Windows Firewall Control Tips

Windows Firewall Control is a standalone program for Microsoft Windows PCs that extends the functionality of the built-in Windows Firewall and improves manageability significantly.

A free version is provided but you need to donate to the developer to get a lifetime license for the registered version which adds a notification system for outbound connections and an option to create temporary rules.

 

Windows Firewall Control requirements

Windows Firewall Control is compatible with 32-bit and 64-bit versions of Windows 7, Windows 8.1 and Windows 10, and the server versions Server 2012 and Server 2016.

The program requires the Microsoft .Net Framework 4.5 or newer. Windows Firewall needs to be enabled and the same is true for the DNS Client service.

Windows Firewall Control Tips

The Connection Log

You access the connection log with a click on the "View Windows Firewall connections log" icon on the left side of the program's footer toolbar.

A click on refresh list or a tap on F5 on the keyboard loads the last 100 blocked connections on the device sorted in chronological order by default.

You may use it to list blocked or allowed connections, and use filters to customize the output.

The table lists date and time, process ID, name of the program and path on the system, the source and destination address, and more information.

This gives you an overview of the blocked processes on the Windows PC; handy, if you noticed that a program won't connect to the Internet. A right-click on an item displays options to allow or block it, to run verification checks, and to create a custom rule for it.

The verification options give you options to check the file on Virustotal, to run a Whois query (using Who.is), or verify the target IP address (using IP Void).

You may use filters displayed in the sidebar if you get a large number of blocked connections. The filters allow you to change the number of blocked connections the program displays, restrict the data to inbound or outbound connections, use a text filter to list specific programs, ports or IP addresses, or switch the display from blocked to allowed. Note that you do need to refresh the listing after making changes to the available filters.

The connection log gives you an overview of allowed or blocked connections. This is useful for troubleshooting connection issues and to verify connections.

Windows Firewall Rules Panel

The rules panel lists all firewall rules when you open it. Click on the leftmost icon in the application's footer to start it.

Each rule has a colored background that indicates allowed (green) or blocked (red) connections. Rules list application names and paths, and parameters such as local or remote ports, addresses, and the network location.

Here is what you can do on the screen:

• Delete rules with a tap on the Delete key.
• Use the "show invalid rules" option to only list rules that are not valid, e.g. rules for programs that are no longer installed.
• Use the "show duplicate rules" option to show dupes.
• Change the action from allow to block and vice versa.
• Edit rules.
• Open file location or verify file on Virustotal.
• Import or export rules.

Notifications

Only the registered version supports notifications which list outbound connection attempts. Windows Firewall Control supports three different notification settings:

• Display notifications to prompt users whenever outbound connections are blocked.
• Learning Mode which allows outbound connections for digitally signed programs but displays notifications for unsigned applications.
• Disabled which turns off notifications.

The notifications interface lists additional preferences. You may define programs or folders for which you don't want notifications to be displayed by Windows Firewall Control, and define for how long the notification is displayed. The time limit for temporary rules can be changed in the preferences as well.

Temporary rules are useful if you want to allow or block a connection temporarily. The notification prompt displays the three permanent options as text and the temporary options to the right as icons only. It is easy enough to overlook the temporary options.

While you can left-click to perform the temporary action right away, you can right-click to set a custom period for the temporary rule.

Security

The most recent version of Windows Firewall Control supports three security settings which protect against tampering and may block connections during shut down or boot.

• Secure Boot changes the profile to High Filtering (block anything) at system shutdown and system start until you switch the profile manually.
• Secure Rules protects rules against outside tampering.
• Secure Profile protects the Windows Firewall state against tampering as firewall rule imports and filtering mode changes are only allowed through the application.

Tools

A click o tools displays links to native Windows administrative tools like the Event Viewer or Resource Monitor, and options to run various checks using online services.

You may use the tools for the following tasks:

• Check the reputation of an IP using one of three integrated services.
• Scan a file based on its SHA256 hash using one of two different antivirus scanning services.
• Run a whois query using one of four integrated whois services.
• Check port information.

Now You: Did we miss a tip?