Welcome
Welcome to vistafirewallcontrol

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

WF + VCF rules combination

WF + VCF rules combination

Postby berix » Thu Apr 18, 2013 10:21 am

Suppose you set up rules with VCF for one given application and set up additional rules with WF for that same application.

  • Are rules set up by both WF and VCF 'control panels' directly combined in the Windows Filtering Platform (WFP)?
  • Is there a precedence for the rules from WF over the rules from VCF or the other way around?
  • What is the resulting filtering?
berix
 
Posts: 4
Joined: Thu Apr 18, 2013 8:34 am

Re: WF + VCF rules combination

Postby VistaFirewallControl » Thu Apr 18, 2013 10:52 am

>Are rules set up by both WF and VCF 'control panels' directly combined in the Windows Filtering Platform (WFP)?

The “combined” is not a precise definition actually. However all the rules participate in the filtering. But the participation is independent.

>Is there a precedence for the rules from WF over the rules from VCF or the other way around?

The VCF (W7FC) rules are generated to be on-the-top, to be analyzed first.
But the priority may not be precise. Actually the precedence is not determinative. Please see below

>What is the resulting filtering?

Any disabling rule (in spite of whether W7FC or WF takes precedence) makes final disabling result. So any matching disabling rule is enough to reject the connection attempt.
Any enabling rule is just the reason (for WFP) to iterate further up to a disabling rule is found or up to the rules set is over.
The behavior is determined by WFP.
So to enable an application the application must be enabled by all the firewalls, to disable a single disabling matching rule is enough.
Needless to say that WF and W7FC have blocking rules that matches all the applications.
So practically “not enabling evidently” means disabling
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am

Re: WF + VCF rules combination

Postby glientsc » Sat Aug 08, 2015 8:44 am

So, do I get that right?:
If I choose "Enable All" for a specific program in Windows 10 Firewall Control, where the native Windows Firewall would block a specific network connection by default if W10FWC were not installed, this specific network connection is disallowed? I.e. choosing "Enable All" does not compromise my security compared to if I only would rely on the native WF and W10FWC were not installed?
Will probably buy the Plus version... Hope for a quick answer!
glientsc
 
Posts: 1
Joined: Sat Aug 08, 2015 8:35 am

Re: WF + VCF rules combination

Postby VistaFirewallControl » Sat Aug 08, 2015 6:52 pm

Actually setting EnableAll for an app is equal to W10FC not installed for the app.
In this case the final permission will depend on WF setting for the app.

Extra info:
Regarding WF you should take into account that WF may have some embedded (auto generated) rules to implement the WF policy. Such rules are typically disabling. No hidden enabling will be done fortunately. However it’s pure WF (not W10FC) behavior.
Also, if your WF rules set is complex you may have overlaying rules with undetermined priority.
For instance
WF Rule 1 opens a port for all the apps.
WF Rule 2 closes the same port for a specific app.
If the app operates with the port, there is no documented way to determine what rule will determine the final permission. Maybe the priority is taken from the rules creation sequence, maybe not.
If Rule 1 triggers first, the app will be enabled on the port.
If Rule 2 triggers first, the port will be disabled for the app.
So please try to avoid the rules overlaying.
W10FC rules priorities are strict and pretty documented.
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am


Return to Free vs. Plus -- VFC vs. Windows built-in firewall

Who is online

Users browsing this forum: No registered users and 0 guests

cron
suspicion-preferred