Lets create a WFC clone, using C# too. I know the inner workings... can show you how to do this in a manual way
@drunkturtle thanks for the update, love the program - simple and super easy to edit/import/export rules. I already had some alternatives like running wf.msc and adding/editing rules manually and using batch files to block all exe's in a folder: Code: for %%G in ("C:\program folder\*.exe") do ( netsh advfirewall firewall add rule name="Blocked no internet %%G" dir=in action=block program="%%G" enable=yes profile=any netsh advfirewall firewall add rule name="Blocked no internet %%G" dir=out action=block program="%%G" enable=yes profile=any )
Windows Firewall Control is free now. The change log of the new released version mention "New: The notifications system is now available for free and the program does not require activation anymore."
Yes, with added telemetry to see what the user base is like. Depending on this, development may or may not continue and the free should be considered short-term.
Development wouldn't continue for the current Free Standalone version alexandrud and MBytes has released. Yet they will keep developing WFC as an integral part of MBAM. And regard the "WFC Free should be considered in the short-term", well he, alexandru told me: So apparently there's no short-term for the free standalone version. But yes yes I know... Only time will tell. In the meantime, enjoy the Free Standalone WFC. Also block its telemetry infrastructure if you like cause there are so many other variables that would make MBytes changes its mind anytime.
WFC remains excellent, there's no real reason for its current users to abandon it. If Malwarebytes messes more with it, I might consider the switch.
Downloaded the msi installer saw the broken digital signature (2010), now how an outdated firewall could possibly be good or compatible for current OSes?
It is easy to build an app like Windows Firewall Control It is based on the "Filtering Platform Connection". To get the audit status: (Don't forget to run CMD as Admin) Code: auditpol /get /subcategory:"Filtering Platform Connection" You can turn that on manually via CMD: Code: auditpol /set /subcategory:"Filtering Platform Connection" /success:enable /failure:enable or Code: * Log All auditpol.exe /set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /failure:enable /success:enable * Allowed Only auditpol.exe /set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /failure:disable /success:enable * Blocked Only auditpol.exe /set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /failure:enable /success:disable * Turn Off auditpol.exe /set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /failure:disable /success:disable Then you interface the eventlog with a parser (app) to view the essential stuff. You can view this in the event log: eventvwr.msc EventViewer -> Security -> Look for (Event IDs for "Audit Filtering Platform Connection") + IDs to identify for Allowed and blocked connections: 5154—Listen permitted 5155—Listen blocked 5156—Connection permitted * --> This is key 5157—Connection blocked * --> This is key 5158—Bind permitted 5159—Bind blocked Code: View in powershell, for example: to retrieve the latest 5 blocked Get-WinEvent -FilterHashtable @{LogName='Security';ID='5157'} -MaxEvent 5 | Out-GridView