Windows Firewall Control (WFC) by BiniSoft.org

It's unnecessary statistics with no practical use. Use sorting by name, Search field, that's enough to understand.

 

Hello, noticed with last windows update there was some huge ethernet changes to the settings which basically broke my setup.
VPN + WFC + Windows update(24h2) -> Will cause issues.

Had to uninstall NordVPN had to tinker and after like 10 restarts I got i to work as I want again.
1. Uninstall NordVPN entirely
2. Uninstall WFC
3. Restart, check connection.
4. Install NordVPN -> if you use older version due to split tunneling only working with older then make sure you disable nordupdater service (you'll have to do it twice as it activates during initial execution of the app)
5. Make all settings you need for NordVPN, don't enable anything before this -> make the setup then when you are entirely done with nordvpn setup you go ahead to next.
6. Activate nordvpn make sure the connection is as you want.
7. Install WFC, make sure to allow all applications that are running (note it's accepted via nordvpn connection, so you still have to do with your regular connection as they differ to WFC)
8. Block NordVPN updater app via rightclick shell extension of WFC (you can toggle this feature in the app)

If anyone wonder which version works somewhat okay with split tunneling on nordvpn it's: 7.26.2.0

 

I will use this topic to announce a new translation tool which is related to Biniware Run, but also to Binisoft Windows Firewall Control. For multi language support, check this out:

https://www.wilderssecurity.com/threads/biniware-run.411208/page-17#post-3217552

Creating a new translation file or updating an outdated translation file is now an easier task.

 

For anyone looking for an Alternative VPN:

Luckily, I have had no troubles with 24H2 and SurfShark VPN's latest update with OpenVPN or WireGuard protocols. I can designate websites by app or by IP/URL to bypass the VPN (Tunneling?) when required. I did have to uninstall MBAM to get SS to install - it didn't like it. However, it did install OK after I rebooted. WFC seems fine. SS's inbuilt AV works OK now with MBM & WD, but is a resource hog, so I disable the SS AV service. SS's 'CleanWeb' filters out baddies at their server level, so it doesn't impact performance at my end. SS is cheap too!
(You can elect to NOT add their AV at the time of subscription, but it stays in your account until the subscription expires.)

 

Sold, I am on 6.4.0.0 for very long time, but sick of all these program updates in their own version'd folders. Will update and use this feature.

 

Can make onedrive and office less annoying by putting them on enterprise update schedule in group policy, so only about once a month instead of every few days. I do plan to try this new cool auto rule feature though.

 

Did a quick test (mostly by accident) and it seems that an allow rule "wins" over a notification exception i.e. the connection is allowed. Is this expected? Looks like it shouldn't, since firewall allow rules come third on the above priority list/checks.

 

Hey I might have stumbled on a bug with the Request Elevation functionality:
1. Logged in as a local non-admin account on a Windows 10 machine with UAC disabled
2. Clicked Request Elevation; it restarts with read/write access to firewall w/o anymore interactions

 

I am afraid that I do not understand. A notification exception will just suppress a notification. If a connection is allowed the notifications system does not even kick in. Only blocked connections are triggering the logic. An allowed connection is allowed and there is nothing to verify about it. Can you please give more details about your scenario. What notification exception did you create and what was the expected behavior? Thank you.

 

Yes, I now understand, I think. Got confused by this: "A notification exception will stop the evaluation of the existing firewall rules", assuming it included existing Allow rules as well (which would essentially bypass the notifications exceptions).

But now (sorry) I'm confused about : evaluating the event in this order:... ... Existing firewall allow rules

Why would it bother to check Allow rules, if allowed connections won't trigger the notification system anyway?

 

All dropped packets are logged in Security event log. The source of the block may be a Windows Firewall rule, a DNS proxy, a web filtering module from your antivirus, etc. All these dropped packets are logged in Security event log and there is no property saying which is the source of the block. Let's say you allow your browser and create an allow rule for firefox.exe. Now, you want to visit a website which is blocked by your web filtering module of your antivirus because it appear to by malware related. A packet is dropped. WFC receives an event about this and will decide if it should display a notification or not. Since you have an allow rule for firefox.exe, do you want to see a notification for firefox.exe each time your antivirus blocks a website? I guess, not, otherwise you will think that WFC does not know about the allow rule. Why would it show repeated notifications for firefox.exe? You allowed it, right? This is the reason why also allow rules are part of this logic.

 

Many thanks for the explanation.