Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    It doesn't use the Windows firewall... it acts as another firewall by using its own block/allow lists. If PB blocks a webpage, when you look at WFC Connections Log, it will show that the browser was blocked. If PB blocks a tracker or a node in the torrent swarm, WFC Connections Log will show a corresponding block for uTorrent. The only time PB appears in WFC Connections Log is if its own connections when trying to update get blocked.

    In regards to WFC, any chance the FAQ on Binisoft site could include a section to explain the "Policy" feature?
     
  2. Kerrison

    Kerrison Registered Member

    Joined:
    Jul 14, 2015
    Posts:
    9
    I don't see blocked packets from Peerblock in the windows security event log, I see blocked packets from my bittorrent client, even though that client is explicitly allowed in the windows firewall (and WFC) configs. My thought was that Peerblock blocked those connections, not WFC/windows firewall, and sent events to the windows event log, which tricked me into thinking WFC/windows firewall was blocking them. Are you saying that I was wrong?

    In that case, I'm back to square one!
     
  3. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    If I remember correctly, maybe I explained it incorrectly the first time. If I did, I apologise...

    WFC will only show PeerBlock entries if PeerBlock has issues updating its filter lists.

    WFC will show all blocked connections from the point of view of the application that cannot make the connection; eg: a browser, torrent client.
    In regards to a browser, the actual blocking could occur in an ad-blocker like AdBlock Plus or uBlock Origin (I didn't mention AdGuard since it acts differently), but WFC will show Browser in its log. In regards to a torrent client, the actual blocking could occur in PeerBlock, but WFC will show Torrent Client in its log.

    You don't block UDP packets with uTorrent, you either remove the udp trackers from the torrent file before starting the torrent, or you make changes to advanced settings to switch off UDP support. Tixati handles this better, it has a drop down box listing TCP, UDP or TCP/UDP for download protocol preference and it also has a tracker section that can remove any trackers that have "UDP" in them. I know there is a way to shush UDP in uTorrent (haven't used uTorrent in a long time), but it isn't a one click solution.
     
  4. Kerrison

    Kerrison Registered Member

    Joined:
    Jul 14, 2015
    Posts:
    9
    Wait, what? In-browser adblockers like uBlock Origin don't work at the network level. They certainly wouldn't show up in the windows security event log.

    I don't block anything in the torrent client; Peerblock does that. And yes, the windows security event shows packets from the bittorrent client being blocked, even if Peerblock is the one initiating it. That's what I thought was happening.
     
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,032
    Location:
    Romania
    Yes, I can move the delete below.
    Read below a topic related to blocking explorer.exe:
    https://www.wilderssecurity.com/threads/explorer-exe.334197/
    Personally, I block it.
    I do not use DNSCrypt or Unbound so I am not familiar with the results of using them in conjunction with Windows Firewall + WFC.
    What do you mean by a huge blocked list under 'connections lock' ? The entries from Connections Log in WFC are retrieved from the Security log of your system. How many entries do you see ? How does the crash look like ? Have you checked the WFC log ?
    WFC does not block or allow anything. Did you create an inbound rule to allow listening on port 53 ?
    All dropped packets that are blocked through Windows Filtering Platform (WFP) are logged in the Security Log. If Peerblock blocks a connection (a packet will be dropped) and logged in the Security Log. In that log, the program that is blocked is recorded, not the program that generates the blocking. It works correctly and what you see in Connections Log is correct while you use a program like PeerBlock.
     
  6. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    Re: explorer.exe

    On OS's above Windows 8, explorer.exe is used by Windows Smartscreen.
    So by blocking it you'd best disable Smartscreen as well.
     
  7. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss

    You can set whatever you want for port 53 if you disabled the internal dns caching system and use the unbound one, the log will explode anyway and it hard-crashes which means it try's to open the connection log windows and 1 sec. later the entire 'system' crashes, even the service from wfc itself. There is no log because it can't create one if it crashes. Unbound is just another caching system like dnsmasq for Android and so. So the Firewall and the entire point will be useless if you not use the MS windows own caching system. Since this suffers from huge problems and security complications I switched to unbound.

    I think there are around 3000 entries or so (unbound.exe), but you should know more, that buffer do you gave WFC or will the buffer from Windows Event log be used for this? I already increased it to the maximum and it still crashes.

    This is a very major and critical flaw we are talking about, as I said I know it was designed and tested only with windows own caching system but I don't get it why we should not use a better system with dnssec validation. In meantime I switched to Windows 10 Firewall which allows to disable logging to specific apps which now works quite good.
     
  8. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    185
    For what it's worth I use Unbound with DNSCrypt and have the internal DNS Client Service disabled, all seems to be working well. However, I don't have the registered version of WFC, so no notifications but I don't really need those...
     
  9. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    It isn't about that the products stops working, it's about that DNS port gets spammed, it crashes and you will see wrong results which is a major problem since Event viewer + DNSClient had a problem's with it. So it's not mentioned (besides you need DNSClient enabled) but the question is if it's possible to fix it AND to mentioned it how. I mean not that many secure DNS client exists for Windows and unbound almost works the same as on Linux (config).

    The notification isn't that problem, you will see for each app an separate UDP popup (also sometimes takes some time) but it's a shame hat the entire firewall crashes (for no reasons?). Maybe the buffer is to low to handle it, because you will get a lot of 53 port blocked and each time a new connection is made a new Unbound.exe log entry.

    So no offensive from me, and I not complain but the windows own firewall can handle it without any crash so why not WFC, or just give them an Unbound.exe detection and the possibility (within the gui) to not log anything, (btw for what log port 53, if there is no 53 the app will never work anyway).
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,032
    Location:
    Romania
    Bug 1. I fixed it. The problem was the rule AllJoyn Router (TCP-Out) which was defined for a specific service. When matching the existing rules, WFC would not check the service name and for this reason this was considered a matching rule. The result was that the notification was skipped because it considered that rule a matching rule.

    Bug 2. If I disable the rule File and Printer Sharing (Echo Request - ICMPv6-Out) the notification is displayed even if the test rule is defined for All programs or just for System. Check all of the ICMPv6 outbound enabled rules. The notifications system doesn't take into consideration the ICMP type of a rule, so maybe another rule is matched and then the notification is skipped.
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,032
    Location:
    Romania
    Windows Firewall Control v.4.5.4.5

    What's new:
    - Added: A confirmation dialog was added in Manage Rules when deleting a rule to avoid accidental deletion of the rules.
    - Removed: The detection of insertion of USB drives was removed due to the errors that may appear on some systems in Windows Reliability Monitor related to wfcs.exe.
    - Improved: The Delete button was moved at the end of the list in Manage Rules to avoid pressing it instead of the Disable button.
    - Fixed: Notifications for Windows Update are not displayed in Windows 10. The notifications system was updated to not match anymore the rules defined for a specific Windows service.
    - Fixed: The validations for the Program from Properties dialog were updated to handle extra empty spaces that may be inserted in the path of a file.
    - Fixed: The application fails to start if the system tray icon has a tooltip larger than 64 characters. This may happen if the translation file contains large strings which may be used for the system tray icon tooltip.

    New translation strings:

    046 = Are you sure you want to delete these rules?

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: ca7d06fc6abaf36dd5b48e03c69b950496082717

    Have a great week,
    Alexandru

    Thank you for your feedback. If I missed something, just remind me and I will fix/implement it.

    EDIT: Unfortunately I have uploaded the wrong version 4.5.4.4 which had a missing condition and which generated duplicate notifications for blocked programs. So I had to reupload a patch version which is now 4.5.4.5.
     
    Last edited: Oct 28, 2015
  12. Broadway

    Broadway Registered Member

    Joined:
    Aug 16, 2011
    Posts:
    211
    Hi Alexandru,

    I am afraid the automatic updater does not work. It does not download the file.
    And your above "Download location" - link gives a 404-Page not found error.

    Cheers
    Broadway
     
  13. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    It was OK at 18:30 yesterday but I just checked & got the same 404...
     
  14. Piterplus

    Piterplus Registered Member

    Joined:
    Apr 23, 2015
    Posts:
    3
    Softpedia Secure Download (US) and MajorGeeks downloads still works.
     
  15. Mrerex

    Mrerex Registered Member

    Joined:
    Mar 28, 2015
    Posts:
    8
  16. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    584
    Location:
    US
    Alexandrud, thank God you fixed WFC in a timely manner. Has to shut down my Internet connection because of all the repeated alerts. Back to normal now with 4.5.4.5.

    Robert
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,032
    Location:
    Romania
    Try to disable temporarily your antivirus or to add WFC to the exceptions list of it.
    Have you tried to manually uninstall and make a new fresh install ?
    http://www.binisoft.org/faq2.php#installation
    Do you still have the same problem ?
    You could disable only the notifications, not the entire Internet connection. :)
     
  18. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    584
    Location:
    US
    Yeah, had to disable UAC/Smart Screen Filter too. Not a problem as just had to re enable it.
    Forgot about just disable notifications but was going to sleep anyway and I knew you would fix it by the time I got up!:)

    Thanks,
    Robert

    Win 8.1 x64
     
  19. Mrerex

    Mrerex Registered Member

    Joined:
    Mar 28, 2015
    Posts:
    8
    It works now. Thanks!
     
  20. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    548
    Location:
    Switzerland
    Thanks! I'll make a retest and report the result (soon) ...
    EDIT: Yup, it works now!

    I'll check this ...
    No, unfortunately I am right. Alexandru, please repeat exact my steps, because it's the Default Teredo-Rule which must be deactivated. As alternative, you can also deactivate ALL ICMPv6 rules - makes no difference.

    Then without my rule above, of course the notification will appear. WITH my allow rule above AND Program = System it does NOT work. If Program = All it works! But that's not the point. The point is with Program = System. Also make exact the same rule as above.

    It's always reproducable, even with a clean W10 installation - WITH MY STEPS!

    It's not a big big thing, even because the Teredo rule is activated per default anyway. Nevertheless, as soon as a user does deactivate the default Teredo rule (in fact this rule is a allow rule for echo with ICMPv6 for all) and create more detailed echo rule(s) WITH Program = System - he has a problem!

    If you can't fix it, it should be in the FAQs.

    BTW: also the fact, that after change the ICMP-Protocol from ICMPv4 to v6 or vice versa and the effect that then the ICMP-Type is automatically set to ANY, should be in the FAQs ...

    Maybe not much people need those things, but IF - it can be VERY time expensive to find out ...

    Thank you!
    Alpengreis

    Thanks for new v4.5.4.5 - translation is sent ...
     
    Last edited: Oct 29, 2015
  21. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    394
    Location:
    router
    is it possible improve ram usage of program?
    2015-10-31 01 24 18.png
    and when i select multiple rule to block it take more than 10 second to applly and it have long lag
     
    Last edited: Oct 30, 2015
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,902
    Location:
    Mexico
    Odd, task manager shows ~9MB for wfcs.exe and ~9MB for wfc.exe
     
  23. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    394
    Location:
    router
    thank you for replay
    now wfcs.exe go to around 70 to 72mb with closed window
    here ram usage for wfc.exe
    2.png
     
  24. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    394
    Location:
    router
    OK i see that something wrong
    here screen shot from windows task manager
    3.png

    but ProcessHacker still show above ram usage
     
  25. Allen L.

    Allen L. Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    335
    Location:
    -Close-
    I reverted back to V.4542 on Windows 7 Pro. It is smooth. Personally Windows 10 is going to give everyone issues so it appears.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.