Advice Request F-Secure & Windows Firewall Control?

[a090]

How do you guys feel about pairing up F-Secure Internet Security with Windows Firewall Control (by Binisoft / Malwarebytes)? I’m not doing this because I mistrust Windows Firewall’s ability to keep me secure. I know it’s a solid firewall these days, which is why many AV products (including F-Secure) don’t include one of their own. I’m sure it’ll keep the baddies out. What I’m interested in is what’s happening within the system itself.

The reason why I’m interested in WFC is mainly for the alerts and fine-tuning of which apps can access the net. Say for example I want to download Samsung Magician to update my SSD firmware. But once the update has happened, I don’t want it connecting to the internet. And we all know Samsung’s notorious track record with security. Last year they got hacked twice in one year. Which is why I can use WFC to kill internet access for Samsung Magician until the next firmware update for my SSD. In the meantime, if something crazy happens and the Magician software gets a bad update or whatever, no problem. Because mine wouldn’t get that bad update since WFC killed its internet access.

Essentially, I want that granular control over what’s going on in my system. And WFC provides that in a clean and easy to understand interface. I don’t need something crazy like Portmaster. I just want to be able to see alerts for unknown apps accessing the net, as well as for killing internet access to apps on the fly. And being able to re-enable later.

Questions:

1. Do you guys forsee any conflicts with F-Secure and WFC? I’m assuming not because while both add rules to the Windows Firewall, they don’t “control” it. If you have F-Secure, you can verify this by going into Windows Security > Settings > Manage Providers and see that F-Secure is “controlling” the section for Virus Protection. It is listed there while Defender is listed as off. While in the Windows Firewall section, no F-Secure is listed there. Windows Firewall stands alone. My understanding is F-Secure adds some rules to the Windows Firewall but nothing more. Maybe protects it from shutting down too…
2. F-Secure seems to be highly compatible with Windows virtualization-based security (VBS). Hardened kernel, Credential Guard, Memory Integrity… that stuff. I have all of those enabled and they work beautifully with F-Secure. Is WFC also compatible with Windows VBS?
3. Any alternatives to Windows Firewall Control? I don’t need anything super detailed like the Portmaster. An alternative similar to WFC in features / complexity would be good. I’ve seen people recommend Simplewall. How does it do against WFC?

Any insight you can provide is much appreciated! Doesn’t have to be answers to all three, even one is good. Thanks!

 

[RoboMan]

1. Do you guys forsee any conflicts with F-Secure and WFC? There shouldn't be any conflicts whatsoever. You should, nevertheless, allow WFC to be used in learning mode for a few days to make sure all antivirus processes get proper rules to connect to internet. Also you should whitelist WFC from F-Secure interface.
2. Is WFC also compatible with Windows VBS? I cannot properly answer this since I never tried, but WFC isn't intrusive, there shouldn't be any issues, but you should try for yourself.
3. Any alternatives to Windows Firewall Control? You shouldn't go any further than WFC, which offers what you're looking for. More complex firewalls like Comodo will likely bring issues with F-Secure.

 

[ForgottenSeer 98186]

Is WFC also compatible with Windows VBS?

Yes

Any alternatives to Windows Firewall Control? I don’t need anything super detailed like the Portmaster. An alternative similar to WFC in features / complexity would be good. I’ve seen people recommend Simplewall. How does it do against WFC?

Simplewall is OK, but you will get better user support from the WFC developer. As to which will work best for you personally is a matter of evaluating each one for yourself. But based upon your stated intent, WFC fits the bill and that is why you chose it in the first place.

 

[piquiteco]

@a090 Yes it works normally without any problems, I have F-Secure and Windows Firewall Control on one machine installed and they are working perfectly well together.

Spoiler: F-Secure & Malwarebytes Windows Firewall Control

 

[Zartarra]

@a090 Yes it works normally without any problems, I have F-Secure and Windows Firewall Control on one machine installed and they are working perfectly well together.

Spoiler: F-Secure & Malwarebytes Windows Firewall Control

View attachment 273950

Same here. No issues at all with the combo .

 

[a090]

1. Do you guys forsee any conflicts with F-Secure and WFC? There shouldn't be any conflicts whatsoever. You should, nevertheless, allow WFC to be used in learning mode for a few days to make sure all antivirus processes get proper rules to connect to internet. Also you should whitelist WFC from F-Secure interface.
2. Is WFC also compatible with Windows VBS? I cannot properly answer this since I never tried, but WFC isn't intrusive, there shouldn't be any issues, but you should try for yourself.
3. Any alternatives to Windows Firewall Control? You shouldn't go any further than WFC, which offers what you're looking for. More complex firewalls like Comodo will likely bring issues with F-Secure.

Great! And thank you for the recommendation regarding learning mode. I presume I should switch the app to Medium Filtering and Learning Mode (both settings combined) and then load up F-Secure, update its engines, run some scans, etc. To let all of the F-Secure’s update servers and cloud analysis access rules settle in.

Do you know if Adguard (Windows desktop app) will work alongside WFC?

I found this thread on WildersSecurity (see post #2769 and onwards), it appears to be the official WFC thread on that forum. And on the thread, a user asked this very same question regarding Adguard. And the reply he received from the Adguard developer is they are both compatible. The user then goes on to ask “Isn’t Adguard (desktop) a web filtering module?,” web filtering modules are suppposedly incompatible with WFC. And the Adguard dev goes on to say this isn’t a problem and Adguard is still fine.

That’s all well and good, but those forum posts are from 2016. Adguard has matured a lot since then, adding in DNS protections, malware protection and blocking, and much more. I’m curious if both products are still fully compatible?

Regardless, putting WFC in Learning Mode would be a good idea for Adguard as well, right?

Yes


Simplewall is OK, but you will get better user support from the WFC developer. As to which will work best for you personally is a matter of evaluating each one for yourself. But based upon your stated intent, WFC fits the bill and that is why you chose it in the first place.

Great response, I appreciate it. My follow-up question would to you would be the same one I asked RoboMan above. Would WFC and Adguard conflict in any way?

WFC purports to not be compatible with filtering programs, which Adguard certainly is, but the Adguard dev says all is well. The problem is those reassuring posts were made in 2016. Link above. Thoughts?

@a090 Yes it works normally without any problems, I have F-Secure and Windows Firewall Control on one machine installed and they are working perfectly well together.

Spoiler: F-Secure & Malwarebytes Windows Firewall Control

View attachment 273950

Same here. No issues at all with the combo .

Nice! It seems like I found two folks with the same config I’m looking to set up. I’ve got F-Secure running beautifully on this machine so I’m looking forward to installing WFC.

I should keep WFC in Learning Mode to let some rules for F-Secure and my other applications settle in? How many days would you recommend leaving in Learning Mode?

And do either of you use Adguard (desktop) app?

Not the browser extension but the Windows app itself. Is Adguard compatible with WFC? WFC dev has said WFC isn’t compatible with filtering modules in other programs as they mess with the way it operates (details went over my head). And Adguard certainly has a “web filtering” component to it. But the Adguard dev said all is well with both programs working fine together. The only problem is that was in 2016 and I haven’t seen any new questions or posts asking this same question since then. Adguard has matured a lot as a program so it isn’t as simple as it used to be in 2016. Wondering if its still compatible with WFC, even after all the updates and changes. Link to thread above in my reply to RoboMan.

 

[piquiteco]

Nice! It seems like I found two folks with the same config I’m looking to set up. I’ve got F-Secure running beautifully on this machine so I’m looking forward to installing WFC.

I should keep WFC in Learning Mode to let some rules for F-Secure and my other applications settle in? How many days would you recommend leaving in Learning Mode?

And do either of you use Adguard (desktop) app?

I use WFC in Medium filtering, I always prefer to see the notification to give outgoing or incoming permission to make sure if the application that is connecting to the web is legitimate or not, whether it is Windows or F-secure or another application. I only don't recommend it if you don't know Windows and F-secure processes and services in depth. If you don't know what to allow or block I suggest you follow @RoboMan recommendations in learning mode or use Low filtering. I don't use adguard desktop, so I can't give any opinion. My WFC configuration follows in the screenshot below in the spoiler.

Spoiler: Windows Firewall Control

 

[a090]

I use WFC in Medium filtering, I always prefer to see the notification to give outgoing or incoming permission to make sure if the application that is connecting to the web is legitimate or not, whether it is Windows or F-secure or another application. I only don't recommend it if you don't know Windows and F-secure processes and services in depth. If you don't know what to allow or block I suggest you follow @RoboMan recommendations in learning mode or use Low filtering. I don't use adguard desktop, so I can't give any opinion. My WFC configuration follows in the screenshot below in the spoiler.

Spoiler: Windows Firewall Control

View attachment 273953
View attachment 273955
View attachment 273958
View attachment 273959
View attachment 273957
View attachment 273956

Wow, you’re the man @piquiteco. Thank you for taking the time to screenshot your settings for me! I appreciate it because you’re using the same AV as me so these settings should work for me if they do for you.

That being said, I did notice a few things I have questions about:

• On the Rules tab, you chose Outbound and Inbound, which is listed as Not Recommended in the WFC software. Is there a particular reason why you chose that instead of the default Outbound option? That way your apps can have access out, but whoever they’re accessing can’t have acess back in to your system on their own. Wouldn’t making Inbound rules alongside Outbound rules be opening you up to something like that?

• On the Security tab, I really like the selections you made. Secure Boot ensures you don’t have any accidental leakages. Secure Profile is essentially tamper protection for WFC. But the last one is the one that I’m curious about. It seems like with Secure Rules > Disable unauthorized rules, won’t that potentially block legitimately Microsoft processes? That setting should make it so that only rules created by WFC are valid. So if another application or service wants to make a rule, maybe for a Windows update or something, won’t those rules be invalid?

• You mentioned that you like knowing whenever any process, including F-Secure or Windows’ components, access the net. Now Windows’ processes are relatively easy to identify. They’re often Google-able and most of the time someone has already asked somewhere on Reddit about them. But for F-Secure’s processes and components, things can be a bit more difficult to identify. Are all of the alerts WFC has thrown about F-Secure been easy to identify? Are F-Secure’s connections signed (WFC shows if the app is signed or not and by whom)? Or are they all named F-Secure ABC XYZ ENTER NAME HERE? Curious how difficult it will be to identify obscure F-Secure processes, if there are any.

Thank you once again for taking the time to gather those screenshots for me. I really appreciate it mate!

 

[ForgottenSeer 98186]

Would WFC and Adguard conflict in any way?

I am not aware of any conflict. You would have to ask alexandru (WFC dev) what exactly he means when he says "filtering program."

 

[piquiteco]

Wow, you’re the man @piquiteco. Thank you for taking the time to screenshot your settings for me! I appreciate it because you’re using the same AV as me so these settings should work for me if they do for you.

You're welcome! I always try to show through screenshots to make it clear to understand and the person know that I am really telling the truth, I even record video if necessary, it is better for people to understand. There is that saying "A picture can be worth a thousand words" Yes these settings should work for you. But I will simplify it for you and answer your questions below.

Is there a particular reason why you chose that instead of the default Outbound option?

There is no specific reason for me to choose input and output. I went a little overboard with the settings, I'm a little hardcore, but when I start having problems I just go back to the default settings.

That way your apps can have access out, but whoever they’re accessing can’t have acess back in to your system on their own. Wouldn’t making Inbound rules alongside Outbound rules be opening you up to something like that?

Yes, you are correct, you can have problems yes, even with local addresses like 127.0.0.1 I myself had problems with Acronis Anti-Ransomware after that because the service entry did not communicate with program that monitors running processes, the entry for the service was blocked, I had to release it. I suggest you follow this recommendation. In the Rules tab I suggest you use only Outbound (recommended) which is recommended by the WFC to create only output rules for new applications to allow or block like in this capture below, I will leave it in the spoiler to make it clearer and easier for you to adjust in your WFC.

Spoiler: Outbound (recommended)

On the Security tab, I really like the selections you made. Secure Boot ensures you don’t have any accidental leakages.

In Secure Boot, the WFC automatically sets the High Filtering profile at system shutdown and at Windows Startup, network connections will be blocked until you change the profile to Medium or Low Filtering. Remember that this is done manually by you, and the icon is black when High Filtering is enabled, this means that everything is blocked and you have no internet access, so I suggest you leave Secure Boot unchecked.

Spoiler

Secure Profile is essentially tamper protection for WFC.

Yes, correct it protects the windows firewall from external tampering. When this feature is enabled, importing firewall rules when changing the filtering mode can only be done through the WFC. Note: Not always what it says is true, I have seen many times this Safe Profile box unchecked, even I check it afterwards, so the safe rules have important role over Safe Profile, or maybe some bug in WFC and I don't know and so the box unchecks itself.

But the last one is the one that I’m curious about. It seems like with Secure Rules > Disable unauthorized rules, won’t that potentially block legitimately Microsoft processes?

Yes, and no at the same time, you can block yes but not automatically, unless you block it, it will notify anything that is going to access the internet, because you are in control, and you have to be careful it will ask everything that is going to connect to the internet, Windows services like svchost, other Windows services. I recommend first that you backup your Windows firewall settings and export all rule configuration directives created by the Windows firewall before enabling Secure Rules in the WFC.

That setting should make it so that only rules created by WFC are valid. So if another application or service wants to make a rule, maybe for a Windows update or something, won’t those rules be invalid?

Yes, that's why you have to backup all Windows firewall rules before you inhabit it Secure Rules see the screenshot in the spoiler the WFC notification it gives me when enabling Secure Rules.

Spoiler: Warning: Do not activate if you do not know how to use it.

But for F-Secure’s processes and components, things can be a bit more difficult to identify. Are all of the alerts WFC has thrown about F-Secure been easy to identify?

Yes, they are easy to identify because there is an FS prefix in front of the service or file name when you access the web, so it is simple. They always have an FS before the name e.g. fsmainui.exe and fsturnon.exe are legitimate F-secure processes.

Are F-Secure’s connections signed (WFC shows if the app is signed or not and by whom)? Or are they all named F-Secure ABC XYZ ENTER NAME HERE?

Yes, the connections are secure, not signed, if I didn't misunderstand what you said. No the WFC does not show if the application is signed. But it is signed because I checked the F-secure files, all are signed, starting with the installer, if they were not signed I would not be using F-secure. Who signed it? I can not pass this information because I can compromise the security of the users that use F-secure and this post is public, I pass this information only by PM, but rest assured that F-secure is a well respected Finnish company that exists since 1988.

Curious how difficult it will be to identify obscure F-Secure processes, if there are any.

All of them have a name with initials FS before the process name as I mentioned above as an example the fsmainui.exe. You are very curious even hein @a090, difficult to know and identify processes that you say obscure, I do not think the F-secure would do this, it can only collect telemetry to improve their products, they take the privacy of users seriously, the F-secure is a company in the security industry veteran, at least to date I have not seen any scandals them from them, then I ask that use quietly that is a reputable and reliable company.

Thank you once again for taking the time to gather those screenshots for me. I really appreciate it mate!

You're welcome, Whenever you need us, we are always here in MT to share and solve the doubts of the members here in the forum.

 

[a090]

From Alexandru (Binisoft) regarding Windows Firewall Control and Adguard:

“Hi [redacted]. unfortunately, I do not know if AdGuard desktop application plays well with Windows Firewall. WFC is just an alternative user interface for Windows Firewall. WFC does not block or allow any connection, Windows Firewall does this based on the defined firewall rules. So, if AdGuard works fine with Windows Firewall when it is set to block outbound connections by default, then it should be fine. You can install both and check. Since 2010, I did not receive any feedback regarding AdGuard not working with WFC, so I can assume it works just fine.”

Short answer: Yes, they are compatible.

Longer answer: Essentially, if any app plays nice with regular Windows Firewall when Outbound connections are blocked, it’ll play nice with WFC too. Adguard works fine with regular Windows Firewall. Just give it the access it needs when the popups begin requesting permission to the internet.

You're welcome! I always try to show through screenshots to make it clear to understand and the person know that I am really telling the truth, I even record video if necessary, it is better for people to understand. There is that saying "A picture can be worth a thousand words" Yes these settings should work for you. But I will simplify it for you and answer your questions below.

There is no specific reason for me to choose input and output. I went a little overboard with the settings, I'm a little hardcore, but when I start having problems I just go back to the default settings.

Yes, you are correct, you can have problems yes, even with local addresses like 127.0.0.1 I myself had problems with Acronis Anti-Ransomware after that because the service entry did not communicate with program that monitors running processes, the entry for the service was blocked, I had to release it. I suggest you follow this recommendation. In the Rules tab I suggest you use only Outbound (recommended) which is recommended by the WFC to create only output rules for new applications to allow or block like in this capture below, I will leave it in the spoiler to make it clearer and easier for you to adjust in your WFC.

Spoiler: Outbound (recommended)

View attachment 273963

In Secure Boot, the WFC automatically sets the High Filtering profile at system shutdown and at Windows Startup, network connections will be blocked until you change the profile to Medium or Low Filtering. Remember that this is done manually by you, and the icon is black when High Filtering is enabled, this means that everything is blocked and you have no internet access, so I suggest you leave Secure Boot unchecked.

Spoiler

View attachment 273966
View attachment 273965

Yes, correct it protects the windows firewall from external tampering. When this feature is enabled, importing firewall rules when changing the filtering mode can only be done through the WFC. Note: Not always what it says is true, I have seen many times this Safe Profile box unchecked, even I check it afterwards, so the safe rules have important role over Safe Profile, or maybe some bug in WFC and I don't know and so the box unchecks itself.

Yes, and no at the same time, you can block yes but not automatically, unless you block it, it will notify anything that is going to access the internet, because you are in control, and you have to be careful it will ask everything that is going to connect to the internet, Windows services like svchost, other Windows services. I recommend first that you backup your Windows firewall settings and export all rule configuration directives created by the Windows firewall before enabling Secure Rules in the WFC.

Yes, that's why you have to backup all Windows firewall rules before you inhabit it Secure Rules see the screenshot in the spoiler the WFC notification it gives me when enabling Secure Rules.

Spoiler: Warning: Do not activate if you do not know how to use it.

View attachment 273967

Yes, they are easy to identify because there is an FS prefix in front of the service or file name when you access the web, so it is simple. They always have an FS before the name e.g. fsmainui.exe and fsturnon.exe are legitimate F-secure processes.


Yes, the connections are secure, not signed, if I didn't misunderstand what you said. No the WFC does not show if the application is signed. But it is signed because I checked the F-secure files, all are signed, starting with the installer, if they were not signed I would not be using F-secure. Who signed it? I can not pass this information because I can compromise the security of the users that use F-secure and this post is public, I pass this information only by PM, but rest assured that F-secure is a well respected Finnish company that exists since 1988.

All of them have a name with initials FS before the process name as I mentioned above as an example the fsmainui.exe. You are very curious even hein @a090, difficult to know and identify processes that you say obscure, I do not think the F-secure would do this, it can only collect telemetry to improve their products, they take the privacy of users seriously, the F-secure is a company in the security industry veteran, at least to date I have not seen any scandals them from them, then I ask that use quietly that is a reputable and reliable company.

You're welcome, Whenever you need us, we are always here in MT to share and solve the doubts of the members here in the forum.

Amazing answers! Thank you, everything made complete sense here. Usually I have follow-up questions but this time everything made sense the first time around. I appreciate it @piquiteco, you’re awesome.

 

[piquiteco]

Amazing answers! Thank you, everything made complete sense here. Usually I have follow-up questions but this time everything made sense the first time around. I appreciate it @piquiteco, you’re awesome.

You are welcome!