Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    @hjlbx - OH... you were referring to cmd.exe
    Sorry dude, your post mentioned "All Programs".
    Creating a block in and out rule for cmd.exe is just like any other rule... just make sure Protocol is set to "Any"... refer to screenshot.
    cmd.jpg
     
  2. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    I can't give you an answer, because it's a individual user decision. However: COULD be a possibility, yes.

    However: if you decide to go with:

    - you should know, where you can check the automatically deleted rules!
    - you should be able to understand the connections log!
    - you have to create ALL rules manually and you should really know, what is to do! Also you will probably create new rules restricted too (as most as possible) and not "Allow a program for Any location for Any IP"!
    - you should know how you must create and managing/maintaining the rules for your individual "Core Networking" setting. Probably you will also create ICMP rules - then you should be able to create such direct within Windows Firewall (NOT in WFC (see my posting above about this)). It's even related to your personal situation for your essential connection setting for LAN/WLAN, maybe VPN, area(s), your sharings (if you have) etc. etc. this can be lot of work without the default setting to reach your personal "Core Networking" rules. And attention: you have a good chance to open your "Core Networking" outbound connections too much, if you not exactly know, what is to do!
    - maybe I forgot other important things ...


    For most users I would recommend the following way to have a good solution:

    - use the default rules (Windows default OR WFC recommended) as start. The standard rule setting should be not a bad setting/start (at least not in much cases for "normal" users (others should know what is to do)).
    - if you are good enough for additional manually rule creating , you could activate the Secure Rules IF and only IF you can handle also the authorized groups - because, if after import a rule set or rules which are non-authorized rules will automatically deleted (if this has not changed since v4.6.1.0). If you do not enable the Secure Rules it's very recommended to check for new created rules IN- AND OUTBOUND in short periods.
    - set the WFC filtering level to medium and set a desired notification level and concentrate you to new notifications and make your decisions and check your rules in- and outbound for different things (invalid, new undesired rules, defined IPs (if you have) and all the rest.
    - optional: finetune (hardening) your setting (maybe inbound too) ev. with more restricting rules and/or disable really unnecessary rules and/or block potential dangerous in- and/or outgoing ports ... or whatever you needs.
    - maybe I forgot other important things ...


    Anyway: it's an user decision. WFC gives you just a very good instrument (GUI) for your Windows Firewall!
     
    Last edited: Feb 15, 2016
  3. hjlbx

    hjlbx Guest

    Thanks @Alpengreis
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,096
    Location:
    Romania
    WFC will launch the default browser for those checks. If your default browser is not IE, then your custom browser should be launched.
     
  5. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Thanks for the feedback. I will have to figure out what is blocking such behaviour.
     
  6. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    If you have the problem yet, the following old "trick" COULD help. Set another browser as default browser (not your favourite (desired)), maybe even IE - then switch back (again) to your favourite (set as default). COULD work now ...
     
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,096
    Location:
    Romania
    Windows Firewall Control v.4.6.2.2

    Change log:
    - Fixed: If all advanced notifications settings are unchecked the notifications are not displayed anymore.
    - Fixed: Context menu from Manage Rules window is missing if no rule is selected.
    - Fixed: The content of the uninstall dialog is showing outside of the displaying area if the content contains more lines than the default expected size.
    - New: Added a new button in the Security tab which allows the user to add all groups from the existing rules. This will not add Windows 10 specific groups that start with "@{".
    - Improved: When deleting an authorized group from the Security tab, the selection remains empty. Pressing the delete key does not work until the user manually selects a new item from the list. The next item is now automatically selected.
    - Reverted: The protocol used for a new rule created from the notification dialog will be ANY if the user does not customize the rule. (Tere are several ways of adding a new rule in WFC and to keep all of them similar I have reverted this change that I made in version 4.6.1.0)

    New translation strings:
    461 = Import group names from the current existing rules

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 84483b8e15c912b65b59f0957335255619984e18

    Have a nice weekend,
    Alexandru

    Regarding the Windows 10 rules that starts with {@. My recommendation is to delete all of them and add new rules only when they are required for the exact file path instead of the existing rules that come with Windows Firewall from Windows 10.

    Let's consider the example below related to the Weather application from Windows 10.
    1. The first rule was created from the notification dialog when I executed this program from the first time. I did not have any rules for the Weather program.
    2. The last two rules are added by default.

    upload_2016-2-18_22-50-14.png

    For the reasons explained above, I did not add the keyword "@" in the list of authorized groups.
     
  8. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Awesome! Liking the changes in this update, especially bringing back the uncustomized rules defaulting to allow all protocols. However, I think this could simply be made into an option to keep everyone happy.

    Bug Report:
    Speaking of update, I've been noticing a bug with the auto update dialog that appears after I log-in on my Surface Pro 2 (1600x900 screen resolution @ 100% scaling, taskbar autohides at top); it ALWAYS appears at the bottom right corner with the buttons off screen, like shown below, and there's no way of moving it via my mouse:
    WFC Displaying Auto-Update Dialog with Buttons Off Screen.png
    I've been managing it 'cause I have an application called WindowSpace installed and it allows moving of the selected window via user configured hotkeys. Please could you make the auto-update dialog appear at least 50 pixels higher from the bottom? That's precisely how deep the bottom border of the dialog is off screen (determined via WindowSpace).
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,096
    Location:
    Romania
    I never thought to test this with the taskbar hidden. It will be fixed in the next release.
     
  10. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    Can I add the "@" as a PLACEHOLDER (can't test right now in my config unfortunately). Because IF NOT, HOW can I activate Secure Rules and let Windows make such rules automatically? Note: such rules change very often, I will let Windows do it and NOT add such manually. Also such rules are EXTRA RULES wich cannot added within WFC.

    PS: Thank you very much for new update!
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,096
    Location:
    Romania
    Wildcard for '@' is not added on purpose. With the old Secure Rules implementation, when it was enabled, these rules starting with @ were also deleted. Windows 10 adds two new rules for each package, for inbound and outbound access. For outbound it makes sense because these programs want to retrieve some data from the Internet. Inbound rules doesn't look ok to me. Why these programs would need to be available from outside ?

    There is no need to add these rules manually. Instead of allowing Windows 10 adding rules for these packages, my recommendation is to remove them all from start. Then, if you enable the notifications, you will be prompted by the actual application (exe file) that wants to connect. You have better control of what you allow and when. So, instead of having tens of rules defined for different packages, you will create only the rules for the programs that you actually use when you use them.
     
  12. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    Ahem, yes - just forgot the NOTIFICATION, uhhhhhh, MY FAULT, SORRY! I had much stress, but this does not excuse a such stupid question!

    Have a nice weekend!
     
  13. lazer155

    lazer155 Registered Member

    Joined:
    Feb 20, 2016
    Posts:
    3
    I would like to block windows update on my computer. From what I've read it is the wuauserv service which is part of svchost. If I disable the windows firewall control rule that is called "WTC - windows update" will that be adequate to keep windows from updating? This is on a windows 8.1 computer. I'm not sure that it will block it because I found a couple articles that say svchost is part of windows hardened services which are services that do not obey the windows firewall and since windows firewall control is still reliant on windwos firewall, I am not sure wuauserv will actually follow the no outbound connections rule.
    http://windowsitpro.com/systems-management/understanding-windows-service-hardening
     
  14. lazer155

    lazer155 Registered Member

    Joined:
    Feb 20, 2016
    Posts:
    3
    I forgot to also mention that, alternatively, maybe I can just block outbound connections to the addresses mentioned here: https://technet.microsoft.com/en-us/library/bb693717.aspx
    Should I try to create some deny outbound connections for those addresses or is it better to just disable the allow rule in windows firewall control that I mentioned above (it looks like it just allows port 80 and 433 traffic and isn't specific to a program or service)
     
  15. hjlbx

    hjlbx Guest

    @alexandrud

    Does ping.exe use a raw socket on W8\10 ?
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,096
    Location:
    Romania
    The rule for svchost.exe specific for wuauserv service works only in Windows 7. Since Windows 8, svchost.exe needs full access for Windows Update to work. If you enable outbound filtering in Windows Firewall (equivalent of Medium Filtering in WFC), Windows Update will not work until an allow rule is added for svchost.exe. Disabling that rule in WFC will block Windows Update.
    Not really a WFC question, but check this answer. Apparently it doesn't.
     
  17. Krimatorij

    Krimatorij Registered Member

    Joined:
    Feb 22, 2016
    Posts:
    4
    Hello, I have a problem with installing WFC. At the end of installation a message appears "The installation didn't complete successfully... Could not subscribe to Windows Firewall Control Service!". The last version I managed to install is 4.0.9.4 but still can't turn on "Medium Filtering" only "High" or "No filtering" profiles are working.
    Win7 x64 SP1
     
  18. lazer155

    lazer155 Registered Member

    Joined:
    Feb 20, 2016
    Posts:
    3
    I'm having problems getting onenote to sync. I'm using the desktop onenote 2013 but it refuses to sync now. I think it's a firewall rule problem. I have the security level set to medium and have allowed onenote to make any connection that it wants. I set the notification level to high because I was trying to see if onenote would cause a notification that something was blocked but I don't get any notifications.
    http://postimg.org/image/s6jmbhlbb/
    http://postimg.org/image/5njyie68j/
    I right clicked the log of those 2 urls which seem related to onenote and selected allow instead of block for the action. However, those 2 addresses still keep appearing in the log when attempting to sync and when you right click them and do the change and create option, it's set back to block. I'm not sure my allow rule is actually working.
     
    Last edited: Feb 24, 2016
  19. Carjacker

    Carjacker Registered Member

    Joined:
    Feb 24, 2016
    Posts:
    1
    Location:
    USA
    Im on Windows 8.1 and since update to 4.6.2.2, the tray icon does not show after Windows boots to desktop. The service is running, but the GUI/tray does not show unless manually run. It does allo0w/block according to previous set rules but any new connections just get dropped/blocked with no notifications if not on the allowed list.
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,096
    Location:
    Romania
    - Check if Windows Firewall service is up and running.
    - What other security products do you use on this machine?
    - Have you tried to uninstall WFC and reinstall the latest version? Please follow the steps explained here to manually uninstall WFC.
    - When the profiles are changed from WFC, the program launches netsh command. Make sure that your security programs do not block netsh from being executed.
    - Can you install the latest WFC version on another machine or in a virtual machine?
    Your allow rule for svchost.exe is too restrictive. That rule should not have any local ports, local IP address or remote IP address. Try with an allow rule for svchost.exe that will allow all connections on remote ports 80,443. The other fields should not be specified.
    - When you start the computer, if you check in Task Manager, do you a process named wfc.exe running?
    - Have you tried to uninstall WFC and reinstall it again? Does this change anything?
    - Do you use any start-up manager?
    - In the Options tab, WFC is set to start with Windows?
     
    Last edited: Feb 25, 2016
  21. Krimatorij

    Krimatorij Registered Member

    Joined:
    Feb 22, 2016
    Posts:
    4
    - Windows Firewall service is up and running.
    - I have Microsoft Security Essentials and EMET 5.5.
    - Yes, I have already tried to uninstall WFC and install all versions since 4.0.9.6. But at the end of installation an error appears; uninstall info is not set in registry; WFC service is installed but not running, if launched manually - stoppes immediately. When launch wfc.exe directly - an icon with "!" sign appears in sys tray and no other options except "exit" are available.
    - Tried to uninstall EMET and turn of Microsoft Security Essentials but the problem still remains. In the last working version (4.0.9.4) can't turn on "Medium Filtering" only "High" or "No filtering" profiles are working, if something blocked "netsh" than none of the profiles worked..?
    - Tried to update wfc 4.5.4.5 to 4.6.2.2 on another PC (win7 x64 sp1) but it also failed.
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,096
    Location:
    Romania
    From your description it seems that something on your computer prevents our installer either from writing to Windows Registry, either from installing correctly the service. Let's try to find out if there is an error that is logged:
    1. Please go to Event Viewer (execute eventwr.msc). Under Applications and Service logs category, there is a subcategory named WFC. There are logged all errors from Windows Firewall Control. If you see errors logged here after the installer crashes, from the right panel, use the button named Save all events as... to export an *.evtx file and send it to us to check it.
    2. Also in Event Viewer, under Windows Logs category, there is a subcategory named Application. Here are logged all errors from all programs. Check in this log if there are error entries regarding the files wfc.exe, wfcs.exe or wfc4setup.exe. If so, export an *.evtx file of this log too and send it to us to check it. We can find here a .NET Framework problem that is causing the problem that you have.
    3. Did you try on a computer without EMET installed ? If EMET is not correctly configured it may create all kind of problems.
    4. When the new WFC installer fails, please go to the installation folder and copy wfc.exe and wfcs.exe to a temporary folder. Then, install the version that you say that is working. Run services.msc and stop Windows Firewall Control service. From the temporary folder, copy the files wfc.exe and wfcs.exe manually in the installation folder by overwriting the files from the old installer. Then start the Windows Firewall Control service and launch the file wfc.exe. Does it work ? If not, check 1 and 2.

    Looking forward to your reply.
     
  23. Krimatorij

    Krimatorij Registered Member

    Joined:
    Feb 22, 2016
    Posts:
    4
    Tried to follow this variant but an error message appears "Could not start the Windows Firewall Control service on Local Computer. Error 1067: The process terminated unexpectedly."
     
  24. Krimatorij

    Krimatorij Registered Member

    Joined:
    Feb 22, 2016
    Posts:
    4
    Yes, I tried to install it on PC without EMET but have the same problem.
    Well, I sent an email, hope you'll manage to solve this problem.
     
  25. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    441
    Location:
    England
    Hello Alex,

    on a clean install of Win7 x64 I installed WFC and now I can not change the rules to the "Medium" profile....

    It instantly changes back automatically to the orange "Low" profile.

    I have an eventlog event ID 495 "Windows Firewall state was modified from outside of Windows Firewall Control"

    Resolved post #2207
     
    Last edited: Mar 1, 2016
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.