Q&A Question about Windows Firewall Control (and combination with simplewall doable?)

JeanCraie

Level 1
Thread author
Apr 5, 2019
23
Hello everybody!

I'm thinking if installing WFC and would like to have some feedbacks about versions and compatibility.

Have any of you decided to stick with Binisoft v5.4.1 version instead of going for post-Malwarebytes acquisition v6+ ?
Have both version full features for free?
WFC is supposed to remain a standalone for a year or so, do you disable auto-update just in case ?
Any of you using WFC in combination with Simplewall? Glasswall? (I want to leave proprietary Windows Firewall on)

Cheers :D
 

oldschool

Level 67
Verified
Top poster
Well-known
Mar 29, 2018
5,646
Glasswire - expensive, over-rated but a nice GUI if that's important to you.

No, you should not use Simplewall + WFC. SW is a standalone FW based on the Windows Filtering Platform.

I don't have experience with WFC, which is simply a front-end GUI for Windows Firewall, but I do know the current version is completely free and full-featured. I'd use that if I wanted such a software.

Since TinyWall became unusable on 1809+, I've stuck with Windows Firewall. Windows Firewall is fine for most users. TinyWall was great because it was easy to setup, it was very secure and it had absolutely no notifications. It was a winning front-end GUI for Windows FW, but sadly the developer simply dropped off the map.

Remember: Stay safe, not paranoid. (y) :cool:
 

71Hemi

Level 2
Dec 12, 2015
82
WFC- any version uses .NET Framework, and DNS Client service. "SEE System Requirements"
System Requirements

√ Microsoft .NET Framework version 4.5 or a newer version.
√ Compatible with all x86 and x64 versions of Windows 10, 8.1, 8, 7, Server 2016, Server 2012.
√ Windows Firewall service is required to be enabled for Windows Firewall Control to run.
√ DNS Client service is required to be enabled for the notifications to work properly.
Known Limitations

√ Windows Firewall is incompatible with software proxies, web filtering modules, NDIS drivers and any other security software that may redirect the traffic from Windows Firewall to their own filtering module.
√ Due to multiple system configurations and software installed there may be incompatibility problems.

If you have experienced any bad Windows Updates in the past, then you know what a pain in the butt it is to deal with them. Imagine what a pain in the butt you would have dealing with a bad Windows Update, or better yet a corrupted install of the latest greatest .NET Frame and what it would do to your configured WFC. NOT my idea of what I would want on my computer especially knowing how many times Microsoft botches updates, and with Security software and worse yet Windows Firewall(think windows default firewall rules). You should also know that WFC uses memory differently due to the use of, - you guessed it, - .NET Frame. Sometimes WFC can be a pig and sometimes not. I would also like to point out WFC requires the use of DNS Client service in Windows. Do your research and you will find out how much a security risk this service provides you, then disable it permanently. I strongly recommend if your going to run Windows Firewall, (which is great) then run Windows 10 Firewall Control made by Sphinx. It comes with a free version, or paid, and compliments Windows Firewall very nicely. It runs as a .exe, requires NO .NET Flame or DNS Client Service. This program runs very lite and is Not a memory or CPU pig. Warning - it's not pretty like WFC Binisoft, but it does everything it says on the box and has no bugs in it, plus it plays nice withe everything else. The Free version has to run with Windows Firewall but the Pro version can run without Windows Firewall. I highly recommend the free version as the Pro can be pretty daunting to newbies.
 

JeanCraie

Level 1
Thread author
Apr 5, 2019
23
Thanks oldschool and darrin

(bini/mb)WFC requires the use of DNS Client service
oouch.



So i should either consider Windows stock firewall + sphinx free ?
-or simplewall propery set up?
-simplewall + (cant pay for sphinx full, sounds nice though)
-Windows stock firewall + simplewall + sphinx free (i heard WD and SW are fine together except their denies/allows get combined so it's difficult to find then fix a rule whenever a connection issue occurs, right?)
 
Last edited:
  • Like
Reactions: TairikuOkami

oldschool

Level 67
Verified
Top poster
Well-known
Mar 29, 2018
5,646
I strongly recommend if your going to run Windows Firewall, (which is great) then run Windows 10 Firewall Control made by Sphinx. It comes with a free version, or paid, and compliments Windows Firewall very nicely. It runs as a .exe, requires NO .NET Flame or DNS Client Service. This program runs very lite and is Not a memory or CPU pig. Warning - it's not pretty like WFC Binisoft, but it does everything it says on the box and has no bugs in it, plus it plays nice withe everything else. The Free version has to run with Windows Firewall but the Pro version can run without Windows Firewall. I highly recommend the free version as the Pro can be pretty daunting to newbies.

Nice take on Sphinx. It seems to have a fairly active thread at Wilders.
 
  • Like
Reactions: stefanos

oldschool

Level 67
Verified
Top poster
Well-known
Mar 29, 2018
5,646
(i heard WD and SW are fine together except their denies/allows get combined so it's difficult to find then fix a rule whenever a connection issue occurs, right?)

I see no reason to use SW and WFW together. Why make things complicated? You could try SW or Sphinx Free if you're curious about them.
 

71Hemi

Level 2
Dec 12, 2015
82
Hi JeanCraie. You should NEVER run two firewalls together or two firewall front programs together, period. No simplewall + sphinx free together, No WFC in combination with Simplewall, or Glasswall. No combination of any kind unless specified by the developer, example - Windows 10 Firewall Control made by Sphinx "is developed to work WITH Windows Firewall" or WFC Binisoft "is made to work With Windows Firewall". Regarding Simplewall, I believe it to be a good product but feel that Windows 10 Firewall Control by Sphinx would be Easier to learn and understand. Security is only as good as Safe practices and your understanding of the security software you use, and of coarse your Operating System.
 

TairikuOkami

Level 31
Verified
Top poster
Content Creator
Well-known
May 13, 2017
2,080
The Free version has to run with Windows Firewall but the Pro version can run without Windows Firewall.
Interesting, though it still requires BFE, but at least I could disable Network Store Interface and put all crazy windows network optimizations to rest.

I highly recommend the free version as the Pro can be pretty daunting to newbies.
Any idea, if it is possible to create IP ranges or no, that would a big drawback, just like in FortKnox firewall. :emoji_disappointed:
 

Attachments

  • capture_06212019_100346.jpg
    capture_06212019_100346.jpg
    93.4 KB · Views: 416

71Hemi

Level 2
Dec 12, 2015
82
I forgot to mention if you decide to install Windows 10 Firewall Control, make sure you turn off the Application Detection Sound feature first, if you can because you'll see how ear piercing it is. I advise you to go to Sphinx site and look at the screenshots, especially the "settings" screenshot to see where to uncheck the sound (look at the bottom), then look around and get familiar with this program so your install experience will be much more enjoyable. The help file will be a great benefit as it is pretty extensive. The more you play with this the more you will like it - guaranteed. You can even replace the default sound .wav file with pretty much anything you like - think Walt Disney Bugs Bunny Road Runner Show for sound effects. Meep,Meep!

@TairikuOkami
Not sure about creating IP ranges, I would tend to think you couldn't as that's not considered a standard feature in firewalls(would be nice). You might want to ask someone over at Wilders who is in the know better than I am, or if your running a VM, try disabling your current firewall and install the free version and look at the help file as it will be the same as the Pro version.
 

TairikuOkami

Level 31
Verified
Top poster
Content Creator
Well-known
May 13, 2017
2,080
Not sure about creating IP ranges, I would tend to think you couldn't as that's not considered a standard feature in firewalls
Well, every firewall before had that option, since it was considered basic, at least in creating outbound rules, but because of WF, they are not considered important now. It is useful to make sure, that the email client connects only to email domains or a password manager to its domain, etc.
 

JeanCraie

Level 1
Thread author
Apr 5, 2019
23
Just a last set of questions before i tinker my machine :p

-sounds a bit silly, but what if i disable DNS CLIENT SERVICE, would i have any issue reaching any website without knowing their IP addresses ?

- in which order should i install my stuff : (1st) kaspersky > Sphinx > VS > OSA (last) ?
disabling any one after the other?
 
  • Like
Reactions: oldschool

71Hemi

Level 2
Dec 12, 2015
82
@JeanCraie
Disabling DNS Client Service will have no effect in reaching any website what so ever. Regarding installing, do Kaspersky Security Cloud first, then reboot then check to see if you are at service pack "b"(put your mouse over icon by clock to see if your at "a" or "b"). If "a" then check for updates ("b" should be a 6.9meg update) and check again by clock. If "b" then reboot again and proceed with Sphinx, followed by reboot then OSA and reboot. I would leave OSA at default so as to have no prompts and worry free security. There is a thread on here somewhere for Kaspersky settings for KAF and KSCF.
 

Local Host

Level 25
Verified
Top poster
Well-known
Sep 26, 2017
1,450
Just a last set of questions before i tinker my machine :p

-sounds a bit silly, but what if i disable DNS CLIENT SERVICE, would i have any issue reaching any website without knowing their IP addresses ?

- in which order should i install my stuff : (1st) kaspersky > Sphinx > VS > OSA (last) ?
disabling any one after the other?
You have no reason to disable the DNS Client Service, which is by default on, unless you have a good chunk of websites in your hosts file and/or know the IP addresses of the websites you visit.

The service can't even be stopped normally on Windows 10 (not even through GPO), and no, WFC doesn't mess with it whasoever, WFC is a simple software to manage your Windows Firewall through WFP.
 

71Hemi

Level 2
Dec 12, 2015
82
The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.

Windows Firewall Control
WFC- any version uses .NET Framework, and DNS Client service. "SEE System Requirements"
System Requirements

√ Microsoft .NET Framework version 4.5 or a newer version.
√ Compatible with all x86 and x64 versions of Windows 10, 8.1, 8, 7, Server 2016, Server 2012.
√ Windows Firewall service is required to be enabled for Windows Firewall Control to run.
√ DNS Client service is required to be enabled for the notifications to work properly.
 

MalwareTypes

Level 1
Nov 7, 2014
27
If you're paranoid about the DNS Client Service you could just not use the notifications in Windows Firewall Control (that's the reason of that requirement). Instead use the logger to see what's going on behind the scenes.
About .NET Framework memory allocation, if you don't have the main program running always in the background then there's no need to worry. And why would you have it running in the background at all times? You only need a handful of programs with actual access to the Internet. So, once you system is configured, then you don't need to mess with it on a constant basis.
WFC is a great little tool. And yes, it's completely free as of now. Before Malwarebytes got it, you needed to pay for some features, such as Notifications, which you really didn't need if you knew what you were doing (ie checking the logger).

@oldschool With the notifications disabled, you could very much well use WFC as a replacement of TinyWall.
 

TairikuOkami

Level 31
Verified
Top poster
Content Creator
Well-known
May 13, 2017
2,080
DNS Cache makes computer deceptible to DNS poisoning, not to mention potential vulnerabilities.
DNS Cache is like pagefile, it was meant to help with limited hardware/network capabilities, but it is no longer an issue. My game makes 20 DNS requests per seconds and it does not complain about DNS Cache being disabled. Though some DNS providers might have a problem with that.

@JeanCraie By default, svchost.exe makes DNS requests. That is also a security risk, because every software is allowed to make them, even if you block it within a firewall, malware could get renew IP from the domain. When DNS Cache is disabled, each software makes its own DNS requests.
 

Attachments

  • capture_06222019_124328.jpg
    capture_06222019_124328.jpg
    314.8 KB · Views: 298

JeanCraie

Level 1
Thread author
Apr 5, 2019
23
Or, once configured, you could simply uninstall it and manage rules through WFW when necessary. No muss, no fuss.

What does the last "w" stand for in "WFw" : Wilders? Windows ? :/
mhh do you mean installing Malwarebytes WFC, then setting its rules, then uninstalling MB-WFC, then installing Sphinx, and disabling DNS Client ?
 
Last edited:
  • Like
Reactions: oldschool

JeanCraie

Level 1
Thread author
Apr 5, 2019
23
My bad, i realise wfw means windows firewall, i'm exhausted today :S


So :
installing MB-wfc, setting its rules, then uninstalling mb-wfc if i get it right (?)
later installing sphinx and disabling DNS client, and peace of mind