Windows Firewall Control (WFC) by BiniSoft.org

@alexandrud Since 6.13 @ shutdown:

Spoiler: Event

Code:

Source
Malwarebytes Windows Firewall Control Service

Summary
Stopped working

Date
‎04.‎04.‎2025 00:12

Status
Report sent

Description
Faulting Application Path:    C:\Program Files\Malwarebytes\Windows Firewall Control\wfcs.exe

Problem signature
Problem Event Name:    CLR20r3
Problem Signature 01:    wfcs.exe
Problem Signature 02:    6.13.0.0
Problem Signature 03:    ba923296
Problem Signature 04:    wfcs
Problem Signature 05:    6.13.0.0
Problem Signature 06:    ba923296
Problem Signature 07:    254
Problem Signature 08:    0
Problem Signature 09:    System.NullReferenceException
OS Version:    10.0.19045.2.0.0.256.48
Locale ID:    2057
Additional Information 1:    c36c
Additional Information 2:    c36cc81726839a2f6d60c6cdb965daa1
Additional Information 3:    7d90
Additional Information 4:    7d90d7b4a9f8eb5939c79f8afe004e01

 

Until he replies, reboot, or open an admin command window, at the prompt type
Net Start wfcs
and hit enter.

What were you doing when it crashed. Can you list and repeat the steps to make it crash again?

 

They occurred while the system was shutting down, but I haven't encountered any crashes during normal use. I wouldn't have noticed them if I hadn't checked the Reliability Monitor.

@alexandrud If necessary, I can send the dmp files via email.

Spoiler

Code:

STACK_COMMAND:  !c:\symbols\microsoft\SOS_AMD64_AMD64_4.8.9290.00.dll\67214BCA9a4000\SOS_AMD64_AMD64_4.8.9290.00.dll.pe 0x20a8e59b278 ; ** Pseudo Context ** ManagedPseudo ** Value: ffffffff ** ; kb

SYMBOL_NAME:  wfcs!WindowsFirewallControl.Proxy.ProxyServer.EventReadNewRuleAdded+752

MODULE_NAME: wfcs

IMAGE_NAME:  wfcs.exe

FAILURE_BUCKET_ID:  CLR_EXCEPTION_System.NullReferenceException_80004003_wfcs.exe!WindowsFirewallControl.Proxy.ProxyServer.EventReadNewRuleAdded

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

IMAGE_VERSION:  6.13.0.0

 

Just a guess: event came to destroyed handler of events during shutdown.

 

Good catch. Yes, one event comes null during shutdown and I forgot to add a check for null before attempting to dispose a null object I will publish a fixed version soon. Thank you for reporting this.

 

Windows Firewall Control v.6.14

Change log:
- Fixed: During machine shut down, WFC service has an exception which appears in Reliability Monitor as Stopped working.

Download location: https://binisoft.org/download/wfc6setup.exe
SHA256: 0fbf810c5d12ca863ceec5f390bbba1780cca4e877e1fb84e3bb801783950603
SHA512: e0caff9985aa9a87103ca88119f183b736bc402d4f27a7ad19c6a7bd8dc55d610c141f82b30db0ffcfbc8363b88396566c42c0b1669d131aee028dfbf5ae9791

Thank you for your feedback and your support,
Alexandru Dicu

 

I have a small feature request with low priority, but it would be nice. At least for me. I export before changes the ruleset and before updates the settings The exports follow with the date the settings of the localisation. In germany it is day.month.year without leading zeros. But the text is english. For backups and the sorting in a folder it would be better to follow the ISO standard https://en.wikipedia.org/wiki/ISO_8601 YYYY-MM-DD or YYYYMMDD with leading zeros.

What do you think?

 

Indeed, low priority You can change the filename to your desire anyway. That is just a suggested name so that is not empty by default.

 

I'm encountering an issue ever since I switched from Windows 7 to Windows 11. Even though Secure Boot is disabled, applications with an Allow rule are not able to connect to the internet after booting into Windows. This is until I manually switch away from the default Medium profile to another one and right back to Medium. After that, applications that have an Allow rule are able to connect (until the next reboot). The only exception to this is signal.exe: it is able to connect even before switching profiles.
The only difference I can see between Signal and other applications is the installation directory.
My network profile is set to "Private". The issue doesn't occur when I set it to "Public", but I can't connect to network shares in Public mode, so I need it set to Private.
This didn't happen with Windows 7, although I can't say for sure whether it had to do with Windows itself or with the version of WFC I was using back then.
I'm using WFC 6.14.0.0 right now, but the issue has occured with all previous WFC versions I've been using since I switched to Windows 11.
Any help is appreciated!

 

What is D:\programme on your machine? Is it a folder on a regular partition on your main fixed drive? A mounted drive? An external drive?

 

"D:\programme" is a folder in a partition on the same physical drive as the c: partition. I install every program that lets me choose its installation directory into this folder (WFC, for example, is installed in "d:\Programme\Windows Firewall Control"), but Signal does not let the user choose an installation directory.

 

It seems this partition is mounted after the firewall rules are loaded by Windows Firewall. If this is the case, the rules needs to be refreshed in the internal store of Windows Firewall. This can be done by what you do, by switching the profile at least once, you force Windows Firewall to load the rules one more time with the updated paths. I think your problem relates to this one. This problem will manifests even without using WFC. WFC has code which detects when you insert a removable drive and does this automatically so that the firewall rules defined for files on the removable drive will work without manually switching the profile. But in your case, it is a partition on your primary drive. When the OS mounts the partitions during the boot, WFC is probably not even running to do a similar thing. I also have firewall rules defined for files on other partitions and they work out of the box when I restart my machines. I have to think about this.

 

Thanks for the link, but I'm not sure if encryption is the reason for the problem I'm encountering. My partitions are indeed encrypted, but the non-boot partitions (including d: ) are mounted before system and application services start (please see https://veracrypt.eu/en/System Favorite Volumes.html), so in theory they should be fully visible to the Windows Firewall when it loads its rules.
Also, the problem does not happen if I switch Windows' network profile to "Public". It only happens when using the "Private" profile. If the issue was due to encryption, wouldn't it happen in "Public" mode, too?
Anyway, thanks for looking into this!

 

Just a guess:
1. "Private" filters are loaded early on startup (e.g. because it needed for LAN)
2. VeraCrypt mounts its volumes
3. "Public" filters are loaded later

(I've fixed the VeraCrypt drives' handling recently: #458)

 

That could be possible. In that case, a way to quickly reload the rules would be very useful. Like you did with the command line option. It could be used to place a .cmd file on the desktop for quick access.
For now, I have activated "Secure Boot". It saves me a few clicks because I only need to perform one profile switch (High to Medium) instead of two.

 

Hey, question about Secure Boot.. I recently starting using WFC again, I'm on W11 24H2 and WFC 6.14. I enabled Secure boot, but when I start up my CPU I get weather, and sports scores on the log in screen before I enter my password and logon. Should that be happening if all network connections are being blocked?

I notice too that sometimes it just doesn't work and does not go into High Filtering mode on startup. And even when it does, I still get the sports/weather/etc. on my log in screen.

I feel like I'm missing something obvious here.

edit: If WFC was not able to set High Filtering at shutdown due to background processes, etc.. will not be set to High Filtering when you next start up>

 

Secure Boot will attempt to set High Filtering profile at system shutdown, not at system startup. Why? Because WFC can't set a priority of when Windows services start, so it may not start among the first services. This is why it would be better to do this at system shutdown. However, during system shutdown (not entering sleep mode) the OS may decide to kill any Windows service if the shutdown phase is taking too long. This does not mean WFC service takes longer to stop, it may be any service which creates a delay, takes the time from other processes, including WFC service. The OS will just kill WFC service before it has a chance to react to system shut down event. Depending on the loaded processes on the machine, Secure Boot may not always work.

Regarding the weather widget, I am pretty sure it shows a cached version of the data, not live data due to a successful Internet connection.

 

Is there a way (and why not) to manually create a temporary rule, from connections log mainly, but also in rules panel? Maybe just a new option in "customize and create rule" dialog?

I couldn't find any related post, also read the manual thoroughly. Looks like no one else ever needed something similar, so I'm guessing there might easily be some fault in my thinking.

 

Temporary rules can be created only from the notification dialog when a connection was blocked. You can allow/block a program temporarily as a result of such event.
If you want to create a temporary rule from Connections Log/Rules Panel, set the Group to Temporary Rules and the Description of the rule to this format Rule valid until: 2025-04-15 19:00:00+03:00 so that the code properly parses the content and knows how to handle this special rule.

 

Hi Alexandru !
Small laptop with W7starter.
WFC 6.9.2.0
Trying to update.
Message from WFC:
System.Net.WebException
"Could not create SSL/TLS secure channel"
Thanks for your help...

 

Your OS version does not support TLS 1.3 and can not connect to the server anymore. You have to manually download and install any new WFC version. Check the product page: https://binisoft.org/wfc

 

OK. Are you sure that my OS will digest your last version ? or is it safer to stay with my 6.9.2.0 ??

 

Organize network adapters to turn off automatically when you shut down your computer, and your problem will be solved.