Firewall setup?

Page 1 of 2 12 LastLast
  1.    19 Apr 2018 #1

    Firewall setup?


    I'm following this Windows 10 hardening guide and they recommend turning outbound blocking on. My question is once I have set outbound connections to blocked for each profile why do the outbound rules still show as allowed? The rules in the green box are ones that I've created.

    Click image for larger version. 

Name:	Firewall.png 
Views:	31 
Size:	280.2 KB 
ID:	185318
      My ComputerSystem Spec

  2. TairikuOkami's Avatar
    Posts : 3,580
    Home 1809 x64 10.0.17763.288
       21 Apr 2018 #2

    Kol12 said: View Post
    I have set outbound connections to blocked for each profile why do the outbound rules still show as allowed?
    You have to either remove the rules or set them to block. Default deny - what is not allowed, is blocked.
    Attached Thumbnails Attached Thumbnails capture_04212018_112145.jpg  
      My ComputerSystem Spec

  3. Barman58's Avatar
    Posts : 2,864
    Windows 10 Pro x64 1809 - 17763.134 XP/Vista/Win7/Win8.1 in VM for testing
       21 Apr 2018 #3

    Unfortunately, and just my opinion based on experience, I do not rate the Windows Firewall, as it has always seemed not up to the job, others are happy with it ...

    I always recommend Comodo Free firewall to anyone looking for a serious standalone product- It is the same technology as Comodo supply to Professional clients (indeed they state that the reason they supply if free for personal use is to protect their corporate clients from workers with infected devices.)

    It can provide a good protection Out of the Box, but with a bit of effort in learning the way it is customised can provide Professional level protection , tailored to your needs. There is a learning Curve which can be steep, but once understood the knowledge will transfer to other products. It includes several levels of automation, including a learning mode which you can run for a while and will ask you what you want to do with each attempt to send or receive data, and write the rules based on your reply. it contains a lockdown mode for emergency use and an all off mode for testing.

    There are also some great firewalls included with the top Anti Malware suites, I myself do not use the Comodo firewall, any longer, after many years of use, as I run the Pro paid version of Bitdefender which includes an excellent firewall system
      My ComputerSystem Spec

  4. TairikuOkami's Avatar
    Posts : 3,580
    Home 1809 x64 10.0.17763.288
       21 Apr 2018 #4

    Barman58 said: View Post
    Unfortunately, and just my opinion based on experience, I do not rate the Windows Firewall, as it has always seemed not up to the job,
    Indeed. Besides, any software with admin rights, even some malware, can add/changes rules at will, regardless of what the user wants. Not to mention, that WF does not display any notifications for outbound, because by default, it is supposed to be allowed. WF is anything, but user friendly.
      My ComputerSystem Spec

  5.    21 Apr 2018 #5

    When outbound connections is set to allow is basically every app and service allowed through the firewall? What are the existing apps/services with green ticks next to them? Microsoft defaults? Why is it that many apps and services don't show in the outbound rules? For example the ones I manually added in the green box? This makes me think that when outbound is set to allow it just allows every app through and does not need to show it in the outbound list is that correct?
      My ComputerSystem Spec

  6. TairikuOkami's Avatar
    Posts : 3,580
    Home 1809 x64 10.0.17763.288
       21 Apr 2018 #6

    Kol12 said: View Post
    When outbound connections is set to allow is basically every app and service allowed through the firewall?
    Yes, but if you have only trusted apps installed, it is not really an issue.

    Kol12 said: View Post
    What are the existing apps/services with green ticks next to them? Microsoft defaults?
    Yes. You can remove those, you do not need. In case of problems, you can always reset it to default.
    Code:
    netsh advfirewall reset
    My ruleset for comparison (I have removed all default rules):

    Click image for larger version. 

Name:	capture_04212018_130419.jpg 
Views:	19 
Size:	224.6 KB 
ID:	185430

    Kol12 said: View Post
    Why is it that many apps and services don't show in the outbound rules?
    Some apps can use Windows processes to connect, like svchost.exe, and some can connect via allowed processes hijacking them. Zone Alarm or Comodo Firewall would prevent that.

    If you want to use Windows Firewall, it is better to get a usable GUI for it.
    Glasswire has a really nice one and you can easily see, what is going on.
    Windows 10 Firewall Control displays alerts, so you can easily manage it.
      My ComputerSystem Spec

  7.    22 Apr 2018 #7

    I'll probably have some more questions as I get into the firewall so would be grateful for anyone who wants to stick around. Need to take this one slow. :)
      My ComputerSystem Spec

  8.    23 Apr 2018 #8

    Kol12 said:
    When outbound connections is set to allow is basically every app and service allowed through the firewall?



    TairikuOkami "Yes, but if you have only trusted apps installed, it is not really an issue."

    Does this mean that when I install an app that requires an outbound connection it still won't even show in the outbound rules list when outbound connections is set to allow?


      My ComputerSystem Spec

  9.    23 Apr 2018 #9

    TairikuOkami said: View Post

    My ruleset for comparison (I have removed all default rules):

    Click image for larger version. 

Name:	capture_04212018_130419.jpg 
Views:	19 
Size:	224.6 KB 
ID:	185430

    Is there nothing at all from the default Microsoft rules that you wanted to keep enabled? Some of the rules I don't understand and why they require and outbound connection, namely some of the core networking ones. What are the rules that are disabled by default and why are they disabled?
      My ComputerSystem Spec

  10. TairikuOkami's Avatar
    Posts : 3,580
    Home 1809 x64 10.0.17763.288
       23 Apr 2018 #10

    Kol12 said: View Post
    Is there nothing at all from the default Microsoft rules that you wanted to keep enabled?
    No. If I need something, I enable outbound temporarily and the disable it again with commands:
    Code:
    netsh advfirewall set PublicProfile firewallpolicy blockinboundalways,allowoutbound
    netsh advfirewall set PublicProfile firewallpolicy blockinboundalways,blockoutbound
    Kol12 said: View Post
    Some of the rules I don't understand and why they require and outbound connection, namely some of the core networking ones. What are the rules that are disabled by default and why are they disabled?
    You should keep Core rules for svchost.exe, it is required by Windows updates and also by DNS requests, unless you setup DNS servers manually, like I did. As for the rest, it depends, what software and features you are using, like network sharing, store apps, Windows Defender updates, etc. Some rules are disabled and get enabled, only if you enable related features.
      My ComputerSystem Spec


 
Page 1 of 2 12 LastLast

Related Threads
Every time I start my PC lately, I get a Windows notification that pops up in my action center that says: "Windows firewall and Comodo firewall are both turned off. Tap or click to see available options" Clicking it asks me if I want to turn...
Solved Disable Windows firewall when running 3rd party firewall? in AntiVirus, Firewalls and System Security
Quick question - I use Comodo firewall free edition as I like the functionality and interface. Should I disable Windows firewall since I have Comodo running? If so, how do I do that?
Solved Firewall in AntiVirus, Firewalls and System Security
Does anyone know of a good firewall For windows 10 I know windows firewall works But I would like to use something else. Thanks
Hi I got a problem now. My laptop cant install Windows. This is the story : Im playing games with my laptop for few hours and then my laptop got a crash and then im doing force shutdown. And then im realize that im accidently cause some...
firewall services in AntiVirus, Firewalls and System Security
Latest build. Running ESET free. Anybody else got the same info showing, doesn't appear to be a problem thou. Roy
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:46.
Find Us