Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Alpengreis, thanks for attempting to help :) I already understood what our good man Alexandrud explained, but please let me clarify what I explained:

    Torch fails to load pages:
    1. when WFC is installed on the system.
    2. with WFC installed and WF rules for Torch set to ALLOW.
    3. regardless of what WFC Profile I select, even 'No filtering'.
    4. if I close/exit WFC but leave Windows Firewall on.

    Torch works lightning fast:
    1. when WFC is uninstalled.
    2. the Windows firewall is active.

    Regardless of the windows firewall rule for Torch it has problem accessing internet only when WFC is present.
    It still takes longer time to load a page, but a number of tabs fail to load and instead say:
    "Unable to access the network" or "This web page is not available".

    It's ok though, I'm not going to stop using WFC as I like it too much, I really like the interface, I REALLY like using the basic windows firewall but with the interaction that WFC gives, and I want to support what Alexandrud has created. :)
     
  2. Donny

    Donny Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    12
    Is there any chance that we could still have Secure Boot, back - as per the old implementation?
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    I just installed Torch browser on my Windows 7 x64 machine, with WFC installed and set to Medium Filtering profile. It loads the pages in multiple tabs very fast, the same way it does in Firefox or Internet Explorer. I can't reproduce this problem. Everything works fine. Indeed, nice features on this browser.

    upload_2014-11-19_9-17-0.png

    No. I will try to find a different solution.
     
  4. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    @eamusic
    Okay, all right and sorry :oops:

    Thank you for your detailled explanation! I have understood your situation now. And: this is very strange indeed!

    Two ideas (at the moment) ...
    - Torch is a chromius based browser - have you the possibility to test with the original Chrome Browser?
    - Can you activate a debug mode in Torch - maybe you see something there?

    Greetings,
    Alpengreis
     
  5. Ha it's so awesome that you installed it and had a look :) I didn't think the problem would be reproduced, but thanks for testing Torch on your machine. I like Torch too, especially the 'Magic Actions for YouTube' and 'HTML5 Video Speed Control' extensions so it's a bummer I'm having this issue. Anyway I like WFC and this hasn't changed my view, that's why I originally paid you 3 times :)

    Hehe No really no need to apologize :) I am sincerely thankful you tried to help by clarifying Alexandrud's response, all advice and input is welcome. I will take your advice and install Chrome and see what happens, and I will find out about debug mode in Torch.

    Thanks Alpengreis ;)
     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Windows Firewall Control v.4.2.0.1

    What's new:
    - New: In Connections Log a new filter is available in the toolbox. It is now possible to display only the last entry for an application instead of all consecutive entries.
    - Fixed: Rules created from the notification dialog don't have the Group name set.
    - Fixed: Time generated column from Connections Log doesn't display the date and time in the format defined on the local machine.
    - Fixed: High Filtering profile is not set on system restart event when Secure Boot is enabled. It works only on system shutdown event.

    New translation strings:
    680 = Entries
    681 = All entries
    682 = Last entry

    Installation notes: Just use the new installer to update to this new version.

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 0de41fc30500bae6acb1f9cb25f0b1d863ea86b6

    Have a great weekend,
    Alexandru
     
  7. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Cheers for the hard work alexandrud!
     
  8. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    :thumb:

    This is very useful, Thanks again.
     
  9. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Awesome! This just might be the reason why it never worked for me. I've always restarted instead of shut down when looking to test the WFC feature. Gonna give it a shot tonight.
     
  10. Seqteq

    Seqteq Registered Member

    Joined:
    Jan 27, 2013
    Posts:
    4
    Location:
    United States
    I've been a registered user of WFC since it was mentioned on the Security Now podcast, I am very happy with this product!

    This might not be the right place to post this, I'm a newb here. But anyone have any info about the 10/28/14 notepad.exe version 6.3.9600.17415 trying to go out on port 21? I've never had to explicitly block notepad until today.
    The exe isn't signed by MS but seems legit, its in the right place and EMSI didn't find any issue with it.

    http://s3.postimg.org/t5f84cnkj/wonky_notepad.jpg
     
  11. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    Hi Alexandru / all others,

    first, thank you VERY much for new updates, Alexandru! Great job!

    I have a new concern.

    Since it is clear that the following rule is not possible without break the notifcation system in WFC ...

    wfcpost.JPG

    ... and it's necessary to create single rules for each protocol instead, I run into another problem:

    WFC knows only a part of the possible Windows Firewall protocols. For my situation to block all related IPv6 traffic in NON-Private Location, it's necessary to create some block rules for not-known protocols.

    At least these protocols I have to use:

    HTML:
    Decimal   Keyword      Protocol
    -----------------------------------------------------
          0   HOPOPT       IPv6 Hop-by-Hop Option
         43   IPv6-Route   Routing Header for IPv6
         44   IPv6-Frag    Fragment Header for IPv6
         50   ESP Encap    Security Payload for IPv6
         51   AH           Authentication Header for IPv6
         59   IPv6-NoNxt   No Next Header for IPv6
         60   IPv6-Opts    Destination Options for IPv6
    
    The problems are:

    1. I can not create these rules within WFC. This is not a great thing, because ...
    2. I can create these rules of course within Windows Firewall, but ...
    3. I can not really handle the rules with WFC, because after open with WFC, protocol ANY is displayed.

    So, if it's possible - and hopefully without great effort, it would be good, to integrate at least these protocols above into WFC. Even better of course if it's possible to integrate the hole protocol set from Windows Firewall, which should be this:

    http://support.microsoft.com/kb/289892/EN-US

    So other protocols were ensured. Eventually, it would be good, to have these in a separate (optional) list-field to prevent (too much) confusion - labeled as "Other protocols" or something like that.

    Please note, IPv6 have principally no NAT - so such traffic is "point-to-point" (can be also tunneled with different tunneling solutions such as teredo). So in my local situation here, I have a dedicated IPv6 Hardware-Firewall, so it's not really a problem to handle without Windows Firewall. Another case is the use of public WLANs for example, it is necessary to handle such traffic direct through Windows Firewall - because it's not possible to check the technical and security situation there. Another example is the use of VPN - most of such are without IPv6 support - and without blocking IPv6 traffic, the IPv4 traffic is going via VPN (tunneled through router), but the IPv6 traffic stays over the non-VPN connection, which is not desired. And this is a job for Windows Firewall to stop any IPv6 traffic immediately while the location is public and not a job for the hardware firewall.

    So, what is your opinion about this, Alexandru? Of course, each opinion from other users are welcome - but please note first ...

    For the critical people to prevent overloading WFC:

    I know, such protocols are probably not the normal case of many users out there. But: what is, if such rules ARE necessary? And: what speak against, that the WFC is even more compatible to the Windows Firewall?

    So I'm looking forward to reactions.

    Have a great rest of the weekend all!

    Alpengreis
     
    Last edited: Nov 22, 2014
  12. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    This is IMHO not normal. You mean the original in Windows integrated notepad.exe, right? Port 21 is the FTP Port and I never heard, that the original win notepad.exe can or should initiate a ftp-session for open/edit a such remote file.

    IP 15.192.45.26 seems to be host g5u0724.atlanta.hp.com (Hewlett-Packard Company). So, especially if you have a HP computer, it could be related to HP somehow.

    Nevertheless, FOR ME - this behaviour is not normal or even suspicious. Maybe another user(s) know(s) more about this ...

    However, this notepad.exe behaviour has nothing to do with WFC! The notification system of WFC shows you only "a program tries to connect to ...". The behaviour of your notepade.exe would be the same without WFC, but you would not notice. Even the default Windows Firewall setting does NOT block anything outgoing. Also with "Win Firewall Block outgoing setting", you would not notice. It means with Win Firewall without WFC, you could only see this in (activated) Win Firewall Log (except you have other notification system/solution of course).
     
    Last edited: Nov 22, 2014
  13. Seqteq

    Seqteq Registered Member

    Joined:
    Jan 27, 2013
    Posts:
    4
    Location:
    United States
    I absolutely agree :) This has nothing to do with WFC, which is a great product, without which I would never have noticed notepad.exe trying to FTP my server documentation to whoever (HP??).

    This is the Notepad.exe from Microsoft. I should mention I am on 8.1 pro 64 (and PC is Lenovo, not HP).
    http://s4.postimg.org/qtwd5cy9p/notepad_properties.jpg

    And I was able to confirm that notepad was updated to this version in the huge KB3000850 November 2014 update rollup for RT 8.1, 8.1 and 2012 R2 I installed yesterday in a 2012 R2 VM. Of course, the KB article mentions nothing about notepad http://support.microsoft.com/kb/3000850

    Before:
    http://s3.postimg.org/gjdq1rwwj/old_version.jpg

    After:
    http://s3.postimg.org/3qpm1ular/New_Version.jpg

    I've been trying to get notepad to trigger a remote connection again but I have been unsuccessful thus far. I can't think of any legitimate reason for a basic text editor to make a network connection, and this concerns me.
     
  14. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    I heard about notepad connection(s) over http (ev. https too) for check something (certificate-thing?) to MS- and/or Akamai-Servers (or so) (if I remember correctly) - never something about FTP port. But it's my private experience only - I know too little about it. Also, I don't use Win 8.x.

    If this was an update, it COULD have to do with this, I don't know.

    Anyway, because it's not a WFC thing, IMHO it would be better, if you ask THIS in other (suitable) place.

    However, I hope you can "solve" this thing!

    Alpengreis
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Done. I have added all protocols from WFwAS in WFC, including protocols 50 and 51 which are not available in WFwAS. Currently I'm refactoring a lot of code to improve the performance, but when I will publish the next version, the requested protocols will be available.
     
  16. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    Oh WOW, that's so GREAT news!

    Thank you VERY VERY much for your work, Alexandru!

    Have a nice rest of week and greetings!

    Alpengreis
     
  17. JohnnyTrevor

    JohnnyTrevor Suspended Member

    Joined:
    Oct 1, 2014
    Posts:
    8
    I just discovered this very good software and I have some first questions:
    1) Is is possible when the popup displays an IP address to also display the relevant hostname (if available)?
    2) What about having a button for "Allow Once"?
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    1) Not very reliable. I have tried to add the host name in the tooltip, but check the screenshot below. How does this help the user ?
    2) Great idea. Not possible.

    upload_2014-11-28_14-46-58.png
     
  19. JohnnyTrevor

    JohnnyTrevor Suspended Member

    Joined:
    Oct 1, 2014
    Posts:
    8
    Thank you for your reply and you nice program!

    1) Well, I also don't like the tooltip
    As a user I would prefer (in those cases that a hostname is available) something like this next to "Remote":
    Code:
    57.12.222.111 : 80
    (111-222.eu-west.blah-blah-blah.com)
    Sometimes it is helpful to directly know the hostname of an IP that a process tries to connect :)

    2) Isn't it the opposite of "Block for now and ask me later" or something similar to "Temporarily allow for (let's say) 1 second"? Is there a restriction in Windows FW that prevents you to do it?
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    1) The question was about the result, which is not useful. I agree that the tooltip is not the place to display this info. The .NET Framework does not resolve the hostname that we want based on the IP address. For example, on this server with IP 50.87.146.202, where binisoft.org website is hosted, there can be hosted multiple websites. Which hostname should be returned if for this IP address we find 50 websites ? I don't think there is a reliable solution with just .NET code.

    upload_2014-11-28_23-27-30.png

    2) Read here the answer: https://www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-16#post-2299399
     
    Last edited: Nov 28, 2014
  21. twu2

    twu2 Registered Member

    Joined:
    Nov 29, 2014
    Posts:
    1
    I've issue for notification here:
    I got notification for some (svchost.exe and system) rules already created. If create it again, will get duplicated rule.

    Feature Request:
    Is possible to retrieve the service name and create the rule with service name like 'Windows Firewall Notifier'? (https://wfn.codeplex.com/)
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Windows Firewall Control v.4.2.0.2

    What's new:
    - New: Added support for all protocols available in WFwAS in Properties dialog.
    - Fixed: The hidden notification area from system tray remains open if the user opens the right click context menu on WFC tray icon while the icon is hidden.
    - Update: Code refactoring and code cleanup.

    Installation notes: Just use the new installer to update to this new version.

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 80a42c94df24c5202a5edd483266d2530c459221

    Have a great day,
    Alexandru
     
  23. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    797
    Thank you, running v.4.2.0.2 now.
     
  24. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    I had also problems (long time ago) with this behaviour (at least with svchost (service) things). It was not an easy thing to handle single (restricted) service rules. So for now, at least, I do not make single service restriction rules (I believe MS does also not recommend this).

    I had TRIED to find out the problem - maybe it COULD something to do with "internal processes" - for example: a service starts another service and this is then blocked, but it does not appear in the security log (or something like that), so the notification system cannot "see" this ... but I'm completely unsure about this and it was never clear to me ...

    Edit: Also wakeup from sleep/hibernation could be a problem ...

    I wrote a request for this already. Look here ...

    https://www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-16#post-2301534

    I have also found out after some tests (it seems to be at least), that it does not necessarily have to be a unique service name for a PID.

    Alpengreis
     
    Last edited: Dec 3, 2014
  25. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    Hi Alexandru,

    [... SNIP]

    I have now started to make the rules with the necessary specific protocols (the new) ...

    Your integration is perfectly solved - thank you VERY much for this and your work!!

    Many greetings,
    Alpengreis

    Edit: One info about the new protocols ...

    If - for example - in WFwAs a rule is created with user-protocol number 3, then in WFC this no. 3 is displayed ... so far so good. If this rule is open for editing, the Protocol "Any" is displayed, which is not correct. After a change - not the protocol - the protocol 3 remains, wich is desired. So it's basically a cosmetic thing.

    For me personally, it's okay to leave it so and it's not a must to "fix". Nevertheless I report this behaviour to you ...
     
    Last edited: Dec 2, 2014
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.