Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. minimalist13

    minimalist13 Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    15
    There were no relevant WFC events in the two event viewer locations given in the FAQ. Uninstalling and reinstalling did fix the problem, and it was not immediately repeatable. But it did break notifications as well.

    I am currently developing my base rules, just using DNS has appeal, but I prefer to have notification High and use blocking rules for the behaviors I don't like. This would be made easier by the following

    Enhancement request:

    On the connections page, mark the blocked packets not associated with a rule in a different color or some other way.

    Then you can connect and just hit block for now on all the notifications and then peruse the log later and see what they were.
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    It works with double click. I will fix the button and the menu item to work too. Thank you for reporting this.
    This is a good idea but this will make the loading of the entries even slower. I will think about it.
     
  3. J4NY4R

    J4NY4R Registered Member

    Joined:
    Jul 28, 2014
    Posts:
    16
    Location:
    Iran
    It sounds like there is a limitation for window size (Main Panel, Rules Panel, Connections Log) to be kept its customized size. If I change any one of the windows to full screen for example, it will be restored to default after reopening...
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    Do you maximize the window or do you enlarge it manually to fit the screen ? For the first case, the maximized state should be reloaded on the next reopening. It does on my computers. If you are in the second scenario, if the window is closed while at least one pixel of it is out of the screen, then, next time when it is open, it will have the default values.
     
  5. J4NY4R

    J4NY4R Registered Member

    Joined:
    Jul 28, 2014
    Posts:
    16
    Location:
    Iran
    Ahan... I was doing something like the second scenario and now I know why it would change back to the default. (Flower smiley for you)
     
  6. minimalist13

    minimalist13 Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    15
    You could add a checkbox option somewhere on the connections page. If others have suggested other intensive options for the connections page it could be a debug option encompassing other things as well.

    I love this program, just what I was looking for.

    Another suggestion which I didn't find searching but might have missed:

    In the secure mode(not sure of the exact terminology as I'm not at the computer testing WFC) that deletes rules not in the given list of groups, why not have it just disable the rules not in the given groups.
    Disadvantage: longer list of rules
    Advantage: can see who is mucking about with your firewall settings
     
  7. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    552
    Location:
    Switzerland
    I hade made already a suggestion to see those deleted rules in a "direct way". Maybe Alexandru will integrate such a function. Till now - and as workaround - you can detect such deleted rules in the WFC log with Event ID300.
     
  8. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    Thanks for the link.
    Unfortunately there are connectivity issues for me with newer when creating rules manually (valid custom allow rules for the exe-s are ignored while in medium filtering).But it s a non issue as older versions do the job i wanted.
    I will not use W10 to soon anyway, i prefer 8.1 over it (i never though i will say this though :) ) , so no real interest in newer.
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    I think here about a button named "Highlight items with rules" which will highlight the connections without a rule while the connections with a rule will remain unchanged. Or vice versa.
    I am thinking of a combo box in the Secure Rules description. The user will be able to set what to do with unauthorized rules: DELETE or DISABLE. The first option will remove the unauthorized rules like it works today, while the second option will disable them and set the group name to Unauthorized, which will be also a special group name which can not be deleted.

    Everyone, what do you think about these two feature enhancements ? Suggestions to improve them are welcomed.
     
  10. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    552
    Location:
    Switzerland
    +1

    +1 would be very good! You mean only the group name cannot be deleted - the rule itself can be deleted, right?
     
  11. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    Yes, the rules can be deleted. The special group names will be: Windows Firewall Control, Temporary Rules, Unauthorized Rules.
     
  12. J4NY4R

    J4NY4R Registered Member

    Joined:
    Jul 28, 2014
    Posts:
    16
    Location:
    Iran
    Those are really nice enhancements. I personally prefer to see button "highlight items withOUT rules" as there are already green and red colors in rules panel. Thanks for the ideas and thanks for the positive reaction by Alexandru.

    Is it possible to add a feature to prohibit notifications for a program that tries to connect somewhere out of its defined rule? For instance a context menu item "No notification". Now it's possible by defining a block rule with whole range of IPs minus allow IPs or by a trick and "Use disabled rules when searching for matching rules...". But it would be great to see that.
     
    Last edited: Mar 30, 2016
  13. minimalist13

    minimalist13 Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    15
    +1 from me of course. Highlight the packets without a rule, there ought to be less of them, and they are the ones of interest.

    +1

    As a side note, it is easy to delete rules in this case, sort by group name, and there will only be contiguous blocks to delete. In the unlikely case you're dealing with hundreds of rules, do the deletion from Windows Firewall rather than WFC and it takes no time.

    NITS:

    1) Add "Inbound/Outbound" as a choice in the rule creation dialog. Don't need it often, but nice to have. Given that choosing both directions as the default just brings up the outbound dialog, you must already have the code to do both from a single dialog - just put it in there. Then I would suggest removing both directions as a default option, but I realize that most likely someone already convinced you to put it in there. If you leave it in there and add this creation dialog option, users wouldn't be shocked when they request a default of both directions and the dialog comes up outbound.

    2) More of a question really. Why autostart in \ProgramData\Microsoft\Windows\StartMenu\Programs\Startup rather than the more usual HKLM\Software\Microsoft\Windows\CurrentVersion\Run?
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    Important Announcement

    I just moved the website to another web hosting company and Check for updates functionality will not work with Medium Filtering profile. The existing rule WFC - Windows Firewall Control Updater is still defined for the old website IP 50.87.146.202. The new website IP is 66.198.240.5. In the next release I will update this rule to match the new server. Until then, please manually update this rule with the new IP address or just allow all remote addresses.

    Thank you for your understanding.
    Alexandru

    Now, the website should work faster and better.
     
  15. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,088
    Location:
    USA
    I updated the rule and update checking is working fine, thanks! :thumb:
     
  16. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    552
    Location:
    Switzerland
    WFC german language - short info:

    DE-language is done and sent to the developer and should be ready on http://binisoft.org soon!
     
  17. hjlbx

    hjlbx Guest

    Capture23.PNG @alexandrud

    Kingsoft WPS still causes WFC to freeze and\or causes the creation of multiple rules because WPS messes with the prompts.

    I had to select Allow 5 times for wps.exe - and WFC created 5 identical wps.exe Allow rules.

    My system is a stock Windows 10 1511 build. There is nothing extraordinary about it.

    This issue has been reliably reproducible for the last 4 builds of WFC.
     
  18. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    I ended up disabling the WPS Windows Service, cancelling update checks via WPS Config Tool and disabling WPS entry in Scheduled Tasks. I then added outbound block rules for wpp.exe, et.exe, wps.exe, wpscenter.exe, wpsnotify.exe, updateself.exe and wpsupdate.exe, I only run WPS in SBIE, no prompts provided after I entered these files in Start/Run & Internet sections of WPS Sandbox. This setup works for me because I am not interested in Cloud stuff or Online Templates.

    No more prompts.
     
  19. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    99
    WFC 4.6.2.4 WFC gets stuck on high filtering even when automatically set to medium filtering after one minute. No matter if I put it to low filtering or medium filtering it will get stuck on high filtering and I have to reboot. I notice that when it goes to high filtering two files pop up in process explorer conhost & netsh.
     
  20. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    1. Not a fan of this change because the user will assume then that he can create a rule for both directions which is not possible in Windows Firewall. Inbound rules are one thing, outbound rules are another. I prefer to keep these things separately.
    2. The shortcut in ProgramData is accessible to all user accounts and is more customizable.
    Can't reproduce this behavior. As I already said, it works normally on my test computers (Windows 8, Windows 10). But when you have the allow rules (just one copy of them) then you still have problems with it ? I assume that you don't install WPS Office every day.
    High Filtering profile is achieved by creating two block rules for inbound and outbound connections that will block all connections for all programs. They are named High Filtering profile - Block inbound connections and High Filtering profile - Block outbound connections. When the profile is switched:
    1. netsh command line is used to set Windows firewall state
    2. WFC High Filtering rules are automatically removed by WFC.
    If the step 1 is blocked by a 3rd party security software, then it is possible that the second step to be skipped. There is no need to reboot your computer. Just remove those 2 block rules from WFwAS if WFC gets blocked.
     
  21. guest

    guest Guest

    Last edited by a moderator: Apr 3, 2016
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    The first thing already works. If you restart WFC then it will revert the profile that you set in there. The mechanism uses a timer for this. If you close the program and start it again, then the timer is elapsed already and will revert automatically the profile.
    The road map for WFC is not public. However, many features are implemented after suggestions received in this forum.
     
  23. guest

    guest Guest

    But if I remember well the timer is 30 and 60 mins or 15 and 30. What happens after 30 mins if I don't want to automatically change the start until restart, it will change anyway.
    And If I disable the fw after the restart will continue disable.
     
  24. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    552
    Location:
    Switzerland
    Good point - we should have an option to set this, yes!
     
  25. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,066
    Location:
    Romania
    The timer can be set from 1 minute up to 60 minutes. If WFC gets restarted, then the profile is switched back to the defined revert profile (Medium or High) at WFC start-up. If you switch again the profile, then the timer starts again and so on.

    Let's take your example and let's say you normally use Medium Filtering profile and you set the timer to 5 minutes. Then you set No Filtering profile and restart WFC. Medium Filtering profile will be set back at WFC start-up. If you set again No Filtering profile, then, after 5 minutes the profile will be reverted to Medium Filtering profile.

    If you don't want to actually revert the profile after the timer elapses then do not enable this feature. I will not add another option to this one. The purpose of this feature was to revert the profile in case the user temporarily disables outbound filtering so that he can install new software without creating new rules for the installers. Allowing the user to set "until restart" will defeat the scope of it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.