Windows 10 Firewall Control is a paid firewall solution by Sphinx Software. In this review, we will check if it’s worth to buy it and how if it competes against WFC by Binisoft. So, enough introduction – let’s check it!
The latest download links for the final versions are always available under the same URL. There several versions available, the Plus version and the Cloud version are the versions with the most functions.
- Basic (i386+x64)
- Plus (i386+x64)
- Network/Cloud (i386+x64)
- Free (i386+x64)
- Free Portable
- Plus Portable
The program has a trial period, keep this in mind because you need a key (license) in order to use the program. There is also a Free version available, but it has so less feature that’s not worth to be installed and you better use another product or the Windows own firewall instead and that’s the reason why I review only the Plus version.
An overview which version has which functions is given here or check the picture above. The little ‘buy’ icon brings you to a page where you can securely buy the product. The single license for the Plus version costs you around 29.95 USD right now which is not really cheap.
- DNSv6 support (the entire IPv6 does not require any modifications)
- Programs::Time column reflects last changed time.
- Settings::Protect System applications automatically duplicates the same setup option for the runtime management.
- Settings::Protect Sibling applications automatically allows to partially (or completely) avoid multiple entries in the Programs list, such as (1) (2) etc
- When a mutable installer changes its path Windows10FirewallControl detects sibling applications automatically (if the option is checked) and adds (lists) new sibling application with the zone applied to the previous sibling.
- If the previous sibling does not exist anymore, the related Programs list entry is silently removed.
The program itself is underrated, that’s for sure, it does have a complete documentation together with an F.A.Q. The official forum should answer the rest of the questions. The original name was Vista Firewall Control and got renamed to Windows 10 Firewall Control in order to avoid some confusion.
Windows 10 Firewall Control is closed source software but that’s not a problem in my opinion because I haven’t heard anything negative about the product nor was there a leak which showed that the developer couldn’t be trusted.
The first installation or an upgrade usually requires you to restart your Windows, so that the Firewall can start it’s background service, speaking about it, the Firewall can also work independent from Windows own Firewall, as explained over here in detail.
Working with the Popup Notification
The reason why you want an external Firewall is that it’s easier to work with or if you don’t like the Windows integrated Firewall for whatever reasons. The Popup screen is the screen you might see the most or the one you work the most with.
In this example the Mega application wants to request internet permission/connections in order to allow the Mega Updater program we simply can work with the pre-given Zone in this screen ‘EnableAll’ or we choose another zone. If you’re not sure which zone you need, temporarily allow the application once, open the logs and check if it contains P2P, normal Web traffic (Port 80,443 [WebZone]) or other protocols. You then can choose the Zone. If you made a mistake or want to change this, simply go to the Programs tab, right click on the application and press ‘Edit’ in order to correct or change your rules/zone.
This Window also gives you advance information, you see the application path, some more details, the icon and more. The Firewall also allows you to block entire IP-ranges, it’s greyed out by default unless you create an own Zone to block a specific range.
By default, the ‘hidden’ Zones are not visible unless you check ‘Show Advised/Recommended Zones Only’. If this is unchecked you get access to more advance Zones which are in 99% are not needed.
The ‘Manage Logging of Allowed Events automatically’ option controls if you like to enable logging for this application or not. If you did not check it the application doesn’t appear in any connection or log-file. This gives you more control over which application you like to check, which is useful if you unsure which connection you should allow or which connections are caused by this application.
Working with the pre-configured rules are easy just edit them and decide if you like to enable, disable or change it’s rules. You can add your own rules and filters for blocking specific domains, this is far better and more effective than blocking something through the Windows HOSTS file. It also doesn’t require as much ram since you not need to parse thousands of line, you simply add *.ads to it and then it blocks every domain which contains.ads in it’s name.
Cloud and Agent Feature
The new Agents feature among with the cloud functionality was added in version 8. This is mostly relevant if you are working with VMware’s or lik to sync and merge multiple machines over your network.
The Agents and Cloud Tabs on the left side are hidden unless you installed the Cloud versions, it adds a function to control/monitor multiple PC’s
Like the name suggest, this shows all Events which happened, if you allowed or blocked a program, it works similar to Windows Event system, by showing you what happened.
Zones are some kind of pre-configured sets of restrictions, you can allow or disallow in your zone IP’s, network interfaces, addresses etc.
This feature allows you to sync your settings or change your rules which are set in your router, in order to avoid going manually each time to your router web interface, it also acts like an overview to see if and which rules are set.
The connections Windows shows you (same like netstat) quickly some information which ports are opened, which program currently are connected to which domain and a timestamp in order to see when this connection was established.
You can import and export your settings, protect the Firewall with a password if you like. All other options are pretty much self-explaining, the important things are that the default settings are almost good to go, it’s set to ‘DisableAll’ in order to block by default all connections unless you manually approved it.
The only thing which is missing compared to WFC is that there is no option to protect your rules from being manipulated or overridden by another application, however it’s not needed because every request is shown by a popup, even right after you started Windows and applications without admin rights or (if set) the W10FC password, they simply don’t get any access to it.
End of Trial period
Once the testing period is over you see this dialog, which also comes each time in front of your eyes when an unknown application (the ones which aren’t in your list already) is detected or tries to communicate. You then can activate the program or press the ‘Close’ button in order to continue the program in a reduced functionality mode.
The always same question .. what is better WFC or W10FC?
I make it short, Windows 10 Firewall Control is better if it’s more expensive due the following reasons:
- WFC is depending on Windows DNS mechanism and Firewall filtering system in order to display events or to filter something, this means some events aren’t accurate filtered. This is however not WFC developer fault, it’s a limitation coming from Windows, some applications still allow to ‘bypass’ WFC (Windows Firewall) especially if you’re behind a VPN/Proxy and ‘forgot’ to block something via HOSTS file.
- W10FC does allow you to block domains, this is a killer feature while WFC only allows you to block IP’s or IP-ranges. The domain, filtering feature also has regular expression support and comes with some pre-configured examples to block e.g. Windows Telemetry or Mozilla’s Telemetry, however you can archive similar result with WFC but working with domain’s and regular expressions is easier and doesn’t requires you to work and monitor 100+ IP’s and since IP’s might change from time to time it’s not a good advice to block IP’s (only).
- Zones. Windows integrated Zone mechanism is lacking functions, so it mostly ends-up with creating own rules, this is annoying in WFC/Windows. WF10C comes with pre-configured rulesets aka Zones which quick and easy allow you to specify a Zone, which is useful if you like to allow/block something for a specific IP/Domain range or based on the interface (wifi, VPN, etc).
- Port Forwarding function. WFC/Windows makes it more complicated to work with port forwarding since you have to create more rules in order to allow a port. This is easier in W10FC since it has the ability to sync your settings with your router directly. So you can monitor, or change the port forwarding rules directly without going through your router interface.
- Connection state. This is far better than in WFC, since WFC is depending on Windows Events (which are not always 100% accurate), the state in W10FC shows you in detail which connections are currently allowed/blocked or listening, it’s similar function compared to netstat.
- WFC can’t handle %TMP% extracted files, once an external application extracts another file, let’s say each restart into this folder you will get a popup to unblock it each restart, even if the digital signature and checksum is exactly the same.
Windows 10 Firewall Control isn’t cheap but it’s definitely worth. The license model is in my opinion bullshit, the discount should give you a real benefit but most of the time you pay the same price if there is a discount or not.
The default settings are not good, the annoying sound it makes on every connection scares each time I test the application the shit out of me, disabling it solves it but that should definitely be changed or be disabled by default.
Annoying ‘ballons’ the little yellow balloons which are made to show which connections are active are same as the warning sound nothing but useless and annoying. This also can be disabled and in my opinion, it should become disabled by default cause you anyway get a big popup in order to decide if you like to allow the application or not (default selection is disabled, which makes sense for a firewall). The rest of all connections can be seen in the log file so you don’t need any yellow balloon which tells you for 1 second that Firefox is making a connection.
The Taskbar option should be disabled by default because you like to use the program in the tray instead of seeing the shield icon all the time in the taskbar, it’s kind of useless because you configure only once all your apps and then it (theoretically) don’t bother you unless you install new applications in order to allow or disallow it.
The ‘registration required’ dialog or function is sometimes not working, you can bypass it by pressing the refresh button (F5) or go to an entry and right-click on it and then press ‘Edit’ so you still can access your rules. I guess this behavior simply needs to be corrected in order to ensure that you have no ‘unlimited’ trial period.
Windows 10 Firewall Control gets my full recommendation, it’s not cheap but it’s worth the price I guess in order to support further development. The application doesn’t contain any ads, you can test it in a reduced functionality version and the function it has to offer are really good. The application size is small and it doesn’t need many resources. It has some benefits over Binisoft’s Windows Firewall Control GUI.
However, the program is not perfect, the interface looks a bit old and the nag screen you get after the testing period is over needs to be improved but it’s nothing that can’t be changed in the next versions. The firewall and it’s functionality is underrated because no one seems to read the documents and FAQ and a lot of people think this firewall is too complicated, it’s definitely not like every firewall it takes some time to fully understand all of it’s functions.
A free alternative I can recommend is Comodo’s Firewall. Other Windows Firewall’s (I tested them all) can’t get my recommendation because they’re often too heavy on your system’s resources, expensive or lacking some important functions.
If you like Windows 10 Firewall than go with WFC from Binisoft because the best application doesn’t help anyone if he is not able to control/understand it and then you better stick to the basics.