Website logo

This section tries to answer some frequently asked questions regarding Windows Firewall Control. However, a more structured and detailed information can be found in the user manual. To launch the user manual, press F1 in any WFC window. This will open the file wfc.chm which is located in the installation folder.

Installation and uninstallation

Do I need to restart the computer after installation ?

No. It is not required to restart your computer after installing, updating or uninstalling Windows Firewall Control.

I try to install or update the program but it does not work

If this happens, probably a 3rd party security product that you use prevents the installer to execute correctly. Please disable temporarily any anti-executable software that may block the installer and make sure that it is not blocked by your antivirus software or by a HIPS feature. Also, try to execute the installer with administrative privileges.

If you receive the message "Could not subscribe to Windows Firewall Control service!" it means that WFC service is not available. This usually happens when something prevented WFC service from being installed correctly or because Windows Firewall service was disabled. See below how to manually uninstall the program. After you clean an unfinished installation you can retry again to install it.

Some 3rd party firewalls disable Windows Firewall while they are installed. Make sure that the start-up type of the following services is set to Automatic and the status of them is Running. The following Windows services must be up and running: Windows Firewall, Windows Event Log.

I can't uninstall the program because it is locked with a password which I can't remember

If the program is locked with a password do not attempt to force uninstall the software by using a 3rd party uninstaller because you will not be able to access Windows Firewall interface any more. Please use the contact page to request the unlocking steps that you have to make in order to unlock the program manually.

The uninstaller does not work. How do I uninstall the program ?

Windows Firewall Control should be uninstalled from Programs and Features available in Control Panel. This will launch the file wfc.exe with the -uninstall parameter. Avoid using a different method or a specialized software to uninstall Windows Firewall Control because it will not work properly. Windows Firewall Control uses a custom installer and other programs will not know how to properly uninstall it. To manually uninstall the program, follow the next steps:

a) Close the process wfc.exe by exiting the WFC tray icon or by using Task Manager.
b) Run a CMD window with Administrator privileges.
c) Execute the following commands:
sc.exe stop wfcs
sc.exe delete wfcs
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Firewall Control" /f

d) Delete manually the installation folder. Usually this folder is C:\Program Files\Windows Firewall Control.

Now your system should be clean of any WFC installation. You can now start again a clean installation. Make sure that you use the latest version.

Which is the latest version that works with Windows Vista ?

For Windows Vista and Windows Server 2008 users, the latest version that is supported on these operating systems can be downloaded from here.

Do you have an old version that works with Windows XP ?

Unfortunately, there is no version which supports Windows XP because Windows Firewall Control relies on Windows Filtering Platform which was first introduced in Windows Vista.

Back to top of page

Activation

How to activate the program ?

You can watch here how to activate Windows Firewall Control. It is a short video of 1:31 minutes which will describe each step required to activate the program. It is really easy. Also, the user manual describes the entire process. To launch the user manual, press F1 in any WFC window.

I have introduced the activation code but the Activate button remains disabled

From time to time the licensing schema is updated. From your account you will always generate an activation code that works with the latest version of the program. If you use an older version please update to the latest version available on the website and the activation code will work.

I have updated to the latest version and now the program is not activated anymore

Usually, after an update the activation status is preserved. However, when large portions of code are changed the program needs to be activated again. Please log in into your registered user account and generate a new activation code which you can use to activate the program again.

Back to top of page

Firewall rules

Does the program use a different set of firewall rules than Windows Firewall ?

Windows Firewall Control is not a firewall by itself. It is just a front end for Windows Firewall which makes things easier and also adds some new features. The rules that are displayed in Rules Panel are the same rules that Windows Firewall uses. These rules are applied even if Windows Firewall Control is not running.

Can I use wildcards when defining a rule so that I can create a rule for all the files from a folder ?

No. Windows Firewall does not support wildcards. Because the rules are applied per path basis you have to create a rule for each program that you want to allow or block. From Windows Firewall Control you can browse for the files for which you want to create a new rule and you can select multiple files at once. This will create a new rule for each file that you have selected.

I use a program that executes from a temporary folder. How to create a working rule for it ?

Windows Firewall rules are applied per path basis, so even if you create a rule for an executable file, if this file is executed from a different path (different folder each time in the temporary folder), a new rule is required for each location. This is how Windows Firewall works and this is not something that can be controlled from Windows Firewall Control. For this scenario the only solution is to use Low Filtering profile when such software is used. You may try to see if you can configure this software to use only a specific port, for example 44444. Then you know that it will always use this port so that you can create a rule that apply to all programs but which allows only the connections for the local port 44444. In this way you can define a working rule for such programs.

Back to top of page

Profiles

Is there a Learning Mode that automatically creates new firewall rules for a period of time ?

A Learning Mode similar to other firewall products already exists. When the Learning Mode is enabled, WFC will automatically create allow rules for digitally signed programs when they are blocked and there is no rule for them. However, for unsigned programs the user will be notified so that he will decide if a rule should be created or not.

Is it possible to allow LAN traffic when High Filtering profile is enabled ?

High Filtering profile is achieved by creating two generic block rules named High Filtering - Block inbound connections and High Filtering - Block outbound connections. These two special rules are removed automatically when the High Filtering profile is changed to a different profile. To allow LAN traffic while High Filtering profile is enabled you can modify only the remote addresses of these two rules in Manage Rules window to block, for example, the following two IP ranges: 1.1.1.1 - 192.168.0.0, 192.168.0.255 - 255.255.255.255 This means that the IP range between 192.168.0.1 - 192.168.0.254 will not be blocked because it is not contained in the block rule, meaning that the LAN traffic will be still allowed. The custom IP ranges defined for these two rules will remain the same when High Filtering is switched on and off until they are updated again.

Back to top of page

Notifications system

How does the notifications system work ?

Windows Firewall Control doesn't do any packet filtering to inspect network traffic. This is done by Windows Filtering Platform. Each time a network packet is dropped, Windows Firewall generates a new event in the Security event log of the system. Windows Firewall Control is subscribed to these events and based on the existing firewall rules it decides if a new notification should be displayed or not. This is done by searching through the existing firewall rules to see if there is a rule that matches the blocked connection that was recorded in the Security event log. The events about a blocked outbound connection are raised after the connection is blocked. This means that a notification dialog is displayed for a blocked connection, not for a paused connection. After creating an allow rule, the program that was blocked must retry the connection to connect based on the newly created allow rule.

The notifications displayed by Windows Firewall Control are for outbound blocked connections and they work only when Medium Filtering profile is used. When enabling Medium Filtering profile, the outbound filtering is enabled in Windows Firewall and this means that programs without an allow rule are blocked by default. The Connections Log contains the entries filtered from the Security log of the system. The same entries are the source of notifications displayed by Windows Firewall Control.

Windows Firewall displays notifications for programs, other than Windows services, that attempt to listen for unsolicited incoming traffic and the incoming traffic is blocked. These security alerts can be disabled from Windows Firewall and are not configurable from Windows Firewall Control.

How to stop entirely the notifications for a specific program ?

Let's say that you have a program for which you have defined an allow rule with a very specific IP range that you want to allow. When this program connects to a different IP you don't want to see a new notification because you wanted to allow just that specific IP range and that's all. To disable the unwanted notifications for a program, add a new exception in the notifications exceptions list available in the Notifications tab.

I receive duplicate notifications even if I have created an allow rule

A new notification will be displayed if a new blocked connection does not match (ports, IP addresses, protocol, location) an existing allow rule.

If the rules are matching and you still receive duplicate notifications, it may be a symptom that Windows Firewall filtering does not work correctly. This ususally happens when a software proxy from a different security product is used for filtering purposes. Windows Firewall is incompatible with software proxies, web filtering modules, NDIS drivers, any filtering modules that intercepts network packets. They redirect the network traffic to the proxy and the problem is that the traffic does not reach anymore the Windows Firewall filtering driver. In this case, Windows Firewall rules do not apply correctly because the traffic appears to be made by the proxy, not by the original program. Try to disable any software proxies, web filtering modules, NDIS drivers from the 3rd party security products that you use in order to restore the filtering functionality from Windows Firewall. This incompatibility is between software proxies and Windows Firewall, not an incompatibility with Windows Firewall Control. For this reason, WFC does not have any control over this behaviour.

Another source that may cause duplicate notifications to be displayed can be a custom hosts file or a program that blocks IP addresses based on a blacklist ruleset. All blocked connections are logged in the Security event log and will generate new notifications even if they weren't blocked by Windows Firewall.

Also check your rules for incompatible rules.

I have enabled the notifications but I do not see them

Notifications are displayed only when Medium Filtering profile is used. Make sure that you don't have in your rules list some allow rules that permit all the connections for all programs. These kind of rules will allow all connections and there will not be blocked connections. Avoid creating such generic rules. The firewall rules that you create should be targeted to specific files.

To troubleshoot this, make a backup of your rules and then restore Windows Firewall default set of rules. Now you should have only the default rules. Switch to Medium Filtering profile to enable outbound filtering in Windows Firewall and start over with the creation of your rules. Do you see now the notifications ? If the answer is yes, then one or more rules that you had in your previous rules set is responsible for the missing notifications. If you still don't see any notifications, then this may be a symptom generated by software proxies. Please read the previous answer regarding the software proxies and duplicate notifications.

Why there is no "Allow for now and ask me later" button in the notification dialog ?

Please read above how the notifications system works. The notifications are displayed for blocked connections, not for paused connections. It is not possible to resume a connection at Windows Firewall Control level because it doesn't do any packet filtering.

Back to top of page

Program options

Does the program support parameters ? Are there any hidden options that can be used ?

The following command line parameters can be used to launch the file wfc.exe. They work even if the program is already running.
-mp = open the Main Panel. For this you can also define a global hotkey from the Options tab.
-rp = open the Rules Panel. Also available with a global hotkey from the Options tab.
-cp = open the Connections Log. Also available with a global hotkey from the Options tab.
-uninstall = launch the uninstaller. This works only if the program is not locked with a password.
-nogpu = turn off GPU hardware acceleration when rendering WFC and use only the CPU instead.

Keyboard shortcuts:
Esc or Middle Mouse Button = close any window or dialog
CTRL+TAB = switch between the Rules Panel and Connections Log
F5 or CTRL+R= refresh the current view from the Rules Panel
CTRL+F = move the cursor to the search box
F1 = launch the user manual

Back to top of page

Troubleshooting

The program does not start or does not work as expected

Due to many system configurations and various programs used, there may be situations when Windows Firewall Control may not work as expected. The cause may be in WFC code which may not take into consideration a special scenario or even a 3rd party software which may conflict with WFC or even with Windows Firewall. In order to find the problem, try to follow the next steps:

1. Make sure that WFC is not blocked by your antivirus or by other security software that you use. You know better which are these. You can also temporarily disable them to see if the behaviour changes.
2. Try to add wfc.exe and wfcs.exe into the white list (exceptions list, allowed list, etc) of your antivirus. Some self defense features, anti executable programs, may block silently WFC files from execution. Some calls of WFC code involve the use of system tools netsh.exe and auditpol.exe. Make sure that your antivirus doesn't block the execution of command line programs that are executed in a CMD window.
3. If you have the possibility, try to install Windows Firewall Control on a different computer or in a virtual machine to see if you can reproduce the same problem on multiple machines.
4. Try to uninstall and reinstall the latest version of Windows Firewall Control and check if the problem is solved. See above on this page how to uninstall the program. You can also try to install it in a folder with less restrictive permissions, for example in C:\ProgramData instead of C:\Program Files.
5. Make sure that you have the latest version of .NET Framework installed. Windows Firewall Control requires .NET Framework 4.5 or a newer version. Try to repair the .NET Framework that you have installed. Sometimes, Windows updates may break .NET Framework installation, requiring the user to reinstall .NET Framework from an offline installer to fix any realted .NET Framework problem.
6. Please go to Event Viewer (execute eventwr.msc). Under Applications and Service logs category, there is a subcategory named WFC. There are logged all errors from Windows Firewall Control. If you see errors logged here, from the right panel, use the button named Save all events as... to export an *.evtx file and send it to support@binisoft.org to check it.
7. Also in Event Viewer, under Windows Logs category, there is a subcategory named Application. Here are logged all errors from all programs. Check in this log if there are error entries regarding the files wfc.exe or wfcs.exe. If so, export an *.evtx file of this log and send this log too. We can find here a .NET Framework problem that is causing the problem that you have.
8. If you use a program named Rivatuner Statistics Server, open it and set Application detection level to None.

When sending a support email please provide as many details of the problem that you have. Write down the exact steps that you did, make a screenshot of the error that you receive, specify your operating system, if it is a virtual machine or a real machine, what other security software you use on the computer. Providing as many relevant details of your scenario will increase the chances to reproduce the problem that you have so that a solution can be provided.

Back to top of page

Should you need any assistance, do not hesitate to contact support@binisoft.org