Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. JimmySausage

    JimmySausage Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    55
    I can't figure something out. I'm using a vpn. Whenever I go through their network my Rules are deleted. However, when I disengage the Rules are populated again. However, NOT always.
    Sometimes I have to restore my saved Rules because they get deleted. Can you help me with this please. What am I doing wrong?
    Thank you
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Which rules are deleted ? The rules related to the VPN software or random rules from your rules list ? There are software vendors that will automatically create rules for their software to ensure compatibility in case the users are using Windows Firewall. These rules are then removed by the same software when the program is closed down. Can you check with your VPN software if this is the case ? Make sure that you disable Secure Rules feature from WFC. In this way you will be sure that WFC does not delete any of your rules.

    WFC deletes Windows Firewall rules only if:
    1. Secure Rules is enabled and a new rule is not created through WFC. A rule created from outside of WFC when Secure Rules is enabled, is considered unauthorized.
    2. The user defines a temporary rule from the WFC notification dialog and this rule expired. Such rules will be deleted by WFC, but this kind of rules can be defined only with WFC because this concept has no meaning outside of WFC.

    If you are not in the scenarios described above, then you must find the source elsewhere.
     
  3. JimmySausage

    JimmySausage Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    55
    Thank you for your response. I'm going to have to experiment a bit.
     
  4. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    It might make your job easier if you use the Connections Log. For example, remove all VPN rules, and then try to connect. Every time it bounces back, it will report in Connections Log. Then you can right click the rule, and select Customise and Create.

    If your VPN pushes its own DNS addresses, you will need to duplicate the Core Networking - DNS (UDP Out) rule, disable the original and populate the duplicated version with VPN DNS addresses. <---- This assumes you are denying internet access till VPN connects. If not, please disregard.
     
  5. tralston

    tralston Registered Member

    Joined:
    May 18, 2015
    Posts:
    4
    Sorry, I forgot to mention that I already had this enabled from the beginning. And those rules are definitely in my list, and enabled, allowed, and inbound. Interestingly, I found a new piece to this mystery today. Like I said, on Medium filter nothing connects via RDP. I tried setting it to low filter, which as long there's no block rule for RDP, it should let it through. But no luck. I have to disable the firewall completely for RDP to connect.
     
  6. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    You don't have to disable the firewall. When it fails to connect, please consult the Connections Log on the remote machine where the connection is refused. Check the recently blocked inbound connections. You must see there what was blocked when you tried to connect and you will make an idea what rule is missing.
     
  7. tralston

    tralston Registered Member

    Joined:
    May 18, 2015
    Posts:
    4
    Here are some pictures to help illustrate:

    Exhibit A: The rules defined on the remote client. All I did here was open the rules and filter it by port 3389. Notice how some rules are duplicated, so I think I have all my bases covered.

    http://s17.postimg.org/gywaynjcf/Client_rules.png

    Exhibit B: The inbound connections blocked on the remote client. I just filtered the list to see the connections originating from the local server initiating the RDP session. Notice that port 3389 is still blocked, despite all the rules I have enabled. Those rules are not just the auto-generated ones. They are also a result of me right clicking the blocked connection, and creating a rule straight from the blocked list.

    http://s15.postimg.org/fu6p8yq2j/Client_blocked.png

    Exhibit C: To be thorough, here's a list of blocked outbound connections from the local server, no filtering. The time stamps show that these two items were blocked after the RDP session was attempted, so I don't think they're relevant.

    http://s16.postimg.org/nxso2e5r9/server_outbound.png

    Hopefully this helps you understand my predicament. A side note, you also see ports 137, 5355 blocked, but I have similar rules allowing those ports.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Did you disable any core networking rules ? Try this. Make a backup of your rules and then restore Windows Firewall default set of rules. Make sure that you create these remote desktop rules and then try again with Medium Filtering profile.
    I think the following statement will answer your question: "WFC doesn't do any packet filtering".
     
    Last edited: May 21, 2015
  10. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    any solution to this yet? i only have 3.35 MB hosts file but it works best when DNS is disabled.
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Do you experience the same delay when using your hosts file ? Please send your hosts file to support@binisoft.org and I will make some tests. That post is almost one year old and I never received a large hosts file, so I thought that the problem is not a problem anymore because I didn't receive any more feedback regarding this matter.
     
  12. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    no, i'm still on WinXP but i'm going to migrate over to Win7 soon and was hoping to try your program. as mentioned earlier in the thread there is a free program called HostsMan by Abelhadigital that downloads free hosts files and would be better than my sending hosts file to you.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    I'm sorry, but I'm not exactly an expert when it comes to firewalls, so could you explain a bit more?
     
  14. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    lol... you are mistaking WFC for W7F, and to an extent, W7FwAS. What you should be doing is asking Microsoft if W7F can protect against "low-level network access", not WFC. WFC is not the firewall, W7F is.

    I am pretty sure you won't get far since they are barring up over W10, hence your best bet is to frequent your usual nerd forums and ask a Windows Guru.
     
  15. tralston

    tralston Registered Member

    Joined:
    May 18, 2015
    Posts:
    4
    I followed your directions to a tee. I backed up my rules, then restored Windows Firewall default set of rules (it erased all mine but not the backup file). I then set the filter to Medium, and typed this on the local server "telnet 192.168.1.106 3389". No connection. I went to the remote client, and looked at the blocked connections log. I found several port 3389 attempts blocked. I right clicked one, and customized it to allow for any remote port, local port 3389, and the same remote and local ip address. I selected Allow, and Inbound was selected too.

    I ran the telnet command again on the local server, but the connection wouldn't go through. I checked on the remote client again for blocked connections, and there they were, port 3389 blocked just as if I hadn't allowed any rules for it.
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    What other security software do you use on this machine ? Avast, Avira, KAV, etc ? From your description (allow rules exist, but the connections are still blocked) it seems that Windows Firewall does not work correctly. This usually happens when a software proxy is used for filtering purposes. In this case the filtering is done at software proxy level, not at Windows Firewall level, making Windows Firewall rules useless.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    Yes, now that I think of it, this is more of a HIPS than a firewall feature. But I didn't understand alexandrud's response, I don't see how this has got anything to do with packet filtering?
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    The answer is no. WFC can't provide the functionality that you were talking about, because WFC does not inspect any data packet and does not use any filtering driver. It can't prevent something that is outside of WFC purpose.
     
  19. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Windows Firewall Control v.4.5.0.0 - New version

    What's new:
    - New: Added a new button in the Rules Panel for columns configuration. When this button is clicked, it opens the same context menu as the right menu click from the data grid header.
    - New: Added alternative ways to specify the color of the user interface in the Options tab, by using RGB values or by specifying the hex color.
    - New: Invalid rules are automatically detected When opening the Rules Panel. They are displayed with red color and have a specific tooltip. Also, the color for temporary rules was changed to blue.
    - New: Added a new warning message before opening for editing an inbound rule with EdgeTraversal set to 'Defer to user'. Editing of this kind of rule is not fully supported.
    - New: Added the possibility to import, export or reset user settings. The new options were added under the Options tab in Main Panel.
    - Improved: The text from several text boxes from Main Panel will be automatically selected when the controls will be focused to make it easier to quick update them.
    - Improved: The URL services were moved from the Options tab to the Tools tab.
    - Fixed: The default advanced notification settings are not the same when you make a clean installation and when you reset them to the default values.

    New translation strings
    045 = Modifying a rule with EdgeTraversal set to 'Defer to user' is not fully supported and the changes may not apply. Please refresh the rules list after changing this rule and check if the changes were saved. Are you sure you want to continue?
    324 = Import, export or restore the user settings
    325 = Import the user settings from file
    326 = Export the user settings to a file
    327 = Reset all settings to the default values
    328 = User settings were successfully exported to
    329 = After confirming this action, the program will restart in order to reload all the settings. Are you sure you want to continue?
    510 = Specify below the URL services used for various online verifications
    511 = URL to check an IP address reputation
    512 = URL to check a file based on the SHA256 hash of the file
    513 = URL to start a WHOIS query
    514 = URL to read more about a specific port
    729 = Columns configuration
    936 = Invalid rule. The program path for which this rule is defined does not exist on the disk.

    Changed translation strings
    314 = Hex Color
    718 = Show invalid rules
    Removed translation strings
    315, 316, 317, 318


    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 84e8ebb0c0badf9ac3a3c036c83161eefc567086

    Have a great weekend,
    Alexandru

    Please share your feedback regarding the new features. It there are still problems, they will be fixed in the next version. Also, new features can be proposed.
    Thank you for your support.
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,031
    Location:
    Mexico
    @alexandrud
    Many thanks! Stupendous outstanding job!
    To install it, do we have to directly update or uninstall previous version?
     
  21. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    You're kidding, right?

    It makes sense that packet filtering is mentioned. Your link from Outpost mentions WinPCap, which is a driver that sits on kernel level. Its sole purpose its to provide an Application Programming Interface for capturing network traffic. Your "low level network" intrusion approach seems to be out of reach for W7F. You're better off using Outpost as your link suggests, or be a Comodo Boy.

    EDIT: I wonder how a VPN would interfere with what the Outpost link suggests...
     
  22. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    Last edited: May 30, 2015
  23. Rubert

    Rubert Registered Member

    Joined:
    Dec 19, 2012
    Posts:
    6
    Location:
    France
    I just updated to version 4.5.0.0 using the update facility in the program. The setup file (wfc4setup.exe) was downloaded into my User/AppData/Local/Temp folder and Malwarebytes promptly identified it as a Trojan.MSIL.Dropper. Anyone else had this experience?
     
  24. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,031
    Location:
    Mexico
    @Rubert
    I don't use any A/V app but so sure I am it is a false positive, even by probabilities: ~ Removed VirusTotal Results as per Policy ~
     
    Last edited by a moderator: May 31, 2015
  25. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    Yes I have. Malwarebytes identified this during a scheduled scan. It is probably a false positive. I just allowed malwarebytes to quarantine the file then deleted it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.