Windows Firewall Control is now free
Good news for existing users of the firewall enhancing software Windows Firewall Control; the most recent update of the application released today unlocked the donation-only functionality for all users of the application.
Windows Firewall Control is a security software for Windows that gives users more control over the built-in firewall of the operating system. We reviewed Windows Firewall Control 5.0 and Windows Firewall Control 5.1 recently.
Among the many features that the program supports are better options to manage firewall rules, better protection against rule tampering, or a learning mode that keeps user interaction to a minimum.
Windows Firewall Control was available as a free version that was feature limited. The core functionality that was missing from the free version was notifications support. Notifications are an essential feature of the application for many users. The application displays a prompt each time a software program or process attempts to make an outbound connection.
It is up to the user to allow or block the connection temporarily or permanently, or use built-in options to find out more about the process, port and other information before making a decision.
Malwarebytes, makers of the popular anti-malware software of the same name, acquired Windows Firewall Control in June of 2018. It was not the first acquisition of the company in the past three years; it acquired the popular adware remover AdwCleaner in 2016 and Junkware Removal Tool, another program to clean up potentially unwanted applications in 2015.
Malwarebytes revealed in the official press release back in June that it had plans to integrate the solution in its core products. The company reassured users of the product that the program would be kept as a standalone program but that it would fly under the Malwarebytes branding in the future.
It appears that one outcome of the acquisition is that Malwarebytes dropped the donation-only requirement to use Windows Firewall Control to the fullest.
The official release notes of version 5.4.0.0 confirm that:
New: The notifications system is now available for free and the program does not
require activation anymore.
Nothing will change for users who donated in the past. Users who did not donate get access to the same functionality as supporters, however. You may need to select Notifications > Display notifications to enable the feature. It should not be locked anymore so that the functionality can be enabled right after installation of the new version.
Windows Firewall Control comes with signed installer and files in the new release, another welcome change that should improve the program's standing with other security tools and Windows' own anti-malware protections.
Check out our tips for Windows Firewall Control to get the most out of the security software.
Closing Words
Windows Firewall Control is an excellent program to improve the management of the built-in Windows Firewall. The release of a version of the program that is not feature restricted is a welcome change that should improve the program's popularity.
Whether the change is the first sign of the end of the standalone version of Windows Firewall Control remains to be seen.
Now You: Do you use a firewall software?
I use Windows 10 Firewall Control (on Win7).
https://www.sphinx-soft.com/Vista/order.html
Since filtering Internet traffic, new outbound connections during PC operation are blocked, and a notification prompting for confirmation pops up (visualization).
In learning mode, a digitally signed program is allowed to send out connections, but notifications of unsigned applications are displayed.
“Virus check” button is convenient in the upper right corner of the popup screen.
The topic “simplewall” at the beginning is lightweight (System Resources is 20 MB ±), and control management is also a wonderful application.
However, this ‘Windows firewall control’ blocks outbound connections other than the whitelist, like NoScript, and it makes a popup notification, so there is no mistake.Both applications are useful.
I hope this isn’t too long winded; user privacy & security are passions of mine. Below are a few tips for setting up WF.msc
1. Become a semi-expert at it. My fav feature is it processes block rules first. Thus, if 2 rules are almost the same but one allows while the other blocks, that path will be blocked. Kudos to MS for this design decision.
2. Learn its weaknesses; *a. it will never ever stop ms product *b. apps can alter its rules, even without admin priv ( always check the rules after installing sw ) *c WF.msc does NOT alleviate the requirement for a properly config’d hardware firewall
3. Because WF does not stop ms product, use dnscrypt-proxy’s blacklist and cloaking_rules to halt all such corporate miscreants. dnscrypt-proxy is the most liberating software you can place on your machine. It hands your box back to you – the person who owns it – the person who paid for it. dnscrypt-proxy works with WF and allows you to take your box back — away from corporations, govts, and other miscreants who attempt to do as they please with your hard earned property.
3. Learn how to control WF via reproducible scripts. Then, create a library of them for the next time you have to set up a box.
To set WF up, if you’re a regular home user, first delete all incoming & outgoing rules ( delete every single one of them only after you’re a semi-expert of course ).
Then, set the default for all 3 profiles to block both incoming and outgoing connections.
Add rules to allow desired apps to access whatever resources they need.
Finally, set logging to log blocked packets ( important, you’ll spend a few hours debugging & learning some cools stuff whilst you curse allot ).
Don’t be afraid to make mistakes. If you mess up, you can always restore the default policy which leaves your box almost wide open again, in its original unsafe condition.
So, how hard is it? Start by asking what the box is designed to do. Then, add rules to allow those activities. For instance, to allow internet browsing using Firefox and dnscrypt-proxy with cloudflare as your dns server, use these simple WF rules… (Note, read them to understand them. Simply issuing them as is will not work).
netsh advfirewall firewall add rule name=”DNSCrypt” dir=out action=allow program=”C:\YourPathTo\dnscrypt-proxy.exe” enable=yes protocol=tcp remoteport=443 remoteip=1.0.0.1,1.1.1.1
netsh advfirewall firewall add rule name=”DNSCrypt Bootstrapper” dir=out action=allow program=”C:\YourPathTo\dnscrypt-proxy.exe” enable=yes
Once dnscrypt-proxy is installed, bootstrapped, & properly working, disable the DNSCrypt Bootstraper rule with this cmd. Note,disabling this rule is not required, but doing so tightens your box up as tight as it can get.
netsh advfirewall firewall set rule name= “DNSCrypt Bootstrapper” new enable=no
Moving on to Firefox, use this rule…
netsh advfirewall firewall add rule name=”Firefox443″ dir=out action=allow program=”C:\Program Files\Mozilla Firefox\firefox.exe” enable=yes protocol=tcp remoteport=443
To allow unsafe, unsecured http traffic, add this rule…
netsh advfirewall firewall add rule name=”Firefox80″ dir=out action=allow program=”C:\Program Files\Mozilla Firefox\firefox.exe” enable=yes protocol=tcp remoteport=80
To block FF pingsender.exe / update
netsh advfirewall firewall add rule name=”FirefoxBlockPing” dir=out action=block program=”C:\Program Files\Mozilla Firefox\pingsender.exe” enable=yes
netsh advfirewall firewall add rule name=”FirefoxBlockUpdate” dir=out action=block program=”C:\Program Files\Mozilla Firefox\updater.exe” enable=yes
Now, about item #2 above – “2. Learn its weaknesses – it will never stop ms product”… This is where WF + dnscrypt-proxy’s blacklist and cloaking_rules work hand in hand to give you back your box. For instance, in my cloaking_rules, I’ve placed BLOCKING rules such as…
*mozilla.* 127.0.0.1
*microsoft* 127.0.0.2
*.msftncsi* 127.0.0.2
*windowsupdate* 127.0.0.2
*safebrowsing* 127.0.0.10
*gstatic.* 127.0.0.11
*googleapis* 127.0.0.12
*google-analytics* 127.0.0.15
Note, these rules break allot of sites such as gmail, windowsupdate, etc. You should understand the rules you put in place for your circumstances.
Assigning a different loopback octet allows me to view what is going if ever desired via tools such as MR’s tcpview.
When I need to get to microsoft, mozilla, etc, I simply ## out that line and restart dnscrypt-proxy.
Note, cloaking_rules block but do not log as blocked. Thus, it keeps you block log tidy. If you want to see all blocking, use the blacklist instead.
There are a few builds out there for dnscrypt-proxy. Below is a link to the one I prefer (which I am not affiliated with in any way whatsoever)…
https://github.com/jedisct1/dnscrypt-proxy/releases
Thanks… appreciate sharing your knowledge. Excellent!
Thank you.
As a simple Mensch, all this time I believed, I could control the in- and outgoing of my frontdoor. Meanwhile busy controlling … all this control buddies came in through the backdoor!
But thank Snowdon, I don’t believe in anything anymore.
Known Limitations
√ Windows Firewall is incompatible with software proxies, web filtering modules, NDIS drivers and any other security software that may redirect the traffic from Windows Firewall to their own filtering module.
WFC “IS NOT” a firewall program. /rolleyes
It’s a new UI for the windows firewall with added features that takes control of the firewall away from M$ and gives it to the user.
The “Secure Rules” feature is the best part of it. This stops M$ and companies that have paid M$, from adding thier own rules to your firewall without your consent or knowledge.
You can easily screw up windows 10 with firewall settings if you tinker with stuff you don’t understand and windows firewall will let you tinker with most everything if you dig deep enough into it.
I was quite dismayed at MB’s purchase of WFC and immediatly disabled the update feature upon hearing of the aquisition :(
“The “Secure Rules†feature is the best part of it.”
They removed this in the latest version unfortunately, looks like I’ll stick with an old version.
good software. no wonder, it’s mwb. a simpler alternative, especially in context to the ccleaner – problem and “calls @home” (i posted the wrong link in the corresponding article) : the firewall – app blocker : https://www.sordum.org/8125/firewall-app-blocker-fab-v1-6/ . it’s very easy/fast to block ingoing/outgoing calls @home. just use the context menu.
I discovered this myself after giving up on tinywall and how seldom it received any updates.
Simplewall is super small and light on resources but does everything you’d want and is indeed opensource.
Mayor kudos to the developer(s).
In the past used Comodo FW for a few years, have to say it is one heck of a FW, but then I used a few years old version.. never know when new 3-letter agents compatible “features” are added… what I’m trying to say is, if it’s not broken then don’t update it. :D
Currently learning to use Linux, just wish I could find a similar FW with GUI.
Thanks guys, I will have a look at them.
…and lot more firewallls 4 linux…
https://www.techradar.com/news/best-free-linux-firewall
http://gufw.org/
https://wiki.archlinux.org/index.php/Uncomplicated_Firewall
https://wiki.ubuntu.com/UncomplicatedFirewall
I don´t know what distribution you run…
OpenSnitch firewall for Linux.
https://github.com/evilsocket/opensnitch
Indeed, Little Snitch is the reference standard ; the benchmark for U.I. design. All other personal / desktop firewalls should strive to imitate it. Nothing else has this traffic display which automatically shows and hides.
https://macremover.com/uninstallguides/wp-content/uploads/2017/03/little-snitch.png
https://www.portalprogramas.com/imagenes/programas/en/688/688_1.jpg
Yea, and now you need to read this: https://www.malwarebytes.com/privacy/ and think twice before you update to this “new version”.
I have used a lot of different firewalls over the decades like ZoneAlarm before it was getting too much bloated!
But I am not burning main fingers on this program (being WFC) anymore. This is the only firewall program that succeeded to crash and burn the complete system. I had to completely reinstall. :-(
Nowadays I am quite pleased because I am using a paid all in one internet securtity suit package.
This because I am absolutely not working anymore (I am walking now on another more secure pad) on all those free antiviruses, firewall’s, email security, etc.. This because all test says that’s better to buy and also main experience. I think its a great 2.33 euro spend every month.
I might be naive but.. how they make money? They purchased software only to make it free. Right?
Or is this last version from the author and not malwerbytes?
From reading the earlier article, this is a great tool. Thanks!
Tinywall has always been free, has a learning mode too, and promotes a “deny by default” policy on per application basis
I highly recommend simplewall (open-source, by Henry++), which is both very simple as its name states and powerful… A must-have imo.
+1 I agree.
I did not know simplewall. Thanks for the introduction!
https://www.henrypp.org/product/simplewall
Simplewall is a great tool to deny internet access to Windows 10 spying, telemetry, backdoors, updates, etc. with its whitelist mode.
https://github.com/henrypp/simplewall
+1 to simplewall
Agreed! I’ve been using this one “combo-ed” with Windows Defender for my lasts Windows installations and couldn’t ask for more.
Does the job and minimal, I’m very happy with it.
+1 I agree. Simplewall is a great tool.
Agree, a must-have (except some crashes however).