Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Distman

    Distman Registered Member

    Joined:
    May 7, 2013
    Posts:
    12
    I have a issue with 4.4.2.1: When I edit a rule and put LocalSubnet in the the field for local IP, this will not be safed. I not receive an error, it just not be safed. Anyone else with this? IP is working.
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    I just installed this software and it works on my computer and the notification below is displayed on my Windows 8.1 x64 machine when I launch this software. It seems that I miss something. Please export a full policy and send it to support@binisoft.org to check it. Also, please send some connections that you see in Connections Log for which the notifications are not displayed.

    upload_2015-3-29_23-15-5.png

    Please export your full policy and send it to me on support@binisoft.org. Don't delete any rule. Also, please send me some blocked connections from your Connections Log that you know that they should generate new notifications based on your rules set. I will use your set of rules and I will create some connections (from code) based on your input and I will take a look at this problem in debug mode. With my setup I can't recreate this scenario, unfortunately.

    I will find the culprit and provide a solution. Thank you for your help.

    LocalSubnet is a valid input only for remote IP addresses. I will update the validation rule to detect this as a wrong input for local IP addresses. Thank you for reporting this.
     
    Last edited: Mar 30, 2015
  3. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Done, thank you for YOUR help! I'm very sure, you find the culprit!

    Have a great week all!
     
  4. JamX

    JamX Registered Member

    Joined:
    Mar 29, 2015
    Posts:
    3
    Already sent you now a mail, thx for your help!
     
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Hello all. I have found the problem with the missing notifications, there is a problem, but the problem was in the old implementation.

    --- OLD ALGORITHM ---

    With the old implementation of the notification system, when a connection is blocked, the notification system works like this:

    1. It checks against all existing block rules for the same path. If there is a block rule which denies the local port, remote port, remote address or protocol, then the notification is not displayed.

    2. It checks against all existing allow rules for the same path for the same criteria. If there is an allow rule that matches the blocked connection, then a new notification is not displayed. This step is for compatibility purposes because other programs may block a connection, not only Windows Firewall, but all this activity is logged in the Security log.

    But the problem with this implementation is that generic rules that apply to all programs are not taken into consideration. This implementation checks only the rules defined for the same path.

    This means that you can define a block all rule for a specific remote port and when you launch a program that uses that remote port, the notification system does not check against this generic rule and displays a new notification. Which is not correct.

    --- NEW ALGORITHM ---

    In the new algorithm introduced in version 4.4.2.1 I have also added at step 1 and 2 all existing rules for the same path and ALL EXISTING RULES DEFINED FOR ALL PROGRAMS.

    Now, when WFC is searching for matching rules it will check also against the generic rules to avoid the red problem. For this reason, a lot more rules will match the search criteria. Especially generic allow rules which should be avoided.

    So, to cut the story short:

    --- NEW VERSION ---

    I have added a new check box in the Notifications tab. Check the screenshot below.

    upload_2015-3-30_17-32-10.png

    A) When this check box is checked, the new algorithm is used. This is the correct algorithm that should be used. This will reduce the number of notifications because more rules will match the search criteria. Some notifications will not appear because of the generic allow rules that apply to all programs. You should consider removing such rules and replace them with specific rules for specific programs. If you are forced to define an allow rule for all programs, make sure you customize it for specific ports, IP addresses, etc. Do not create generic allow all rules for all programs, because in this scenario, any phone home software will be able to connect to the Internet. This is not desirable.

    B) When this check box is unchecked, the old algorithm is used. It will work like it worked in version 4.4.1.1. But keep in mind this has some limitations, generic rules are not taken into consideration and some unwanted notifications may be displayed.

    But the new thing is that I managed to add support for checking for the LOCATION of a rule. Now, WFC checks against local port, remote port, remote address, protocol and location. Now, we can define new rules for Public location and still get notifications in Private location.

    Please download version 4.4.2.2 from the URL below and let me know if this works for you.

    http://binisoft.org/download/beta/wfc4setup.exe

    Please share your feedback. If everything works fine for you too, I will make this public.

    Thank you for your continuos support.
    Alexandru
     
  6. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Yes, without activate the new option, it works!

    PS: I have sent you an email about the generic rules ...

    PPS: After few tests, the new recognition seems to be also correct. I had activated the new enhanced mode and received correct a notification for ICMPv4 (because the block rules are defined only for non-private locations) ...
     
    Last edited: Mar 30, 2015
  7. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    This is somehow difficult. I would like to know, if a connection is blocked, this is the main reason, I use WFC. For me it's equal, through Win Firewall or another program.

    With this check (if it's positive), the user means, "I receive no notification, all is okay", which this is NOT the case.

    Would it possible to deactivate this check FOR ALLOW RULES - at least as option?

    We should not forget, that the notification part is probably the most important part of WFC for many users, more important than the GUI itself. It's important, that it's ensured (as much as possible), that a user know, if a connection is blocked, even it's not through Win Firewall itself, but at least it's in the Win Firewall Log ...

    With the possibility to deactivate this check, it would be even ensured, that with filter profile low a notification is generated ... so the user would be alarmed about the blocked connection.

    An idea would be: integrating this in the notification level - for ex.:
    [ ] Show all notifications from Windows Firewall log, regardless if generated through Windows Firewall or not

    ...
     
    Last edited: Mar 30, 2015
  8. JamX

    JamX Registered Member

    Joined:
    Mar 29, 2015
    Posts:
    3
    Hello Alexandru! Thx for your mail and your help - it works now perfectly for me with the new version 4.4.2.2 and the new enhanced mode!
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Seems to me if the notification option was moved to the rule level, the user could do whatever they wanted. The default could be on for blocked and off for allow but override able by the user.
     
  10. se7six

    se7six Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    6
    Location:
    United States
    I was having the same issue of no popup notifications. After updating to v4.4.2.2 and checking the enhanced mode box everything is working fine. Thank you for this small yet powerful program. :)
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Please explain this more. I'm afraid that I don't understand your statement. The notifications were always dependent on the existing rules.
     
  12. Daniel Fortes

    Daniel Fortes Registered Member

    Joined:
    Jan 23, 2015
    Posts:
    12
    Hello Alexandru
    With this new version works me everything correctly, notifications advanced mode or normal mode

    When it appropriate update file language to Spanish

    thank you very much
     
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I was referring to the above request:

    This is somehow difficult. I would like to know, if a connection is blocked, this is the main reason, I use WFC. For me it's equal, through Win Firewall or another program.
    With this check (if it's positive), the user means, "I receive no notification, all is okay", which this is NOT the case.


    The option would apply to an existing rule. It would display that the connection was allowed or blocked depending on the existing rule but do nothing more. If the option is set off, then the default behavior would apply.
     
  14. Russ64

    Russ64 Registered Member

    Joined:
    Mar 17, 2015
    Posts:
    17
    Location:
    London, UK
    I just donated and signed up - thanks for a great tool. Looking forward to being part of taking this forward to beat all those "free" firewalls out there........
     
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I also donated and installed WFC.

    However I thought by default, all outbound svchost.exe traffic was allowed. Why are these connections being blocked then?

    WFC Blocked SvcHost.png
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    See my answer here
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,411
    Location:
    Romania
    Windows Firewall Control v.4.4.2.4 - New version

    What's new:
    - New: Added the possibility to choose between the normal mode and the new enhanced mode of the notification system. The new enhanced mode will take into consideration also the generic rules which apply to all programs. The new setting is available in the Notifications tab from the Main Panel window.
    - New: The notification system takes into consideration also the Location. The notification system checks for matching rules based on the following properties: local port, remote port, remote address, protocol and location.
    - New: Added a new link button named "View change log" in the update dialog so that the user can open quickly and check what's new before updating to the new version.

    New translation string
    213 = Use enhanced mode when deciding to display a new notification
    608 = View change log

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 7e1be0857bf54378bc3b3738ca2e71a08a576545

    Thank you for your feedback and for your contribution to this project.
    Alexandru
     
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Thanks. The only one I question is the VeriSign dial-out. Is that one not for certificate checking/updating?
     
    Last edited: Mar 31, 2015
  19. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    That's great, WELL DONE! It works now again as wished!

    For SUCH a good project, which is one of the most important software on my system, is this not a problem!

    Alpengreis
     
  20. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Idea to make more clear the new Option (for new users):

    It would be good to have an explanation string there, for ex.:

    OLD: Use enhanced mode when deciding to display a new notification

    NEW: Enhanced notification mode: Generic rules (Program = Any) are recognized when deciding to display a new notification (it's possible, that not all blocked connections generating a notify)

    ... or something like that ...

    I have this already implemented in the german language file (not yet published, but soon (look on binisoft.org)).

    Alpengreis
     
    Last edited: Mar 31, 2015
  21. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Sorry to be dumb but which will give more alerts, enhanced on or off....I want to be alerted to everything.
     
  22. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    670
    Location:
    Switzerland
    Then it's better to leave the new option unchecked. The side-effect is: you could receive some undesired notifications ...
     
  23. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Okay, thanks for clearing that up.
     
  24. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Ohhhh, new version/versions... looks like this time I gotta' read up before upgrading... thanks Mr Developer!
     
  25. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    I am afraid I do not understand this new feature. I use Medium Filtering with Medium Notifications.
    What are the pros and cons when setting "Use enhanced mode..." active?
    What are the pros and cons when leaving the checkbox for "Use enhanced mode..." empty?

    What is a generic rule? The "System"-rules?
    Can I have some examples please?

    Thank you for your help.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.