Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. questions

    questions Registered Member

    Joined:
    May 25, 2014
    Posts:
    55
    Hi,

    A quick question, please!

    I have UAC set on max and "ask for credentials even in admin mode".
    I am able to exit WFC without being asked by UAC for credentials (password) . Is that normal?

    Thanks,
    questions
     
  2. questions

    questions Registered Member

    Joined:
    May 25, 2014
    Posts:
    55
    Another one;
    If I use utorrent I get an inbound warning from native windows firewall and an outbound warning from WFC; I accept both of them, however ,if I check there is no inbound rule created
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    I have installed Sandboxie and executed Firefox and IE through it. I created new rules from Shell Integration and also from the notification dialog and it worked correctly each time. I can't reproduce your scenario. I will do some more tests.
    Yes, it is normal. UAC asks for permissions only when you try to execute a program, not when you try to exit a program.
    Check if you don't have Secure Rules feature enabled in WFC. When it is enabled, only the rules created through WFC are valid. Any other rules are automatically deleted.
     
  4. questions

    questions Registered Member

    Joined:
    May 25, 2014
    Posts:
    55
    "Yes, it is normal. UAC asks for permissions only when you try to execute a program, not when you try to exit a program."

    No sure about this; I use PC Tools Firewall Plus and I being asked for UAC if I try to "Exit"; this is very useful, if you leave the PC open and some other users want to disable the firewall , they have to provide UAC

    WTC can be "exited" by anyone
     
    Last edited: Jan 30, 2015
  5. questions

    questions Registered Member

    Joined:
    May 25, 2014
    Posts:
    55
    You may need to investigate this:

    If I start uTorrent I get two alerts: one from native windows firewall for incoming and one from WFC for outgoing.
    If I answer yes to both of them, a rule for outgoing is created but no rule for incoming ( I checked in win firewall rules).Now I understand that WFC will delete the rule created by native windows firewall , but if I start uTorrent again, I do not get any warning for incoming from windows native firewall and yet the connection is permitted.

    I have to delete the rule from WFC in order to get , again, alert for incoming from native windows firewall.

    As a personal note, incoming rules created by the native windows firewall shouldn't be deleted as long as WFC is used only to create outgoing rules and , in fact is just an "interface" for windows firewall....
     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Perhaps, this software that you mentioned, launches a different process with elevated privileges which has enough permissions to shut itself down, or even it restarts itself with a special parameter for exit purposes. I never heard, until now, of UAC prompts at exit of programs, only if it actually starts something else. For sure, this is not a common pattern for exiting an application. WFC can be exited by anyone and this is how it should be, for any program. The user should be able to close any software that he wishes without extra prompts. Anyway, the rules are applied even if WFC is not running, because Windows Firewall does the filtering. If other users want to disable the firewall when you are not around, then you can lock your Windows account with a password and create for them standard user accounts. But for such scenarios, is also useful the Lock feature from WFC which disables the access to WFC and Windows Firewall.
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    I have no control over the Windows Firewall behavior regarding the notifications for inbound access. This is not controlled by WFC. If your application can be called from the Internet, even if an inbound rule does not exist to allow inbound connections to it, then I would check:
    1. If I don't have a generic inbound rule that applies to all programs.
    2. If this happens with other program too.
    3. If Windows Firewall is not prevented to work correctly by a software proxy or a web filtering module from other security product that I may have installed.

    Secure Rules feature is optional and can be enabled/disabled depending on the scenario. WFC can recognize as legitimate rules, only the rules that are created through it. WFC can't know if a rule that is added from an external source is a legitimate rule created by Windows Firewall as a result of user interaction or if the rule is added by a malware application. For this reason, when Secure Rules is enabled, all rules that are not created by WFC, are automatically deleted. WFC can be used to create outbound and also inbound rules.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    I have reinstalled WFC, and now I can see the logs again, but I still have the problem with rule making from the context menu. It's weird as hell, I wonder what triggers this. I'm using Win 8.1 64 bit, with Sandboxie and EXE Radar. BTW, about my question earlier in the thread, I was being silly, you can block "incoming connections" with the Windows Firewall itself, and it won't affect outbound connections.
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Windows Firewall Control v.4.4.0.0

    Important:
    1. Starting with this version, WFC is targeted to use .NET Framework 4.5. It improves memory management and works faster with the newest .NET Framework 4.5.2 release. The previous WFC releases were compiled to use .NET 4.0 which is outdated.
    2. Partial policy files exported with previous versions are not compatible with this release. If you have old partial policies files, it is a good idea to reexport them after you install this new version.


    What's new:
    - Fixed: Duplicate notifications are displayed for the same program if there are defined custom rules and PeerBlock or MBAM are used to block certain IP addresses.
    - Fixed: Sometimes, the Activate button remains disabled when the user paste the activation code from clipboard. This usually happens when the activation code contains an extra empty space at the end, added when it is copied from the web browser.
    - Fixed: Service combo box selection is not correctly set in Properties dialog for some services.
    - Updated: Added watermark text in textboxes from the notification dialog that may be empty when customizing a rule.
    - Updated: Added 'Open file location' in Manage Rules toolbox and context menu.
    - Updated: Added support for language localization for the following columns in Rules Panel: Location, Active, Action, Direction, Protocol, Interface types.
    - Updated: Code refactoring.

    New translation strings:
    778 = All
    779 = Create
    935 = Required field


    Installation notes:
    Use the new installer to update to this new version or use the auto check for updates feature.

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 72bab85c85c8ff4cf3d312869c0bbab8df37937d

    Please share your feedback.
    Have a nice day,
    Alexandru
     
  10. guest

    guest Guest

    The new version is much faster, you can easily notice it :)
     
  11. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    What was the problem here exactly? Because, I can/must check some rules eventually?!

    It means only prepared for localization, right? Because I don't see any localization.

    Thank you for new update!

    Alpengreis
     
    Last edited: Feb 5, 2015
  12. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Great speed improvement! Thanks a lot :)
     
  13. savalnc

    savalnc Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    53
    Any hope for releasing a digitally signed installer?
     
  14. aaa839

    aaa839 Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    253
    Location:
    Hong Kong
    Bugs Found:
    In 4.4.0.0 when I set the notification level to "low"
    It didn't allow any digital signature program for connection (it didn't create the rules automatically)
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    The problem was that when you open the Properties dialog, for the rules where the a service is defined, the service is not selected in the combo box. No check is necessary, as this problem was a displaying problem.
    If you use a language file, when you go to Manage Rules you will see that the values from the mentioned columns are in your language not in English anymore.
    Not all programs are digitally signed. As long as you download the installer from our website, everything is fine. The program will do the same thing even if it is signed or not. I do not have plans to spend more time again for this. You can read below my last adventure with getting a digital certificate:
    https://www.wilderssecurity.com/threads/another-windows-firewall-control.293143/page-57#post-2169576
    Thank you for reporting this. In the next version it will be fixed.
     
  16. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    All right.

    Ahh, all right, I have "install" it. Wow, looks good!

    Thank you!
     
  17. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    @alexandrud

    About the language file for german: The string "704 = Speicherort" for Location is not the right one, because Location has nothing to do with saving/memory (it's not the FILE location at this point). Here are hopefully better translations:

    704 = Speicherort (Location) =
    a) Profil (this is the translation in Orig-WinFW-GUI)
    or
    b) Anwendungsprofil
    or
    c) Anwendungsort

    (For comparison: "815 = Öffne Speicherort (Open file location)" here it's the FILE location, this is correct).

    And another one: "742 = Vorgaben" is not really good. Better is the the following (as in other strings already too):

    742 = Vorgaben (Policies) =
    Richtlinien

    Greetings,
    Alpengreis

    PS: Thank you to Udo Neher for the translation!
     
    Last edited: Feb 7, 2015
  18. Daniel Fortes

    Daniel Fortes Registered Member

    Joined:
    Jan 23, 2015
    Posts:
    10
    alexandrud can confirm me if you get my mails with Spanish language file

    Thank You
     
  19. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    [Problem with Inbound rules and Edge Traversal NOT set to "Block edge traversal".]

    First problem

    Steps to reproduce:

    - A program add a such inbound rule (for example Spotify make it so) or of course create one in WFW-Orig-GUI. Important is, set the Edge Traversal NOT to "Block edge traversal" - set instead for ex. to "Defer to user".
    - Set a port (local or remote). This is NOT possible in WFW-Orig-GUI (which is right!) but possible in WFC!
    - Do NOT make a Display refresh yet. Make direct an partitial export.
    - Make a refresh. The port is away now (which is right, because it's not allowed to set one)!

    The result is: the partial policy is invalid and it's not possible to import, because it were created WITH the port-value!

    Possible fix: WFC should make a plausibility-test, so it's not possible to create such rules.


    Second problem

    Change the Description of such a rule (see above) is possible but saving is not successful (reset after display refresh)! Note, the group name changing IS successful ...


    Greetings,
    Alpengreis
     
    Last edited: Feb 9, 2015
  20. Jack8

    Jack8 Registered Member

    Joined:
    Jan 5, 2015
    Posts:
    17
    Hi, i am a registerd user but the notifications don't show up, whatever i choose: Medium, High. I have outbound block rules and the programs are actually blocked from accessing the internet, but no notification whatsoever. I allready completely uninstalled and reinstalled Windows Firewall Control (4.4.0.0) and imported the rules again with no avail.
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    If you have block rules, especially generic ones, that block all connections, you won't see any new notification for those programs. Notifications are displayed only for the programs that do not have a rule or for the programs that have an allow rule but that rule does not cover the new connection that was blocked.

    - If you create an allow rule, then the connection is allowed next time, so a new notification is not displayed.
    - If you create a block rule, then the program is blocked on purpose and a new notification is not displayed.

    Try to reset to Windows Firewall default set of rules and switch back to Medium Filtering profile and Medium notification level. Now, if you launch your web browser, you should receive a new notification for it. The same applies for all programs.

    Please give more details about this.
     
  22. Jack8

    Jack8 Registered Member

    Joined:
    Jan 5, 2015
    Posts:
    17
    Hi, thanks for ur quick reply!
    Well, i tried now the following: i don't have a rule for the tor-browser and set WFC to medium-medium. Tor can not access the internet, but i don't get a notification about that. When i set filtering back to low, Tor can access the internet. Again, i don't have a firefox/tor rule, i use Opera.
     
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    If you check the Connections Log, do you see Tor in the recently blocked connections list ? I assume that the notification level is set to Medium.
     
  24. Jack8

    Jack8 Registered Member

    Joined:
    Jan 5, 2015
    Posts:
    17
    Well, nothing from tor is logged ...
    until now: i had the WFC connection log window OPEN and visible and now the notifications appear!
    Clearly seems to be connected.
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Use Clear log to clean the log in the Connections Log from WFC. This will remove all current entries from Security log of your system. Sometimes, the Security log can contain invalid entries and this makes it corrupt. The fact that you opened Connection Log has nothing to do with the ability of the operating system to write new events in the Security log.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.