Discussion in 'other firewalls' started by alexandrud, May 20, 2013.
1) I will fix this.
2) I will think about a solution.
Oh MAN ! #2 is a GREAT idea !
Do you know which are the paths/registry items that have to be excluded? Shadow Defender has the option to exclude registry keys etc.
WFC global settings
WFC user settings
HKCU\Software\BiniSoft.org\Windows Firewall Control
Windows Firewall rules
@alexandrud - Any plans on digitally signing Windows Firewall Control? Just curious.
This has been discussed in the past, maybe a couple of years ago or so. There was an attempt by the developer to digitally sign the exe, but getting the cert was a frustrating experience at the time.
I was all for it at the time, but now I kind of satisfied with checking the exe hash posted on a different site (this site) from the code distribution site.
Another point to consider is that if the developer signs the setup distribution, for proper overall security the program would still need to check the core exe sig during the auto update process. Since implementing this is not a trivial matter for a one-man operation, I wonder if the developer has the time and inclination to do that.
Ok, thanks for clearing that up.
Alexandrud should save that for down the road when he has enough of a customer base that would be willing to pay for a Pro/Premium release.
Heck, the Windows FW in Windows 10 is a good firewall but not so easy for the fw enthusiast to drive. But with Alexandrud's WFC it makes it easy to manage the fw personally. And face it - we're all here because we like to drive our firewalls for ourselves.
I used to hang out and spend hours at Steve Gibson's newsgroups at grc.com in my early firewalling days.
Thanks i'll take a look - i didn't think that site was still active
lol I KNOW right! Steve Gibson's web site looks like it hasn't been updated in 15 years. HIs main focus now is his video shows. But the forum is still alive. Lots of good people still there.
Suggestion: "Lock WFC after time X" (optional)
Alexandru, I know that we had long time ago a discussion about this theme ...
But since then you have implemented a more secure password solution IIRC. So I would like to know, what is your opinion NOW about the following suggestion:
We could have an OPTIONAL setting to set an already saved password after time X or in other words a "Lock WFC after time X" - similar to the filtering profile solution.
The reason is easy: IF someone set a password he will probably leave the WFC (GUI) locked so much as possible. With the present solution, he has unfortunately always to do this manually (and perhaps he forgets it even).
It would be really make sense to have this option. But of course - it's not the highest priority and also not the most important thing. Maybe you could just add this to your todo list?
Suggestion: "Autorized Groups Sorting" (as option?)
Could you add a "natural alphabetic sorting" for the Authorized Groups (as option)? Would be useful for users with many groups.
It would be not necessary to integrate the fix groups too, it would be enough to sort the names from this key:
Personally, I had copied these names to a CSV file, sorted it with an external program and reintegrate then back to the key, but it's more a workaround than a solution ...
Have a great week!
PS: EDIT1 to add a new suggestion (Sorting) ...
PPS: EDIT2 to add new details in Sorting suggestion ...
Regarding the auto lock, it is not as easy as it sounds. I will think about it.
The second one is already implemented.
Windows Firewall Control v.188.8.131.52
- New: Added a new button in the View section to launch Connections Log from Rules Panel and vice versa. The keyboard shortcut Ctrl+Tab can be used to switch between these two windows too. If one is closed, Ctrl+Tab will launch the other one.
- Improved: The list of custom authorized groups from the Security tab is now sorted alphabetically on saving. Unsorted inserted entries will be sorted on the next reopening of the Main Panel.
- Fixed: Connections Log can be launched from the defined hotkey even if the program is locked with a password.
- Fixed: Clear Log confirmation dialog appears in the center of the Rules Panel window instead of the Connections Log window.
Download location: http://binisoft.org/download/wfc4setup.exe
This are very good news, thank you, Alexandru!
1) Unfortunately, there is still a bug with the Connections Log window as follow:
If the Connections Log window is already open it will not be closed after locking WFC. BTW: no problem with Rule Manager window.
2) After update the WFC version from 184.108.40.206 to 220.127.116.11, the Filtering Level switched AUTOMATICALLY from Low to High WITHOUT change the TRAY ICON (was green for medium (because activated timer probably). Never had this till now.
3) In the Connections Log window, the Recently Blocked connections were EMPTY (highly probably not correct). I could display the Recentrly Allowed, but not the Recently Blocked entries. After switch the filtering profile from High (see point 2) to Low or Medium (not sure), I believe the Recently Blocked entries were okay again - for sure after restart WFC.
1. Already fixed. The next version will include it.
2. If the revert profile is enabled, the profile gets reverted when the timer expires or when wfc.exe is started (after an update). Because the elapsed time is not saved anywhere, it is safer to revert the profile always at WFC start-up. This is the correct behavior.
3. All allowed or blocked connections are saved into the Security log of the system. Due to the limited size of the log, newest entries will override the older entries. For example, on my system I left Low Filtering profile activated in the past few hours and the Security got filled only with allowed connections entries only. After I enabled Medium Filtering again I started to see blocked records too in the Connections Log. It may be possible to be your scenario too ?
Before I had never enabled this option while WFC update (IIRC) (at least not on this PC installation) - but this time I had! Then all is good here, thank you.
This would be possible, indeed! I will have an eye to this, but at least for the moment, I would say, it was highly probably exactly this behaviour. Seems normal then. Thank you for explaining.
Guys I know that the problem I'm going to present has already been discussed but I'm not sure if there's any solution for it that's why I dare ask you
The problem concerns that black exclamation mark on tray just after OS boots and is ready for work. I can see _wfcs service is running. Moreover I can kill wfc.exe and run it again which simply solves the problem - the icon becomes green as it should. Anyway that seems to be a short-term solution and is not very comfortable. Are there any other suggestions for this?
The problem occured overnight. Even if I turn off my other security tools such as AppGuard and Zemana AntiMalware it still happens. OS: Windows 7 x64, WFC: 18.104.22.168.
Windows Firewall Control has two parts. A GUI part which is wfc.exe and which runs as a system tray icon in the system tray area and a Windows service which is wfcs.exe. These both files can be found in the installation folder of the program, usually C:\Program Files\ Windows Firewall Control.
1. If the system tray icon has a black icon with an exclamation mark on it it means that it can't connect to WFC service. There can be multiple causes:
A) The service did not start. Execute services.msc and check the status of Windows Firewall Control service. The Startup Type should be Automatic and the Status should be Running.
However, for unknown reason, even if the service is set to Automatic startup type, sometimes the service is not started automatically by the operating system. It happens randomly on our systems with SQL Server service. If you manually start the service and the status is now Running then in a few seconds, the WFC system tray icon should display the icon of the current profile. Now the GUI part could connect to the service and it should work. If the status is not Running, see below.
B) The service did not start because it encountered an error during the startup. In this case it should be an error logged about this in the event log. Please go to Event Viewer (execute eventwr.msc). Under Applications and Service logs category, there is a subcategory named WFC. Here are logged all errors from Windows Firewall Control. If you see errors logged here, from the right panel, use the button named Save all events as... to export an *.evtx file and send it to firstname.lastname@example.org. Also in Event Viewer, under Windows Logs category, there is a subcategory named Application. Here are logged all errors from all programs. Check in this log if there are error entries regarding the files wfc.exe or wfcs.exe. If so, export an *.evtx file of this log too and send this one too. We can find here a .NET Framework problem. If the logs are clean and no error is logged, see below.
C) A different security software, usually an antivirus, detects a false positive and flags wfcs.exe as malware. This action will block the execution of the wfcs.exe or wfc.exe. It is recommended in this situation to disable temporarily all 3rd party security software to see which one detects WFC as malware. Check the blacklisted processes from these security programs or even try to add wfc.exe and wfcs.exe in the white list of these programs. It happened before with Symantec, Kaspersky, 360 Security. After they have released an updated virus definitions file, their products have detected WFC as a false positive and blocked the execution of it. We had to contact their support and they fixed the false positive detection in their next virus definitions update.
2. The system tray icon displays the profile but the context menu does not open. Check the logs from the B). If there is no error, then see the C) from the previous answer. This behavior is usually generated by an antivirus which blocks WFC.
Try to execute wfc -mp to launch Main Panel, wfc -rp to launch Rules Panel, wfc -cp to launch Connections Log.
This is an alternative to launch these panels without the system tray icon. These shortcuts work even if the process wfc.exe is closed. If these shortcuts work, then it may be a problem with the system tray icon. If they don't work, probably WFC is blocked by an antivirus which prevents WFC from being executed.
3. Have you tried to uninstall WFC and reinstall it again ? Use the steps described below to manually uninstall WFC:
4. Do you have the same problem on another computer or in a virtual machine ?
Alexandrud, it looks like we have another (1 D) scenario then. I mean I do get black icon with an exclamation mark as mentioned but I'm pretty sure WFC service is running. Have a look - http://s19.postimg.org/v6ewzmo1f/screenshot_4.png . When I terminate that black icon and re-open Windows Firewall Control from my desktop it opens as green - that seems to indicate that only GUI on tray is not working correctly. On the other hand events log shows that there is a problem with WFC service - don't get it. I will send you my events log as you suggested above.
---=== EDIT ===---
I did some experiment. I removed Windows Firewall Control shortcut form autostart and reboot my OS. I waited some more 10 seconds and manually opened WFC shortcat from my desktop and it has run corretly - mean green icon instead of black one. It seems that if WFC GUI starts later on it runs correctly, otherwise black exclamation mark occurs - that's odd
You could try to set the service to "Start DELAYED" ...
Alpengreis, thank you for your response. Unfortunately this didn't work as well. It seems that not the WFC service should be delayed but WFC process (GUI) in my case.
Indeed, there seems to be a problem with wfc.exe retry mechanism which reconnects to the service if the first connection attempt did not succeded (service not ready yet). This does not work in all cases. I will publish a new version soon. Thank you for your support.
I'm glad your'e going to deal with this issue Thank you!
On another note - do you happen to know why do I get this http://s19.postimg.org/alnknt6b7/screenshot_4.png when trying to check for WFC updates?
Separate names with a comma.