Windows Defender Firewall (WFC) and VPN

Discussion in 'Windows 10' started by shtman, Nov 27, 2019.

  1. shtman

    shtman MDL Novice

    Aug 2, 2015
    7
    2
    0
    #1 shtman, Nov 27, 2019
    Last edited: Nov 27, 2019
  2. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,037
    986
    60
    #3 CHEF-KOCH, Nov 28, 2019
    Last edited: Nov 28, 2019
    Make sure you remove the useless .dll files (mbcut.dll, mbcut32.dll, Newtonsoft.Json.dll) in WFC folder, those bishes submitting telemetry. You need to disable (temporarily) stop the WFC service first.
     
  3. shtman

    shtman MDL Novice

    Aug 2, 2015
    7
    2
    0
    #4 shtman, Nov 28, 2019
    Last edited: Nov 28, 2019
    (OP)
    thanks! closing main application was enough

    shows processes as it shows in WFC log. Each application, which are either blocked or have no rules set, still passes through. Only VPN requires rules to make first connection.

    Also tried openVPN with its own tap driver it works as intended filtering applications even with connection established
     
  4. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,037
    986
    60
    You can remove them (or backup them by renaming them from xyz.dll to xyz.dll.bak) I corrected my post because I accidentally copy & pasted my back'ed up file names instead of the original untouched file names (it's already corrected).
     
  5. shtman

    shtman MDL Novice

    Aug 2, 2015
    7
    2
    0
    realised that later as well :oops:
     
  6. TairikuOkami

    TairikuOkami MDL Addicted

    Mar 15, 2014
    887
    779
    30
    Are they connecting to the internet or to the localhost (127.0.0.1)?
     
  7. shtman

    shtman MDL Novice

    Aug 2, 2015
    7
    2
    0
    Internet

    Code:
    Process | ID | Process | Name | Protocol | Local Port | Local Address | Remote Port | Remote Port Name | Remote Address | Received Packets | Sent Packets |
    1612 | browser.exe | TCP | IPv4 | 50463 | 10.8.1.33 | 443 | https | 104.17.49.74 | 25 | 5
    1844 | svchost.exe | UDP | IPv4 | 61393 | 10.8.1.33 | 53 | domain | 103.246.19.99 | 1 | 1
    1832 | NordVPN.exe | TCP | IPv4 | 50464 | 10.8.1.33 | 8884 | 3.207.104.219 | 42 | 22
     
  8. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,037
    986
    60
  9. shtman

    shtman MDL Novice

    Aug 2, 2015
    7
    2
    0
    That's how I tested and openVPN works fine. I guess I'll take inconvenience with security for now...
    will check PrivWin10, seems in active development!
     
  10. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,037
    986
    60
    Please only use OpenVPN because it got audited, is open source and it's very light on system resources/hdd space. When it comes to VPN and stuff only use something which is open source or got audited.

    PrivWin10 is cool, open source, the developer is friendly and helpful and it's really lightweight. He is also here on MDL, so you can ask him at any time. Another alternative (but not open source) would be TinyWall, but it's more for beginners (but does the job overall spoken).

    WFC was good but sadly Malwarebytes took over it, added nothing but s**tty banners and telemetry.
     
  11. shtman

    shtman MDL Novice

    Aug 2, 2015
    7
    2
    0
    VPN service itself was audited by some private company if that means anything, but if you trust a company with your traffic, with their no logs policies, I guess you might as well trust their app. :)
    By default openVPN lacks many features like traffic leak during the drop/reconnect and no access internet without VPN, choosing right/free servers and so on.
     
  12. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,037
    986
    60