Windows Firewall Control (WFC) by BiniSoft.org

Indeed, the creation of new rules from the inbound items doesn't work. I will fix this in the next version.

This context menu is created by only using two small registry entries. To add a cascading menu item, like WinRAR does, I will have to create a separate dll file and register it to the shell. This means that it will be loaded all the time in memory. I will think about this in a future release. Right now, it is not something that can easily change. It requires a whole new implementation.

Regarding the temporary rules I have two new scenarios:

1. When the user presses on the "T" button, a new context menu will appear and the user can choose the time limit of a rule (5 minutes, 30 minutes, one hour). However, I don't know if this can be implemented like I have it in my mind. It is possible to not work.

2. I can add a menu item in the system tray icon named "Delete temporary" which will clear all temporary rules also on user request. They will be deleted anyway at program restart, but by pressing this menu item, they will be deleted automatically when the user wants.

Either way, one of these scenarios will be implemented in the next version.

 

Thank you Alexandrud for your willingness to try to accommodate the requests from the users of your product...I am sure we all appreciate that!

I would prefer option #1 if you mean I can choose how long for EVERY temp rule I create. Would prefer a shorter time frame option though like 30 seconds or less. Also, keep what it now does as an option.

#2 seems that ALL temp rules will be deleted and I am back to square one. Plus, no sense to me to have this rule as one can just exit WFC and restart it and that will delete the temp anyways...why make you go through the trouble of recoding.

Thanks for you understanding,
Robert

 

That would be for me clearly the better solution - would be great if that could be added!

Greetings,
SwissBIT

 

@alexandrud

Hi,

Here are the promised error reports (see attachments). Hopefully you can do something with it.

The Event ID was always 911 ...

Kind regards,
SwissBIT

 

This doesn't help too much. Please go to Event Viewer (run eventvwr.msc). Under "Applications and Service logs" category, there is a subcategory named WFC. There are logged all errors from WFC. When you are there, on the right panel is a button named "Save all events as...". Use this button to export an *.evtx file and send it to support@binisoft.org


Good news: After many hours of thinking and coding I finally managed to make the scenario 1 to work. The temporary rules can be defined for a predefined period and then they will be automatically deleted. I have added a few predefined presets. Check the screenshot below.

Question 1: What do you think about these presets ? Are they enough ? Keep in mind that this must be simple and effective, not to add 30 menu items from minute to minute.

Question 2: Should this be implemented for the temporarily block ? Or it doesn't make sense to block a program for 5 minutes and then delete the rule for it and ask again ?

 

Question 1: What do you think about these presets ? Are they enough ? Keep in mind that this must be simple and effective, not to add 30 menu items from minute to minute.
.
Well done! For me, I only need 1min or less. But, like you demonstrate, you give your PAID for users options.

Question 2: Should this be implemented for the temporarily block ? Or it doesn't make sense to block a program for 5 minutes and then delete the rule for it and ask again ?

I agree it does not make sense. Why temp block if one does not trust it in the first place IMO. Although ALWAYS error on the downside.

Glad I followed your software development/maturity through the years...

Mahalo,
Robert

P.S. Have not done this since Tiny Firewall (pre CA). Well that's not entirely true;configured Win7/8's firewall but it takes to much time an effort....WFC makes it much easier!!!

 

Dear Alexandrud,

Thank you for your response.

Best regards,

Mohamed

 

Hi Alexandru,

I got WFC errors in Event Viewer when I set a custom wav file for Notifications which stated "API will only play PCM files..."

Can you provide an API that will play wav files?

Also, it would be handy to have a [Test] button for the custom sound and an error that would pop up immediately if the file can't be played.

J

 

The wav file must be Microsoft compatible, like the ones that you can find in the C:\Windows\Media folder. From where, or how did you generate the wav file that you have tried ?

 

Windows Firewall Control v.4.0.1.0 - New release

What's new:
- New: A new context menu was added to the "T" allow button in the Notification dialog which allows the rule temporarily. Temporary rules support now auto deletion in 1 hour, 5 minutes or 1 minute.
- New: The notification sound will play when the user presses on the corresponding radio button. This is a preview of the sound. If you don't hear any sound when setting a custom notification wav file, it may be possible that the file to be incompatible or too short.
- Updated: In the notification dialog left click on the program icon copies the full path to the clipboard, right click copies the filename only, and the Open file location was moved back on the program name mouse click.
- Fixed: Create new automatic rule from "Recently Blocked" window does not work when the user chooses to create a rule from an inbound connection from the list.

Installation notes: Just use the updater to update to the new files. That's all.

Other notes:
The temporary rules will still be deleted by default at WFC restart. With the new feature, they will be also deleted automatically when they expire + 10 seconds. For example, if you create a rule for 1 minute, it will be deleted between the next 60-70 seconds, because a timer does the check on every 10 seconds. It depends when the method is called and when the rule has expired. To control when a rule will expire, check the description of it. It is pretty easy to understand. Just, make sure that you don't change the date format, otherwise it will not be deleted.

Download location: http://binisoft.org/download/wfc4setup.exe
SHA1: 00f4161b980c998426c11d53d427d0d6000a43f2

Thank you for your support and your feedback,
The developer

Please share your feedback about the new features. Have a nice weekend.

@JW Clements - I think this was the fastest feature request that was implemented. 44 minutes between your post and my post with the new release. I already had it prepared for the other features but after your post I just changed a bit the code and the new feature came out, like a wizard.

 

Nice update, many thanks

 

The new version was just the ticket, the sound now plays.

Thanks Alexandru,

(the sound is an alarm sounded when a submarine is about to submerge... can't miss hearing it, it's loud and long! You can hear it anywhere in the house )

J

 

Just tried again the following scenarios in Recently Blocked set to display inbound blocked connections.
1. Created a new general rule with the "Allow this program" option.
2. Created a new general rule with the "Block this program" option.
3. Created a new customized rule with the "Customize and allow..." option.

In all these scenarios, the rules were created correctly.

Have you tried with a different inbound connections ? The same result ? Are you able to create any rule from the Recently Blocked items ?

Anyone else, please, can you verify the scenarios described above ?

 

@alexandrud

Thanks for the new version!

Unfortunately, the temporal temporary rules do not work. Have tried it with 1 and 5 min - the rules remained.

Kind regards,
SwissBIT

PS: I have PMed the WFC events already ...

 

I can assure you that they get deleted. I have tested on 3 different computers. Windows 7 x86, 8 x86, 8 x64. Windows was in English. Is your operating system in a different language ? Localization problems were fixed a long time ago, so I don't think this to be the problem. Did you change the default Date/Time format of your computer ?

Try to create a temporary rule for 5 minutes for your browser. Watch a video on YouTube. When the rule will get deleted, the video will stop playing. Doesn't work this way for you ?

Regarding the log file, do you receive these errors often or they appear occasionally ? From the log file, there is nothing to worry about. Doesn't the program work as expected ? WFC is made to retry to restore itself to a working state even if it encounters some exceptions during the execution.

 

A new rules is being created but not obeyed :

Die Windows-Filterplattform hat eine Verbindung blockiert.

Anwendungsinformationen:
Prozess-ID: 800
Anwendungsname: \device\harddiskvolume3\windows\system32\svchost.exe

Netzwerkinformationen:
Richtung: %%14592
Quelladresse: 255.255.255.255
Quellanschluss: 67
Zieladresse: 0.0.0.0
Zielanschluss: 68
Protokoll: 0

Filterinformationen:
Laufzeit-ID des Filters: 266306
Ebenename: %%14610
Laufzeit-ID der Ebene: 44


even tough svchost.exe is being allowed to accept incoming connections
in Domain and Privat mode, not Public.

Greetings

 

No, they remain! On your 3 computers, yes I believe that - but on my system not ...

I had tested few times, not with browser but with another prog. (but that should be not relevant in this case) with 1 and 5 min., no chance, the rule remain!

My system language is english, but my date/time format is SWISS-GERMAN, which could be the reason ...

No, not often, rarely but I thought you should know ... The prog work as expected, yes! There is no evil, just annoying when it happens again.

Kind regards,
SwissBIT

PS: I have PMed you a ZIP with screenshots about my regional settings ...

 

@davidmaier

I have some tests done concerning this behavior. It seems just as if that no rule can be created for it. WFC has nothing to do with it anyway, but this is a "thing" the Windows firewall itself.

A special definition exists for the IP broadcast address 255.255.255.255. It is the broadcast address of the network or zero 0.0.0.0, which in Internet Protocol standards stands for this network, ie, the local network. Transmission to this address is limited by definition, did it in is never forwarded by the routers connecting the local network to other networks.

IP broadcasts are used by BOOTP and DHCP clients to find and send requests to their respectivement server.

Incidentally, it also uses nothing if an inbound rule is created, the unsolicted traffic passes (EDGE TRAVERSAL = ALLOWED), even then it does not work.

As already said, WFC is certainly not responsible, but the Windows Firewall.

You probably have, therefore, only the following two variants:

1) Stop on the device, where the broadcast is created (router?)

2) Accept that it's just so ...

Greeting,
SwissBIT

 

@davidmaier

FYI: For not so large event lists (because of the many blocked incommings), I have created the following "Custom Views" in the Event Viewer:

1) [WFP_Inbound-Conn-Blocked] ...

<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and Task="12810" and Keywords="0x8010000000000000"]] and *[EventData[Data[@Name='Direction']="%%14592"]]</Select>
</Query>
</QueryList>


2) [WFP_Inbound-Conn-Success] ...

<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and Task="12810" and Keywords="0x8020000000000000"]] and *[EventData[Data[@Name='Direction']="%%14592"]]</Select>
</Query>
</QueryList>


3) [WFP_Outbound-Conn-Blocked] ...

<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and Task="12810" and Keywords="0x8010000000000000"]] and *[EventData[Data[@Name='Direction']="%%14593"]]</Select>
</Query>
</QueryList>


4) [WFP_Outbound-Conn-Success] ...

<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and Task="12810" and Keywords="0x8020000000000000"]] and *[EventData[Data[@Name='Direction']="%%14593"]]</Select>
</Query>
</QueryList>

Should facilitate the Check and largely unnecessary sorting ...

Greeting,
SwissBIT

 

I really like this program. It works mostly fine. However, I've been having issues with certain game launcher, that puts patcher executable to random directory within temp folder. This executable needs access to internet or else it fails. Because new folder name is generated each time it's run it's been really hard to create a rule for it.

On one hand I could try to get IP range and create global rule to allow all programs to connect to this IP range, but I don't like to create such broad rules.

Is there any other way? Other third-party firewall solutions often offer to allow/block the connection just this once and continues working fine. But probably due to nature of Windows Firewall and its limitations, it cannot be done in WFC (I suspect Firewall blocks the attempt and then WFC reads the log and figure out something unknown has been blocked and AFTER that it offers to unblock, which in most cases is enough, you just connect again or restart the program, but in case of this launcher, it means the path to executable changes - thus making new rule obsolete).

Thank you for any suggestions.

EDIT: Solved. For my particular problem, leaving patcher open at error message, creating rule and clicking Restart for the process in Process Hacker was enough to make it work. Granted I'll have to do that every time there's a new patch but it's rather easy. It probably works because all launch parameters are included when I click restart process, as opposed to manually launching it from file manager.

 

Thanks Alexandru for the fast update with the context menu for temp rules. Works just fine.

Sorry another request. Can you make the 'Manage Rules' list so that one can move a rule and it remains there even if one closes then opens 'Manage Rules' window? Or allow users to alphabetize the rules and it sticks? If I close the 'Manage Rules' window it always reverts back to the latest rules first. So let's say you make it so I press the 'Name' and it is alphabetizes like now but when I close it and WFC alerts me and I make that rule then open 'Manage Rules' the first rule is the one I just made while ALL the rest are in alphabetical order.

I like things organized. Microsoft Office apps/whatever all next to each other. Malewarebytes the same...etc, etc, etc. Just like WFC rules are all next to each other.

If users want to see the most recent rule first like it is now can you make a 'Date' option to list by first or last just like 'Name'?

Thanks,
Robert

P.S. Boy the effort you put into this program. Just saw the 'Service' tab drop down arrow and whoa!

 

Alexandrud, that's ok. I am almost done. Just wanted the temp options.

Thanks,
Robert

 

Moving the rules in the data grid is not possible because Windows Firewall rules don't keep any index in their properties. To create such a functionality I will have to store the index from the list for every rule in a separate file, and when a new rule is added/moved/deleted, the index must change for all rules, etc. The synchronization of the rules will be horror. To have them sorted by name, after the Manage Rules window displays, just press on the Name column and you're done. The sorting is not saved on closing of the window because there is no way to display them back without any sorting. Right now, the last added gets in the top of the list.

 

Loving the recent updates Just out of curiosity, how does the Manage Rules Window display the rules in the order they were created without some indexing? I would expect the rules to be randomly sorted on every opening of the Manage Rules window if there wasn't any index of the rules, but that's not the case.

A little option (placed in the "Actions" sidebar section) to "Reset to Default View" (instead of having a date column) could be used to just re-run that process it goes through when opening the Manage Rules Window. If that is possible (which I believe it is), just adding another step to re-run the process it goes through when user clicks a column would enable saving the sorting on closing of the window.

This can be accomplished by using a new variable. Presuming it's called "numView", numView will take integer values 0 up to the number of columns WFC currently supports (12 at this moment). It would keep track of the last sorting order the user had, 0 being the default, 1 being by "Name", 2 being by "Group", etc. Depending on its value, when the user opens the Manage Rules window, WFC could take an additional step running the sorting process WFC goes through when the user clicks the corresponding column. So, if its value was 1, when the user opens the Manage Rules window, WFC goes through its current process of loading the rules list then it additionally runs the "Sort by Name" process. Anything wrong with that logic?