Windows' default antivirus and firewall are more than enough for most people. However, if there's one thing they lack, that's customizability. And that's where Malwarebyte's Windows Firewall Control can help.

Although it doesn't accompany Microsoft's OS, Windows Firewall Control (or WFC for short) could be part of it. That's because it's not a standalone firewall solution. Instead, it's a front-end that exposes the Windows firewall's functionality through an easily accessible interface.

So, let's see how you can use it to control the Windows firewall and anything that connects to and from your PC.

Is the Windows Firewall Enough?

In classic Microsoft tradition, the firewall that comes with Windows is more than adequate for most people. Yes, it may lack some advanced features. However, if you're among those who need them, you're probably already using a pro-level solution. We've covered both cases in the past by pitting the Windows (Defender) Firewall against pfSense. Check that article for more on how Windows Firewall fares against more full-featured solutions.

For everyone else, the main problem with the firewall that accompanies Windows is its interface. It's almost non-existent, hidden under the convoluted "Settings" mess that Microsoft's still trying to streamline. Instead of managing to allow or block an app from connecting to the net with it, it's easier to start training for a triathlon.

Windows Firewall Control solves precisely that problem, not by offering an alternative solution, but by acting as a more "sanely designed" interface for Windows firewall's functionality. In other words, the firewall's "core" remains the same, and WFC controls the "shell".

Before going on, we should acknowledge that some wonder if there's a point in using a firewall in the first place. We can offer at least a few reasons why you should use a firewall. So, the short answer is "yes", and with Windows Firewall Control it can be easy.

How to Download and Install WFC

To get started, visit WFC's official site, and notice the download links on the sidebar on the right. Choose the link you prefer, download the app, and install it.

Windows Firewall Control Official Download

We suggest you leave the installation's default options as they are. Apart from the installation path, the three extra options:

  • Create program shortcuts in the Start Menu and on the Desktop.
  • Set WFC to run automatically at user logon.
  • Create some recommended rules.
Windows Firewall Control Installation

How to Control Security Level With Profiles

With WFC installed, up, and running, you're set. You don't have to overthink about your firewall during typical office-related daily computer use. The predefined default rules help with that.

Do you want to increase or drop your level of security quickly? WFC enables you to do it instantly by switching profiles. First, find its icon on the Windows tray.

Windows Firewall Control Icon on Tray

Right-click on it, and from the pop-up menu that shows up choose your desired security level from Profiles.

Windows Firewall Control Profiles

Configuring Windows Firewall Control

If you want more control over how your PC communicates with other devices, you should check WFC's main panel. A single click on WFC's tray icon will have its main window pop up on your screen.

Windows Firewall Control WFC Main Panel

Move to the Profiles and choose the one you want to set as your default.

It's more secure to create rules for your software instead of temporarily switching to lower filtering. If, though, you prefer this approach, it's worth enabling Automatically set PROFILE after X minutes. Then, customize the "profile" and "x" fields to complete that sentence as you like.

Windows Firewall Control Main Panel Profiles

This way, when you switch to a less secure profile to test a piece of software, WFC will revert to the default, higher security profile after the time you define.

Windows Firewall Control Main Panel Profiles Auto Switch Enabled

WFC doesn't present any notifications by default since they can quickly become annoying. If you don't mind that, visit Notifications, which should be set to Disabled. Choose Display notifications instead.

Windows Firewall Control Main Panel Notifications

You can enable WFC's Learning mode from the same spot. In this mode, WFC automatically shows notifications for unsigned programs but automatically creates outbound allow rules for any digitally signed program.

You can enable this mode and then take your favorite apps for a test drive, like Word, Photoshop, Krita, GIMP, etc. WFC will (or, at least, should) create rules for them automatically, in what is the easiest way to customize it. Remember to disable Learning mode afterward.

Move to Options to enable WFC's Shell Integration, to add shortcuts for easy rule creation on the right mouse button's context menu. You'll then be able to right-click on any executable and choose if you want to grant it network access.

Windows Firewall Control Main Panel Options

You can also change WFC's User interface language or define hotkeys for instant access to its various panels.

We'll skip both Rules and Security for this tutorial since we'll see a quicker and easier way to create basic rules for any app later on. We suggest you don't experiment with the options you'll find there unless you know what you're doing.

Windows Firewall Control Main Panel Rules

How to Perform Easy App Control Through the Connections Log

With Windows Firewall Control, you don't need to create detailed rules for all your applications manually. You can instead go for the following much more straightforward approach.

First, set your filtering level to the recommended Medium. This allows only trusted software to access the network, forbidding everything else from connecting anywhere.

With that level, many of your apps or games might fail to connect to the Internet, access local shares, etc. That's positive, for it means WFC works, your network is secure, and no untrusted app will have network access if you don't want it to. But what if you do want a piece of software to access the network?

Right-click on WFC's tray icon and choose the Connections Log. You'll see a mostly empty panel appear on your screen.

Windows Firewall Control Connections Log

Hit F5 on your keyboard or choose Refresh list from the Actions panel on the right of the window. After a while, WFC's Connections Log panel will show a list of all software that tried to communicate through your network connections.

Windows Firewall Control Connections Log Refresh List

Want to quickly create a permanent rule for allowing or denying access to anything on that list? Right-click on an entry and choose Allow this program or Block this program depending on whether you want it to have access.

Windows Firewall Control Connections Log Allow This Program

Customize and create allows you to manually edit and create such a rule, offering more control, for example, over which ports the app will be able to connect through, etc.

The rest of the options help find more details about the selected executable, the network nodes with which it's trying to communicate, and finding and managing related rules.

Absolute Control With Custom Rules

Many books have been written on managing networks, firewalls, and configuring how software should connect "through" them. That's why we decided not to go over such topics in detail for this article. If, however, you want to try your hand at manually creating such rules for your software with WFC, a very generalized version of the process goes like this:

To create a rule from scratch, right-click on WFC's icon, go for its Rules Panel, and click on Blank rule under Create new rule, from the options on the right.

Alternatively, as we saw in the previous section, choose to Customize and create a rule for any software on WFC's Connections Log. Similarly, to edit an existing rule, right-click on it from WFC's Rules Panel and choose Properties.

Windows Firewall Control Rules Panel

Choose the app for which you're creating a rule from Program (if the correct one isn't already selected). You can also define its Name, Group, and Description, but the essential bits are what comes up right next.

Check the options under Protocol and ports to define the correct networking Protocol, Local ports, and Remote ports that the app will be allowed (or not) to use.

From the right column of options, you can state the Local addresses and Remote addresses the selected software will be either allowed or denied from reaching. You should leave both those options set to Any in most cases.

Under Direction, you can define if the rule will be about Inbound or Outbound connections.

You can disambiguate the whole "will or will not" we kept mentioning from Action by choosing one or the other. From that spot, you choose if you are or are not allowing the app to do what you described in the rule.

Windows Firewall Control Connection Rule Properties

Finally, you can also choose if the rule will apply to all or specific Interface types. You can, for example, have different rules for communications through the Ethernet cable connection you usually use when at home and the WiFi you rely on when out and around.

With a click on Apply, congratulations, you've just created a networking rule!

Staying Safe With Windows Firewall Control

As we saw, staying safe with Windows Firewall Control is ridiculously simple. If you want, you can dive into its settings and customize everything. However, for most users, its predefined profiles are more than enough, with the occasional almost automatic rule creation here and there.

Who'd have thought that the built-in Windows firewall could be so versatile?