Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    469
    Location:
    Switzerland
    Also: if the TrueCrypt drive (container) is mounted, the data is not encrypted anyway ...
     
  2. Distman

    Distman Registered Member

    Joined:
    May 7, 2013
    Posts:
    11
    Hello alexandrud,

    thanks for the nice program. For a future version I have a small suggestion. Can you implement on the connection protocoll also a search/filter field like on the rules window. I can filter by blocked/allowed, direction, time and all/recent already. I miss an additional field to filter the final result down. On the rules window I can type svch and it show me only the entries where *svch* is somewhere. This I wish for the connection protocoll also. What do you think?

    Distman
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,780
    Location:
    Romania
    I will give it a try.
     
  4. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    37
    Is there a way to see what's inside connections/packets that are on hold by WFC? For example, right now, I have a WFC notification of a program trying to make an outbound connection over port 80. I would love if I could take a peak inside the packet to see what information is going out.

    I'm guessing this would involve the likes of a tool like Wireshark or Fiddler, but I'm unsure of the technicalities as for how packets are put "on hold" by WFC. In other words, when a WFC notification has fired, is it possible to still capture the packet in some sort of monitoring software? If so, how would I do this?
     
  5. Distman

    Distman Registered Member

    Joined:
    May 7, 2013
    Posts:
    11
    Thank you. I'm looking forward.
     
  6. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    It will be difficult I reckon...
    I've noticed a "x" amount of seconds delay between Wireshark display and WFC Connections log display. I also believe that the amount of security software one has on their PC and how it is set up will also play a factor.
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,780
    Location:
    Romania
    WFC doesn't do any packet filtering, so it is not possible. It works in a passive way based on the events generated by Windows Firewall. When you see the notification from WFC, the packet was already dropped by Windows Firewall, it wasn't paused until user intervention.
     
  8. Sid.D

    Sid.D Registered Member

    Joined:
    Jan 8, 2006
    Posts:
    17
    This is what you will need to capture/analyze packets.

    https://www.wireshark.org/download.html
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,780
    Location:
    Romania
    Windows Firewall Control v.4.4.2.0 - New version

    What's new:
    - New: Search function was added to Connections Log similar to the one from Manage Rules.
    - New: Introduced the concept of read only rules. They are displayed with grey text and cannot be modified or deleted from WFC.
    - Fixed: Modifying inbound rules with edge traversal set to 'Defer to user' generates exceptions in Windows Firewall API. These kind of rules are read only and can't be modified from WFC.
    - Fixed: Unwanted notifications may appear when defining generic rules that should apply to all programs.
    - Fixed: Opening the Properties dialog of a rule fails with an exception for rules defined with a custom protocol which does not appear in WFC.
    - Fixed: Notifications are displayed for svchost.exe when Medium notification is used if a rule for svchost.exe and remote port IPHTTPS is enabled.
    - Fixed: When creating a new rule from the shell integration the direction and the enabled properties of the existing rules are not taken into consideration.
    - Updated: The list of recognized Group names was updated to include new groups from Windows 10.

    New translation string
    044 = Read Only

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 0c39466de3b1d9f76b5489cc7651a3d5906412bc

    Have a great weekend,
    Alexandru

    P.S. If I forgot something (bug fix, feature request) please remember me and I will take a look again.
     
  10. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    Thankyou kindly young sir :thumb:
     
  11. Mrerex

    Mrerex Registered Member

    Joined:
    Mar 28, 2015
    Posts:
    8
    Hello, I have a problem with Steam (+ some Steam games) and Secure rules. WFC is unable to automatic delete rules created by Steam. Can someone confirm this?
    I'm using Windows 8.1.
     
  12. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Thank you again for the update. But I do not understand the "concept of read only rules". Is this limited to what you wrote under "Fixed: Modifying inbound..."
    or are there other cases that lead to the creation of read only rules?

    Thank you :)
     
  13. Distman

    Distman Registered Member

    Joined:
    May 7, 2013
    Posts:
    11
    Thank you
     
  14. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    469
    Location:
    Switzerland
    @Alexandru

    Thank you for new update!

    - The notification system is broken now. I do no more receive any notifications for ICMP (v4 or v6), I have no related block rule there (tested tiwh PING). So the svshost/System notification is broken. Of course, the notification level is set to HIGH.
    Even with a resetted policy, I do not receive any notifications for ICMP.

    - The read only rules: note that is not the case for "Defer to application" - I don't know if this is correct ... I do also not understand the concept of read-only rules resp. WHY is this necessary ...

    - The read only rules are in grey, but (at least) with small font, it's difficult to see the difference to black. Here should be another colour/mode IMHO.

    Greetings,
    Alpengreis

    PS: I send you the new translation soon ...
     
    Last edited: Mar 28, 2015
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,780
    Location:
    Romania
    Are these rues created at Windows start-up ? When you shut down the computer or restart it, do you see these rules ?
    Because Windows Firewall API can't update the inbound rules defined with edge traversal set to Defer to user, I had to introduce this "read-only" rules concept in WFC. This means you can see these rules in Manage Rules but you can't modify or delete them via WFC because Windows Firewall API will just throw an exception. However, you can use WFwAS to do this, as WFwAS doesn't use Windows Firewall API and has different access. So, to avoid doing something that doesn't work anyway, I made WFC to treat these rules as read-only (read-only, just for WFC).

    Other rules with this flag set to true are those two rules used by High Filtering profile. Those rules should not be deleted manually from WFC to avoid synchronization problems between the existing rules and the current profile. In Windows Firewall there is no such thing as block all connections, so WFC uses those two block all rules to achieve this result. They are automatically deleted when the profile is switched from High Filtering.
    I accidentally moved a parenthesis in code and an OR condition did not apply anymore. I will publish very soon a fixed version. Thank you for your fast feedback.
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,780
    Location:
    Romania
    Windows Firewall Control v.4.4.2.1 - Quick fix

    What's new:
    - Fixed: Notifications for System and svchost.exe are not displayed anymore when High notification level is enabled.

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 43a953fe94258edf5a8c290969b3a5930909bcc6

    Have a great Sunday,
    Alexandru
     
  17. Cheval

    Cheval Registered Member

    Joined:
    Sep 16, 2014
    Posts:
    3
    I just installed the 4.4.2.1 and still have the same problem with no notifications showing up. :eek: I even restarted. Anyone else??
     
  18. Mrerex

    Mrerex Registered Member

    Joined:
    Mar 28, 2015
    Posts:
    8
    They're created at Steam startup (installing or updating multiplayer games will make rules for them) if they are removed. They won't disappear after restart.
    There's a partial workaround, though. Importing rules will stop rules creation, but it must be repeat after restart.
     
  19. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    Thanks very much speedy bugfix :thumb:
    Was also about to report this today.
     
  20. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    469
    Location:
    Switzerland
    Yes, does not work yet ...
     
  21. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    469
    Location:
    Switzerland
    Okay, I understood.

    Thanks for fast update! Unfortunately, does not work yet.

    PS: Have a great sunday too!
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,780
    Location:
    Romania
    This is really odd. I have tried the high notification system with version 4.4.2.1 on Windows 10 x64 and Windows 8.1 x64 and they show up. Try to disable any svchost.exe rules and you will see new notifications for it. Also, for System. Looking forward for your feedback.
     
  23. JamX

    JamX Registered Member

    Joined:
    Mar 29, 2015
    Posts:
    3
    First thx for that great WFC software, really love it so i buyed WFC some time ago because of the notification system, which worked very good for me in the past. Since 4.4.2.0 and 4.4.2.1 i have problems with the notification, too. I tested out a fresh and new installed software on my system, the Samsung Magician Software for SSDs, which will check if my SSD has got a new firmware - but it can't get a connection.

    So i looked into the Connections Logs and saw, that it is blocked - and no notification popped up sadly :-(

    Also the Steam Software, as mentioned here before by another user in this thread, came up in the connection logs as blocked, but i had allowed it in the past.

    My OS is Windows 8.1 Update 1 x64

    So the notifications system is still broken in 4.4.2.1 - hope that it will be resolved soon - i'm sure it will ;-)
     
    Last edited: Mar 29, 2015
  24. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    469
    Location:
    Switzerland
    This is not easy. With a resetted policy (state after windows install), the notify for ICMPv4 appears, for ICMPv6 not! With v4.4.1.0, both were perfect!

    I have no related block rule (active). But I have a block for IPv6 for some IPv6 with Protocol ANY - this was NOT a problem in v4.4.1.0! Has the logic changed from changed - because this was a problem in PRE-4.4.1.0, not with 4.4.1.0 but now with POST-4.4.1.0?

    If this so, then it costs me much time for recreate all the single IPv6 rules :-(

    Alpengreis

    PS: I have a block rule for svchost.exe for Teredo (UDP). But I should not deactivate it.

    Hmm ... It seems, I can not work without some block rules. At the moment, I can no more set the WFC filter level to medium, it's not usable for me ...

    PPS: It seems, it's not the terero block rule ...
     
    Last edited: Mar 29, 2015
  25. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    469
    Location:
    Switzerland
    I HAVE IT: I have to receive ALL such block rules, even such for Location PUBLIC and DOMAIN, which should really not influence this scenario, because I had tested this in PRIVAT location. Then it works with PING-test for IPv4 but not for IPv6.

    Sorry, I can so not work with WFC and filter level medium, because of course I cannot deactivate such rules - such ARE definitive NECESSARY here for work in Public WLAN areas for example. I have another solution to deactivate IPv6 things in Public for ex. but I'm not sure, if this safe enough, so the Win Firewall is the most important part to block things in Public areas for ex. - and only for IPv6 I have a such alternative solution, for IPv4 I must block such things with Win Firewall.


    ONE alternative would be eventually possible: I could ev. make these rules with Group Policy (but not all system have the GPEdit.msc) ... I use the GPEdit anyway for one or some important rule/s, because within Win Firewall the related block rule(/s?) was/were automatically deleted with every update of a certain program (without secure rules active, I cannot have this active unfortunately) ...

    However, GPEdit.msc should be not the normal case to block THESE rules IMHO ...
     
    Last edited: Mar 29, 2015
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.