Microsoft has improved the Windows Firewall ever since it was included in Windows XP and Windows Server 2003. The majority of usability and security issues have been dealt with. Outbound Packet Filtering was for instance introduced under Windows Vista. There are still some issues left that Microsoft has not yet addressed. Especially the firewall’s configuration interface and notifications need improvement.
Windows Firewall Notifier is a third party program for Windows 7 and Vista that improves the handling of the firewall in this regard. When you first start the firewall notifier it performs a series of actions.
The program enables the Windows Firewall if it is not enabled on the system. Once enabled, it will block all inbound and outbound connections for which no firewall rules exist. It then enables Windows firewall inbound connection notifications and outbound connections logging if disabled.
A task is then created in the Windows Task Scheduler that is linked to Windows firewall event log entries. This will basically launch Windows Firewall Notifier whenever an inbound or outbound connection for which no rule exist is blocked.
Configuring the program to run as a task means that it will not run in the background all the time. The Task Scheduler will launch the firewall notifier whenever the system tries to make a connection that is not listed under allowed or blocked connections. The following dialog is then displayed on the screen giving the Windows user options to allow or block the connection.
The notification lists the application’s name, system path and target IP or hostname. Buttons are available to allow or block the connection once, or to allow or block it always.
The program will make the selected changes to the firewall configuration before it closes down again. Users who want to uninstall the firewall software again need to run it again. A dialog to disable it is then presented on screen.
Windows Firewall Notifier is a handy program for Windows Vista and Windows 7 users who make use of the built-in firewall. The program, compatible with both 32-bit and 64-bit editions of supported Windows operating systems, is available for download at the developer website. (via)
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Windows 7 Firewall ControlWindows Vista Firewall Control
Windows Logon Notifier
Reset the Windows Firewall
Enable or disable the Windows Firewall in Vista in one click
that sounds great, I’ll give it a try.. will post a follow up comment once I can say if it works without problems..
thanks Martin, this could be very useful for me if it works!
You are welcome. Would like to hear what you have to say about it.
So far it has been working quite well! It froze up on me once, but terminating the process and retrying the program which required internet access fixed that. My only gripe is that the little pop-up balloon which notifies you that a connection was blocked doesn’t stay visible for longer. It only stays for about 5 seconds, so sometimes I’m not quick enough to click on it..
Otherwise it’s great – I’ll definitely keep using this one!
Martin: Thanks for an interesting find … at first glance, this appears to be a lot like Windows 7 Firewall Control from Sphinx Software, which offers similar simple functionality in its free version, but without the graphical interface … another option is Windows Firewall Control from BiniSoft.org; it seems to offer a lot more control options – and correspondingly more complexity – than either of the other two applications … looking forward to trying out Windows Firewall Notifier to see how it stacks up to the other two.
How come that Microsoft, which by it own words, invest much in security, has 2 security apps with the lowest quality in the market : Windows Firewall and Microsoft Security Essentials (MSE) ?
I wouldn’t call MSE one of the worst pieces of security software.. Far from it – both AV-comparatives.org and Vb100 gave it very decent ratings (when running under windows 7, and I think anybody who cares about security would always do best to run the lates OS). You’ll find the links to those comparatives here: http://mobile.pcmag.com/device2/article.php?section_name=&CALL_URL=http://www.pcmag.com/article2/0,2817,2376220,00.asp
I wouldn’t call it the best, but it’s far from the worst. And if you look at the average pc user who asks on yahoo q&a about security programs and has no idea (and all the mindless drones who keep recommending avg although it has underperformed for a long time) it becomes clear that providing a trustworthy, easy to use and at least relatively decent AV for the masses can only be a good thing. I myself prefer Avira, but I know a lot of my non- techsavvy friends would be confused by the notifications and couldn’t filter out the occasional false positive (which is a very important point when talking about people who don’t know how to deal with malware).
Now as for the windows firewall – I personally think that for the average, non-techy home user it is just fine, when coupled with a hardware firewall with SPI enabled, and with a decent AV and regular spyware scans.
I have a friend who well-meaningly installed zonealarm on another friends pc. The guy had no idea what all the pop-ups were and just allowed everything, meaning that any extra protection that zonealarm could offer was lost anyway. Yet he was lulled into a false sense of security which is more dangerous than anything else.
Anyway, my rant ends here ;)
hmmm I got an email notification that there was a reply, but now it’s nowhere to be seen… what happened??
Slightly left of field but interesting: http://arstechnica.com/microsoft/news/2011/07/internet-explorer-9-utterly-dominates-malware-blocking-stats.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss
yep, microsoft made that! (Disclaimer: I am far from a microsoft fanboy – I despise IE from a usability and speed standpoint. I just hate it when people bag other people or companies based on nothing but a reputation from a decade ago…)
this notifier blocks MSE updates and regular win updates in win764bit,,bummer :(
War mir neu und finde ich gut. Der Blog ist scht eine gute Quelle für alles über Firewall. Danke, Bianca.
windows firewall rules, gah i wish someone would explain these in detail,, which are needed , which not ,, such as “core networking – router solicitation” and the rest,, i am not a techie, but i disable all the remote access related rules ,, but i still see so many active rules incoming and outgoing,, oneday someone will hopefully put a decent explanation of what is and isnt needed for basic internet connectivity, hope you can martin! :D
One problem I have found is that windows firewall notifier keeps asking me about svchost.exe… It can’t seem to create a rule to always allow the service host process, and I can’t seem to manually create this rule either.
Does anybody have any idea how to fix it? It’s driving me insane – sometimes it pops up 10 times in one minute!
Thanks a lot, it was a very good tool.
I have the same issue with the svchost.exe process. Do you have a workaround to not process the events concerning the svchost.exe process ?
Hi,
I’m the author of Windows Firewall Notifier, and am glad to see you are using it (and enjoying it, by the way) !
I published an update yesterday (1.1.0), with the following modifications:
- the outgoing connection dialog has been slightly modified (now creates a rule by default, except if asked not to, so that only two buttons have to be shown).
- when directly launched through the exe, WFN shows a new screen with exceptions list, and the 500 last entries of the Windows firewall log (so that you can create rules from there using the contextual menu), along with a “uninstall” button.
Regarding the svchost problem, it should be fixed as well in this version.
For Windows Update / MSE related problems, I’ll check what’s happening asap. It seems some x64 processes are not detected properly, I don’t really know why as of now.
Feel free to contact me using the dedicated page on my website (link at the bottom).
Thanks for your feedback !
Khan
Khan, thanks for posting about the update. Keep up the good work,.
You’re welcome.
By the way, I’m already working on another version with major improvements some people are waiting for, I’ll post here when it’s done.
Khan
So… It’s done, v1.2.0 is out, and has been improved a lot (see readme).
Khan
Khan: I tried using Windows Firewall Notifier for a few days at the end of July and frankly couldn’t cope with the endless messages, especially regarding svchost. It was worse than anything I’d ever experienced before, even from older incarnations of Comodo Firewall. Nevertheless, the changes you’ve made in your last 2 updates are intriguing so I’ll give it a try again next week. Thanks for your continued development of the software.
Hi Mike,
Thank you for being frank (!), and for your feedback. I don’t know why you got so many notifications, maybe your system has many more services than mine (or the average user’s one) does, explaining why svchost kept trying to connect :-/
Thank you for trying again, please feel free to contact me through my website (link at the bottom) so that I can answer directly by mail.
WFN has been downloaded approx 3500 times during the last two months; I didn’t get much feedback (less than 20 persons, either by mail or on some forums / blogs), two were really negative (including yours). My goal is to only have positive reviews ;-)
Khan
The best tool to create rules and to control Windows Firewall that I was using until now, is “Windows Firewall Control” from binisoft.org.
Version 1.3.0 is out and clearly improved… No more balloon notification, but an easier to use “permanent” dialog (still event-based, I have not added a systray icon as of now).
@Mike: I think you will appreciate some modifications I made, feel free to contact me about those ones.
I will not keep developing that fast, have to go back to work tomorrow, so no new version should come before some time.
Khan
Doesn´t work for me. I just get “WindowsFirewall has stopped working” when I try to launch it in Vista32bit, yes with admin rights. I can see it created the Task in task manager, but that´s about it.
^ meants to say “WindowsFirewallNotifier has stopped working”
Hi JML,
You’re the second one having this problem, I don’t know why. I’ll find a Vista box to check if it’s a problem with the new version or not, I apologize for any inconvenience…
Where did you extract the files? Local folder, network, your documents folder?
Thanks !
Khan
I created folder to “c:\Program Files\WindowsFirewallNotifier\”
Thank you for your answer.
Could you please check which version(s) of the .Net framework you got installed?
Thanks
I have these in my installed programs:
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Thanks a lot for these new updates.
The exclusion of svchost is working like a charm.
I have a little modification to ask you about the windows displaying the exclusion list. Could make it resizable for resolution beginning at 1024×600 (My Viliv N5 will appreciate :-)
Merci encore …
This is e-x-a-c-t-l-y what I was looking for! I’m fine with using the Windows built-in GUI for the firewall, but lack of notifications for outbound traffic was a serious oversight.
The solutions from Sphinx and Binisoft in their free versions have nothing over what is offered here, and they are both an additional layer over built-in interface, the settings not being visible by either layer – WFN recognises the already present config of the built-in tool without a problem. The option of allowing only the port the communication was detected on is an insanely cool bonus.
Thanks for the effort Khan!
Hi Barthazar,
Thank you for your nice message ! I’m working on some fixes to improve the user experience (including a fix for the bug encountered by JML above) and version 1.3.1 should be released soon.
@Martin: I hope you don’t mind if my comments make that page look like a little forum :-) Some other blogs do too, I guess I’ll have to think about a real forum !
Khan
Hey Khan,
I like your useful app :) but i have same problem as JML although im not using Vista 32bit but Win 7 32bit. I just get the windows firewall notifier has stopped working. I hope you have it fixed on your upcoming version :)
Btw, why not create topic into wilderssecurity forum? It has firewall section :) some fellas there are quite interested about you app :)
Yeah there´s 2 threads already at Wilders security about Windows Firewall Notifier.
http://www.wilderssecurity.com/showthread.php?t=307871
http://www.wilderssecurity.com/showthread.php?t=304278
Khan, I suggest you get involved there with the conversation to get even more publicity for you software. :)
Thanks for telling, I’ll subscribe to the forum.
I’m currently working with some friendly users on v1.3.2 (1.3.1 already finalized, but not improved enough for a public release).
I want next version to be working perfectly for everyone, sorry for those encountering problems with the current one…
I can’t give any release date as of now since I’m busy with other stuff, but it should be soon :-)
Thanks to all of you supporting me !
Khan
Hello,
Can I please have access to the latest version. For some reason this really messed up my computer and I can’t even run System Restore successfully to remove it. Clicking the exe again doesn’t work either. Need help. Thanks.
Hi Mike,
Sorry to ear that. What do you mean by “it messed up my computer” ?
To remove WFN without using the provided exe (since it indeed fails on some computers with v1.3.0), please use the following file by extracting it on your computer, then right-click on DisableWFN.cmd and choose “Run as administrator”:
http://wokhan.online.fr/progs/DisableWFN.zip
It will remove the scheduled task WFN is based on, will reallow all outgoing connections, and will disable back firewall logging for all blocked outgoing connections.
I’m sorry not to send you the latest version (still a private beta), it will soon be publicly released.
Khan
I’m using V1.3.0 on Win 7 Home Premium 64 bit and Windows Update is unable to connect and gives no notification. I also got no notification for the popular voice chat program Ventrilo and had to create an outgoing rule manually.
I had to remove the program once and the .exe didn’t work so I just deleted the task and then set the Win7 firewall back to defaults. I then reenabled the notifier and it worked. The first install completely cut off all internet access.
Hi,
WFN 1.3.0 has some known issues with 64bit systems, which have been solved in a newer version (coming either today or tomorrow, still being tested !).
Setting your firewall back to its defaults must have reallowed some system process (maybe IPV6 or alike), which wasn’t detected properly by WFN, this is why it failed the first time.
Khan
WFN 1.3.2 is officially out (available on my website, and soon on Major Geeks as well).
All blocked connections should now be detected properly, and 64bit related bugs have been fixed, along with many other little bugs and some code optimization.
As usual, your feedback is really valuable :-)
Khan
When you “fixed” the svchost problem ,it created a new one which caused Windows Update and other things like Windows Time not to work. I had to manually create an outgoing rule for svchost. There were also 2 other things that gave no alerts for connection and subsequently didn’t work. The game DiRT3 gave the incoming alert but nothing for outgoing and the Games For Windows Live framework would not work either because the client app and the LiveID file were being blocked with no alert. I only found the problem by looking in the blocked log.
Okay, I updated to v 1.3.2 and all the problems appear to be fixed. I tested it by deleting the rules I had manually created for svchost, DiRT3 and Ventrilo. It alerted to all 3 trying to connect and then created rules perfectly. Good job.
I am now getting alerts for outgoing connections by SYSTEM to other elements in my home network, namely the router and the other computer connected to it. I allowed the first one and it the rule says it should cover every connection type but I am getting additional alerts still for SYSTEM. I don’t need a bunch of rules accumulating for the same thing.
Hi “Dch48″ (there was no “reply” link under your post, I guess there is a limit or something).
This version has been tested by some users before being publicly released, and none of them met this issue :-/
You may have another rule stating that System should be blocked (at least for some IP / ports), conflicting with the newly added rule; could you please check that point?
If not, could you please check if the rule has indeed been created (namely Custom rule – System)?
Thank you!
Khan
I deleted all but one of the rules for SYSTEM and so far there have been no further alerts. It did the same thing for svchost, trying to make another rule for Windows Time after the one for Windows Update was created. That rule was supposed to allow everything as well. I deleted the second rule and it hasn’t asked again.
People have been telling me that I shouldn’t have a rule for svchost that allows all protocols, ports, services, etc like the current rule does. Is there any real reason to have rules for it for every specific service and the ports that are accessed by that service? I always have allowed just a default allow all outgoing for svchost with any firewall I have used and of course the Windows Firewall in it’s default state would allow everything. These people are citing a feature in Win 7 called “hardening” that supposedly only allows specific connections and actions by system files and they claim that I am negating that by allowing all outgoing connections by any service through svchost.
Well, they are right: in a perfect world, svchost should never be allowed as a single whole, and settings should be set at a service-only level.
But you found the exact reason why I didn’t bother about that point: default Windows behavior is to allow all outgoing connections, so creating a single rule for all services should not hurt that much when changing that behavior…
If you’re an advanced user, you can set svchost to be always blocked (in WFN), and then only allow services you are currently using.
Anyway, I’m searching for a way to find out which service is trying to connect (one instance of svchost actually hosts many services, so it is not as easy as it could have been).
Khan
Congratulations on providing a much needed WIN 7 firewall add-on.
The problem I am having with svchost.exe is many popups for unknown services. I have coded outbound service rules for update, time , and for Network Awareness to handle the boot time dial-out to MS to check for network connectivity. I am still getting dial-outs from svchost.exe and it;s difficult to detemine which service is doing the outbound connection. I just added a rule for cryptograhic service since I read that can require Internet requests.
It is virtually impossible to find ref. data on which WIN 7 svchost.exe services require Internet access.
Oh forgot to mention this.
The allow outbound rule that WFN generates for svchost.exe is not just allow all services; it is a rule to allow all programs and services for svchost.exe. I don’t think that is very secure.
I have found a somewhat “brute force” method of determining what svchost service is executing when a popup alert is generated by WFN. This works for WIN 7 x64 SP1. I also assume it will work for XP and Vista.
1. Keep the WFN popup visible on the desktop and note the IP address and port shown.
2. open a command prompt window as admin.
3. Enter the following minus the quotes after the command prompt – “netstat -anob”. Do not press the enter key yet.
4. Click on the Allow button on the WFN popup for svchost.exe. Immediately thereafter press the keyboard Enter key to execute the netstat command that was previously entered.
5. Scroll up in the command prompt window searching for the original blocked IP address. Once found, you will observe to left on the same line the short name of service that svchost requested.
Note that netstat command will most likely display the program name that called svchost.exe. Therefore you will not see the service short name listed under svchost.exe but under the calling program name..
6. Open up Task Manger and click on the Services tab and search for the full service name associated with the short name that was displayed as a result of the netstat command.
7. Delete the global allow firewall rule for svchost.exe that WFN generated.
8. Create a new WIN 7 firewall custom outbound rule for svchost.exe selecting the above appropriate service. For protocol I always use TCP and for destination/receiving ports I always use 80 and 443.
Note; Before adding any firewall rule for a svchost.exe service, determine that the service is a valid Windows or application generated service. Also remember that the service might be valid but intrusive e.g. Google update service, etc.
I have hardened my rules for svchost. I have a rule for Windows Update and another one for Time. I then started getting alerts for connections to the other elements of my home network so I made a rule allowing connections to all ports but only for the IP range of my network and it seems to be working fine so far. Those are the only alerts for svchost that I have gotten. If you run the notifier exe file again and look at the outbound rules, you will find many default outgoing rules for svchost where it is allowed to connect. The mystery to me is why Update and Time are NOT allowed by default when you enable the outgoing protection.
I have also seen that some of the default svchost rules are for ports other than 80 and 443 and not always through TCP. Windows Time uses UDP and port 123.
Hi,
@Don & Dch48
Thank you for investigating. I’m currently really busy but I read everything you’re posting here, and I will improve the svchost / services management logic as soon as possible.
I’ve been considering something similar to Don’s method, but hoped that there were better ways (using Windows APIs or alike). It doesn’t seem to, so I’ll give it a try, hopefully before mid-october!
Of course I’ll post a comment here when it’s done :)
Have a nice day
Khan
Hi,
I started working on a “service identification routine” one hour ago, it works as expected. WFN services support has thus been way improved and svchost is no longer considered as a standard application.
I’m still tweaking the code, but I should be able to release a private beta today (or maybe tomorrow, since I’ll be mostly away today), meaning that a new version should come next week (except if I feel confident enough to reduce the beta testing period ;-) ).
Stay tuned !
Khan
Fantastic! I can’t wait for the new release. Svchost.exe is still giving me fits in the area of identifying services requesting firewall access in WIN 7.