which path(s) it is / they are linked.
    Sometimes - on 64bit Windows - the IE 32bit is started by default.
     
  5. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    The 360S free China AV is creating inbound rules in spite of the option to block any "illegal" rules to be made.Once you restart the PC some Chinise characters show up in the manage rule window :)


    Secondly i really dont understand what Secure Boot option is supposed to do.
    If i enable it ,after restart, i have no network connectivity and whatever preset i choose medium or low connectivity it does not recover.The taskbar icon changes the color ,but in fact it stays stuck on High.To be able to regain connectivity i have to enter interface ,disable the Secure Boot option ,restart PC and then get back to medium or low manually.So is quite bugged.
    Maybe the Secure Boot option should have a timer and disable itself after some minutes from boot.
    For the moment the option looks useless to me.
     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Secure Boot saves the current firewall rules at system shut down in the installation folder, then it sets High Filtering profile. When the computer starts, High Filtering is enabled until wfc.exe starts again. When wfc.exe starts it restores the firewall rules that were saved at the previous shut down. In this way, even if some programs create new rules at system boot, before WFC being able to protect the rules, they are not effective because High Filtering is enabled. Block rules are applied over allow rules. When this feature is enabled, at system start-up the network connections are blocked until WFC (wfc.exe) starts too. It works fine on my test machines. Are there any other users for whom this is not working like described ?
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Windows Firewall Control v.4.1.6.0

    What's new:
    - New: Added support for defining paths of the rules with system variables. However, the path of the rule will contain the full path which is converted by Windows Firewall API. Is this now possible to define a rule like this: "%windir%\notepad.exe" or "%ProgramFiles(x86)\Internet Explorer\iexplore.exe"
    - Updated: If the wfcs.exe service is not available at startup of wfc.exe, it takes 20 seconds to show the tray icon. Now it displays the error icon and retries to reconnect. If the reconnect is successfully, then the status is updated.
    - Updated: The user interface can now detect if the service is stopped by pooling the service every few seconds.
    - Updated: Logging was updated to offer more precise info when a problem is encountered. Possible solutions are also provided in the log when an error is logged.
    - Updated: Some parts of the code were simplified to improve the responsiveness.
    - Updated: Some misspelled words were updated.

    Installation notes: Just use the new installer to update to this new version.

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 425e96c7e1200408abdd4bcb0487260f5006b54f

    Have a nice day,
    Alexandru

    P.S.: Like usually, your feedback is welcomed.
     
  8. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    @alexandrud

    Oh wow, very good new features!

    Thank you VERY much for your work!

    Alpengreis
     
  9. gggirlgeek

    gggirlgeek Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    13
    Location:
    USA
    Win7x64, WFC v.4.0.8.6

    Hello and thanks for WFC. I am very happy I purchased it.

    I need a little help. I screwed up my OS today and I need to recover from an old backup. But, just to make life interesting, I also decided to destroy most of my backups. :cool: ...I have added hundreds of firewall rules in the last 6 months and the backups are gone!

    So now I'd like to know if there is a way to extract my firewall rules without booting into Win7 -- either through WFC, a remote Regedit, or another utility. I haven't overwritten that partition yet, and I have full access through a dual boot Win8 system. I also have a USB boot-rescue disk with all the tools I should need.

    WFC doesn't keep config files of it's own, does it? Should I just grab the registry keys and save them? Will I have problems importing them back into Win7x64?

    Thanks in advance for your help!
     
  10. gggirlgeek

    gggirlgeek Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    13
    Location:
    USA
    Update: The last time I logged off, WFC was in High Filtering mode (no connections.) Does WFC cache the normal rules somewhere until I open up the network again? Probably not but it's worth asking.
     
  11. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    Not automatically but you can Export/Import your rules manually.
    If you have all the latest rules in W8 you could Export them to another drive which can then be Imported to W7 after you have the W7 back up and running.
    Look on the Main > Rules page...
    J
     
  12. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Firewall rules are "stored" in the registry. Find them here:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    HTH :)
     
  13. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    Feature Request

    - The profile choice "No Filtering" should have a demand "You are sure to allow ALL out-/inbound traffic?" or someting like that.

    The reason is: a wrong mouse click is made quickly - and not each system have addtitional defense line(s) ...
     
  14. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    Do we really need this? You already get an alert from Windows Security that the firewall has been turned off and suggesting you turn it back on.
     
  15. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    FW is already off (open) then, and that is the point in my humble opinion. But thank you for your opinion.
     
  16. gggirlgeek

    gggirlgeek Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    13
    Location:
    USA
    YES! I think "No Filtering" should prompt for confirmation as well. Many people, like me, have Windows Security popups disabled (along with all Activity Center notifications because they're so intrusive and annoying. I have to deal with all the other popups -- even at minimal settings.)

    Most people are used to Windows "default settings" protecting them if they disable their firewall software temporarily. However, that background protection IS Window Firewall. When it's disabled there is nothing between you and the world -- No backup. It's easy to forget that WFC is not an additional software firewall. It controls THE ONLY firewall in your computer. An (optional) confirmation prompt seems wise.
     
    Last edited: Oct 29, 2014
  17. gggirlgeek

    gggirlgeek Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    13
    Location:
    USA


    Thanks for your replies. I'm 1 step ahead of you. Last night I loaded the broken OS's registry into a remote editor (the SYSTEM hive at C:\Windows\system32\config\SYSTEM.) and copied the registry keys. After reinstalling, I simply imported the .reg file and my rules were loaded into the firewall. Worked like a charm, and no duplicates! :thumb: I exported the entire key: HKEY_LOCAL_MACHINE\SYSTEM_old\CurrentControlSet\services\SharedAccess. (Renamed all "SYSTEM_old" keys to "SYSTEM" in notepad before importing of course.)

    Thanks for the help guys.


    Alert: I will mention that I forgot to turn off the option in WFC to prevent other software from adding new rules before I did this. However it allowed me to add them through the registry very easilyo_O? :confused::confused:
     
    Last edited: Oct 29, 2014
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    I will add a confirmation message box that will have also a check box with "Don't show me this again".
    Secure Rules works only if a new rule is added through netsh command line or through Windows Firewall API. WFC does not monitor Windows Registry when you import the rules with a .reg file. This is an exceptional scenario and programs do not add their rules this way.
     
  19. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    Perfect!
     
  20. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Sorry for this big delay. So, when I restart my computer and I open WFwAS, NO, I don't see a block rule named "Core Networking - Block all outbound connections". Any idea what could be stopping the rule from being created?

    Right, can't rule out that possibility...WinPatrol is bugged in some ways and haven't been able to get a hold of the developer.

    Bug Report: Updating WFC Breaks Compatibility with Partial Policy Files Made by an Older Version
    I get the following error message when attempting to import a partial collection of policies I had previously created back in July this year...
    WFC Partial Policy Error.png
    Any Ideas? Will be more active on here during this weekend.

    -EDIT-

    I think I have an idea of what is causing the compatibility problem. Opened a new .wpw partial policy file in a text editor (Notepad++) and compared it to the old .wpw partial policy file. It appears the "EdgeTraversal=""" and "Icmp=""" entries are missing from the old partial policy.

    -EDIT-

    Yup, those were definitely the 'cause of the incompatibility. I just replaced every "InterfaceTypes=" entry in the old .wpw file with "EdgeTraversal="" Icmp="" InterfaceTypes=", saved it and it successfully imported the partial policy :)

    Could you by any chance make WFC backwards compatible with all the partial policies? When an entry is missing from a rule in a partial policy file, instead of showing that eror message, just use the default value for that entry of the rule.

    Warn the user that it's an old partial policy and doesn't contain all the current rule entries supported by WFC, so, missing entries will be set to their default value. Then give them the option to proceed or cancel the operation.
     
    Last edited: Nov 1, 2014
  21. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Bug Report: Exporting a Partial Policy Doesn't Update the Variable for Remembering the Last Directory that was Exported to
    • When I attempt exporting a partial policy, it always defaulted to the root of my C:/ drive.
    • Then I attempted exporting the complete policy to my desired directory, it defaulted to the C:/ drive too on first attempt.
    • On second attempt of exporting the complete policy, it defaulted to the last directory that was exported to.
    • Then I re-attempted to export a partial policy, and it defaulted to the same directory to which I exported the complete policy.
    • Changed that directory when exporting the partial policy, re-attempted the partial policy export, and it still defaulted to the same directory to which I exported the complete policy.
    Kindly fix this small but time-consuming bug.
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    I will check this possibility. Right now there is no validation. If it fails because the XML format is different (new entries) an error is logged in WFC log. This is not a priority because the current format will not change very soon again.
    It will be fixed in the next release. The update for the last path used was not called in code when a partial policy was exported.
     
  23. quick_guest

    quick_guest Registered Member

    Joined:
    Nov 4, 2014
    Posts:
    1
    Hi alexandrud, hi all.
    First of all thank you for your work on wfc4. I was looking for a program which is cooperating with windows firewall and program which blocks internet access for all apps by default.
    I have found WFC4 and this thread so i thought i will give it a try today. I am writing this after few hours of fun with your app and noticed something interesting.
    As I am using VPN service from one of them companies with L2TP/IPSec transport it is crucial for me this works good..but does not seem to.
    My VPN app is basic app, just to make things easier and faster like selecting server locations and some informations about connection, some options etc with big connect button ;)
    I have restored WF default rules, then restored WFC recommended rules (so all incoming and outgoing connections blocked -perfect, now we can start configuration of every app we want to connect to the internet)
    My observations:
    App blocking for web browsers and communicators and steam and games works good in wfc4.
    Problems shows up when trying to use my VPN app. It is exe file and there is another exe file working as service in the background. I tried to allow all ports (in and out) on both files, and still could not connect. Then realized
    i need to Enable and Allow rule Routing and Remote Access [L2TP-Out] on port udp 1701...and bam, connected stright away! , however now the funniest part coming...
    There is no difference if i block or allow my vpn app in wtc4 it will still connect to remote server ! :p
    So basically if there is random malware app which is gonna use l2tp over ipsec (on udp1701) will easily connect wherever it wants not being detected by wtc4, huh!
     
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Windows Firewall rules are applied per path basis. Indeed, Windows Firewall will not detect if a file which was allowed was replaced with a different one. Windows Firewall does not have a HIPS module, nor WFC which is just a controller, not a firewall by itself. Detecting malware is something that your antivirus should do, not the firewall which has a different purpose, to allow or block connections. For your specific scenario when the malware substitutes the real file is not very common if you have UAC enabled. But, if the malware gains administrative privileges, usually allowed by the user, then it can disable any service, delete any file, make a lot of harm to your computer. Actually, even a HIPS module can be defeated by the user, because of the number of annoying popups, the user will end to allow a lot of unwanted activity. In most of the cases, the user actions will lead to a potential infection with a malware, even with the strongest firewall, antivirus, etc.
     
  25. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    @quick_guest

    If your VPN service-exe make the outgoing connection only and act on the LoopBack - and NOT the VPN app itself, you can't block your VPN app.

    The reason is then: your VPN app make only a local LoopBack connect to the service. The service make the EXTERNAL connect. And you can't block LoopBack traffic with Windows Firewall (also with WFC, wich is only the GUI for it not).

    It could be the following case for your VPN traffic (only "illustrated" for outgoing):

    VPN-App (IP 127.0.0.1 (LoopBack) (it's your PC)) ---[LOCAL TRAFFIC]---> VPN-Service (IP 127.0.0.1 (LoopBack) (it's your PC)) ---[TO THE EXTERNAL HOST]---> VPN-Server

    So, in this case, you can allow or block the SERVICE but not the App ... (rules for the App itself are effectless).

    If this is NOT your scenario, please provide us with more infos (which exe makes which connection or so).

    HTH and greetings,
    Alpengreis
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.