Windows Firewall Control (WFC) by BiniSoft.org

Thank you.
And, for my usecase, it is working GREAT.

 

Hi all,
I've got one question with regards to the experimental feature of automatically creating allow rules:
It works great, am using it since a few versions.
But HOW to export and re-import those rules?
Background: For one of the last versions, don't quite remember which one it was, I had to fully uninstall and reinstall WFC (it said we have to).
Even with selecting to not remove user-settings, these settings were removed... Hence I'm looking for a solution to keep these configured entries. Actually this feature is VERY important as Windows11 has so many microsoft apps in Paths which contain versions and therefore change very very often (and therefore popup as new rules very often).

Thanks!

 

What if you perform two actions from the main program window?
Options —> Export user settings to a file
Rules —> Export Windows Firewall rules to a file
And after clean installation delete all rules and execute Import twice?

 

Sry for the late answer!

Before i do your way i found a culprit: If i enable the High Filtering profile there are IP ranges included (the 10 subnet is my LAN). In your not!??
https://i.imgur.com/9lYKHJs.png

 

The default rule has no custom remote IP addresses set. That property is customizable and were added by you (maybe in the past)? Or maybe imported with the user settings?

 

The problem here if i delete these ip ranges, disable high profile and re-enable high profile these ip ranges are back.

I think i will install WFC from scratch without importing backups.

Sidenote: Every month i did a full scan with Windows Defender and Malwarebytes. No infections found.

 

It seems that you discovered a bug. I will fix it in the next WFC release. Until, then use an elevated CMD window and execute these two commands to get rid of those custom values:
reg delete "HKLM\SOFTWARE\Classes\CLSID\{WD2827D4-F8E0-B379-I229-D89D12E4642A}" /v "HighFilteringCustomInbound" /f
reg delete "HKLM\SOFTWARE\Classes\CLSID\{WD2827D4-F8E0-B379-I229-D89D12E4642A}" /v "HighFilteringCustomOutbound" /f

 

Great, no more IP ranges on High Profile but my boot problem still exist.
Here my connection log after reboot (set High Profile and cleared the log before reboot)
https://i.imgur.com/QvF923D.png

Later in this log there is then only my Synology Cloud service with 127.0.0.1 (i think when the firewall starts working).
If i log off/in all works like expected with High Profile so the problem exist only on a full OS reboot.

 

Can you please export all your rules (when the system tray icon is reporting High Filtering profile) and send me the file in a private message? I want to import your rules on my machine and do some tests. Thank you.

 

Here on wetransfer: https://we.tl/t-DG04AntQDC

But beware, i'm relatively new to firewalling..

 

Hi,

I feel very stupid...

I saw that WFC had a dark mode but I can't find where to enable it.

Could you show me the way please?

 

Hi,

When viewing the connections log, why would I see blocked events for items which are already enabled and allowed with "any Protocols ports" and "any Local and remote IP addresses"

If it makes any difference, authorised groups are the default set and only "Secure Profile" is enabled at present

Any explanation appreciated

 

What if you enable the dark theme in the operating system?

 

WFC does not have a dark theme and never had one. It is still on the TO DO list. However, if you use a high contrast theme (but those are ugly), it should force some dark backgrounds on WFC UI.

 

Because:
- For inbound rules, they don't work with Any protocol. You have to create two inbound rules, one for UDP protocol and one for TCP protocol.
- For outbound rules, the OS has some restrictions which apply to Windows services. These restrictions can't be overwritten by a more generic rule that is defined for Any protocol and any remote port. For example, if you want to enable DNS Client, the rule for it must be for UDP protocol on remote port 53. A broader rule will not override this and will not apply for DNS Client service. Unfortunately, there is no list of such restrictions but some of them can be discovered by taking a look at the default Windows Firewall rules.
- Another thing to keep in mind is that Security event log, which is the data source of Connections Log, logs dropped packets at Windows Filtering Platform. These dropped packets can originate from Windows Firewall but also from other security products. For example, if you use PeerBlock or a similar software that blocks certain remote IPs/domain names, they will also generate dropped packets in Security event log. Unfortunately, there is no way to see the source of the block.

 

Oh sorry.
I understood from your message #6828 here the dark mode was ready.
And The following messages thanked you for this.

 

Hi, I only recently discovered this beautiful software. Thanks Alexandrud.
Sorry for the English in automatic translation.
I ask for help to find out if I understood how to use it.

I will use WFC in Windows 11 (clean installation), with a "medium filtering" profile, “display notifications”, " secure profile" and " secure rules" activated.

1) Is it correct to eliminate all the rules already present and subsequently load the rules recommended by WFC? Or do I have to leave the rules already present in Windows?
Of course I will later add the personalized rules when requested by notifications.

2) If I load the rules recommended by WFC, do I have to add to the "notifications exceptions" svchost.exe and System without creating further rules? Or is it better not to add anything in " notifications exceptions " and create rules for svchost.exe based on the notifications they will appear?

Thanks for your help.

 

Hi Mario.
1) It depends. WFC recommended rules are based on the default Windows Firewall rules, but it contains just a small part of them. I personally delete everything, create the WFC recommended rules then start creating custom rules for my programs.
2) Notifications exceptions are intended to avoid the notifications which you are not interested in without creating explicit rules. For a home computer, you can disable the notifications for svchost.exe if you use WFC recommend rules as a starting point. You can always check Connections Log to debug connectivity problems when something does not work as expected.

 

Thank you. Sorry but I ask for another thing related to point 2 (therefore in relation to Svchost.exe) to better understand.
In the tests I have done in these days (using Windows 7) I have not included any exceptions and I created generic consent rules for all notifications that appeared.
So in addition to the recommended rules, now there are:
- NT Kernel & System (System
- Host process for Windows Services (Svchost.exe) - Service: AudioSrv, Dhcp, eventlog, Imhosts, wscsvc
- Host process for Windows Services (Svchost.exe) - Service: CryptSvc, Dnscache, LanmanWorkstation, NlaSvc
- SSDP identification (SVCHOST.EXE) - Service: SSDPSRV

If I understand correctly, these authorization rules are superfluous. So it would be good to eliminate them and insert Svchost.exe in the exceptions so that notifications no longer appear.
And everything should still work because the authorizations given by the rules recommended by WFC are sufficient.

Finally, I ask you confirm: in addition to Svchost.exe, it is necessary to insert "System" in the exceptions?
Thank you again

 

There is no need to add anything in the notifications exceptions list. This list exists if you don't want to see new notifications for certain programs. For normal use, the recommended rules for svchost.exe and System are enough. However, you will still see notifications for them but you don't want to create new rules for those connections. You would add them in the notifications exceptions list and forget about them. If something does not work right in the future, use Connections Log to see if the reason why something does not work is related to some blocked connections for svchost.exe/System.

 

hi
is there a bunch of rules to block windows 11 ads , microsoft apps and other ads ?
some could be disabled other are allways there , even in the microsft bing weather

@alexandrud
does wfc take care if it's windows 11 / 10 / 8 or even 7 when i click on
->> in rules -> restore windows firewall control recommended ruels
thanks

 

No, WFC has the same set of recommended rules for all OS versions.

Which ads? You can disable the web search in Start Menu. You can customize Edge to skip content suggestions. But the most important thing, install and ad blocker like uBlock Origin so that web pages will become more readable.

 

hi Alexandrud
even in the microsoft store apps?
I 'm still seen microsoft store apps ads, like bing microsoft weather
thanks

 

I am not sure you can stop these because they are embedded inside the software logic. Some apps do not display ads anymore if you buy a premium version of the app. If an app downloads and displays ads you could try to block that app from connecting to the Internet. Isn't the same on Android, lots of ads, especially in free apps?

 

On android it is possible to block ADs by blocking IP ranges, but MS probably serves ADs via bing and it also feeds weather, so not sure if that would work. MS Weather does not even run on my Windows, so I can not test it.