New
#1
Unfortunately, and just my opinion based on experience, I do not rate the Windows Firewall, as it has always seemed not up to the job, others are happy with it ...
I always recommend Comodo Free firewall to anyone looking for a serious standalone product- It is the same technology as Comodo supply to Professional clients (indeed they state that the reason they supply if free for personal use is to protect their corporate clients from workers with infected devices.)
It can provide a good protection Out of the Box, but with a bit of effort in learning the way it is customised can provide Professional level protection , tailored to your needs. There is a learning Curve which can be steep, but once understood the knowledge will transfer to other products. It includes several levels of automation, including a learning mode which you can run for a while and will ask you what you want to do with each attempt to send or receive data, and write the rules based on your reply. it contains a lockdown mode for emergency use and an all off mode for testing.
There are also some great firewalls included with the top Anti Malware suites, I myself do not use the Comodo firewall, any longer, after many years of use, as I run the Pro paid version of Bitdefender which includes an excellent firewall system
Indeed. Besides, any software with admin rights, even some malware, can add/changes rules at will, regardless of what the user wants. Not to mention, that WF does not display any notifications for outbound, because by default, it is supposed to be allowed. WF is anything, but user friendly.
When outbound connections is set to allow is basically every app and service allowed through the firewall? What are the existing apps/services with green ticks next to them? Microsoft defaults? Why is it that many apps and services don't show in the outbound rules? For example the ones I manually added in the green box? This makes me think that when outbound is set to allow it just allows every app through and does not need to show it in the outbound list is that correct?
Yes, but if you have only trusted apps installed, it is not really an issue.
Yes. You can remove those, you do not need. In case of problems, you can always reset it to default.
My ruleset for comparison (I have removed all default rules):Code:netsh advfirewall reset
Some apps can use Windows processes to connect, like svchost.exe, and some can connect via allowed processes hijacking them. Zone Alarm or Comodo Firewall would prevent that.
If you want to use Windows Firewall, it is better to get a usable GUI for it.
Glasswire has a really nice one and you can easily see, what is going on.
Windows 10 Firewall Control displays alerts, so you can easily manage it.
I'll probably have some more questions as I get into the firewall so would be grateful for anyone who wants to stick around. Need to take this one slow. :)
Kol12 said:
When outbound connections is set to allow is basically every app and service allowed through the firewall?
TairikuOkami "Yes, but if you have only trusted apps installed, it is not really an issue."
Does this mean that when I install an app that requires an outbound connection it still won't even show in the outbound rules list when outbound connections is set to allow?
Is there nothing at all from the default Microsoft rules that you wanted to keep enabled? Some of the rules I don't understand and why they require and outbound connection, namely some of the core networking ones. What are the rules that are disabled by default and why are they disabled?
No. If I need something, I enable outbound temporarily and the disable it again with commands:You should keep Core rules for svchost.exe, it is required by Windows updates and also by DNS requests, unless you setup DNS servers manually, like I did. As for the rest, it depends, what software and features you are using, like network sharing, store apps, Windows Defender updates, etc. Some rules are disabled and get enabled, only if you enable related features.Code:netsh advfirewall set PublicProfile firewallpolicy blockinboundalways,allowoutbound netsh advfirewall set PublicProfile firewallpolicy blockinboundalways,blockoutbound