Firewall setup?

Page 1 of 2 12 LastLast

  1. Posts : 2,979
    Windows 11
       #1

    Firewall setup?


    I'm following this Windows 10 hardening guide and they recommend turning outbound blocking on. My question is once I have set outbound connections to blocked for each profile why do the outbound rules still show as allowed? The rules in the green box are ones that I've created.

    Firewall setup?-firewall.png
      My Computer


  2. Posts : 5,439
    Windows 11 Home
       #2

    Kol12 said:
    I have set outbound connections to blocked for each profile why do the outbound rules still show as allowed?
    You have to either remove the rules or set them to block. Default deny - what is not allowed, is blocked.
    Attached Thumbnails Attached Thumbnails Firewall setup?-capture_04212018_112145.jpg  
      My Computer


  3. Posts : 4,201
    Windows 10 Pro x64 Latest RP
       #3

    Unfortunately, and just my opinion based on experience, I do not rate the Windows Firewall, as it has always seemed not up to the job, others are happy with it ...

    I always recommend Comodo Free firewall to anyone looking for a serious standalone product- It is the same technology as Comodo supply to Professional clients (indeed they state that the reason they supply if free for personal use is to protect their corporate clients from workers with infected devices.)

    It can provide a good protection Out of the Box, but with a bit of effort in learning the way it is customised can provide Professional level protection , tailored to your needs. There is a learning Curve which can be steep, but once understood the knowledge will transfer to other products. It includes several levels of automation, including a learning mode which you can run for a while and will ask you what you want to do with each attempt to send or receive data, and write the rules based on your reply. it contains a lockdown mode for emergency use and an all off mode for testing.

    There are also some great firewalls included with the top Anti Malware suites, I myself do not use the Comodo firewall, any longer, after many years of use, as I run the Pro paid version of Bitdefender which includes an excellent firewall system
      My Computers


  4. Posts : 5,439
    Windows 11 Home
       #4

    Barman58 said:
    Unfortunately, and just my opinion based on experience, I do not rate the Windows Firewall, as it has always seemed not up to the job,
    Indeed. Besides, any software with admin rights, even some malware, can add/changes rules at will, regardless of what the user wants. Not to mention, that WF does not display any notifications for outbound, because by default, it is supposed to be allowed. WF is anything, but user friendly.
      My Computer


  5. Posts : 2,979
    Windows 11
    Thread Starter
       #5

    When outbound connections is set to allow is basically every app and service allowed through the firewall? What are the existing apps/services with green ticks next to them? Microsoft defaults? Why is it that many apps and services don't show in the outbound rules? For example the ones I manually added in the green box? This makes me think that when outbound is set to allow it just allows every app through and does not need to show it in the outbound list is that correct?
      My Computer


  6. Posts : 5,439
    Windows 11 Home
       #6

    Kol12 said:
    When outbound connections is set to allow is basically every app and service allowed through the firewall?
    Yes, but if you have only trusted apps installed, it is not really an issue.

    Kol12 said:
    What are the existing apps/services with green ticks next to them? Microsoft defaults?
    Yes. You can remove those, you do not need. In case of problems, you can always reset it to default.
    Code:
    netsh advfirewall reset
    My ruleset for comparison (I have removed all default rules):

    Firewall setup?-capture_04212018_130419.jpg

    Kol12 said:
    Why is it that many apps and services don't show in the outbound rules?
    Some apps can use Windows processes to connect, like svchost.exe, and some can connect via allowed processes hijacking them. Zone Alarm or Comodo Firewall would prevent that.

    If you want to use Windows Firewall, it is better to get a usable GUI for it.
    Glasswire has a really nice one and you can easily see, what is going on.
    Windows 10 Firewall Control displays alerts, so you can easily manage it.
      My Computer


  7. Posts : 2,979
    Windows 11
    Thread Starter
       #7

    I'll probably have some more questions as I get into the firewall so would be grateful for anyone who wants to stick around. Need to take this one slow. :)
      My Computer


  8. Posts : 2,979
    Windows 11
    Thread Starter
       #8

    Kol12 said:
    When outbound connections is set to allow is basically every app and service allowed through the firewall?



    TairikuOkami "Yes, but if you have only trusted apps installed, it is not really an issue."

    Does this mean that when I install an app that requires an outbound connection it still won't even show in the outbound rules list when outbound connections is set to allow?


      My Computer


  9. Posts : 2,979
    Windows 11
    Thread Starter
       #9

    TairikuOkami said:

    My ruleset for comparison (I have removed all default rules):

    Firewall setup?-capture_04212018_130419.jpg

    Is there nothing at all from the default Microsoft rules that you wanted to keep enabled? Some of the rules I don't understand and why they require and outbound connection, namely some of the core networking ones. What are the rules that are disabled by default and why are they disabled?
      My Computer


  10. Posts : 5,439
    Windows 11 Home
       #10

    Kol12 said:
    Is there nothing at all from the default Microsoft rules that you wanted to keep enabled?
    No. If I need something, I enable outbound temporarily and the disable it again with commands:
    Code:
    netsh advfirewall set PublicProfile firewallpolicy blockinboundalways,allowoutbound
    netsh advfirewall set PublicProfile firewallpolicy blockinboundalways,blockoutbound
    Kol12 said:
    Some of the rules I don't understand and why they require and outbound connection, namely some of the core networking ones. What are the rules that are disabled by default and why are they disabled?
    You should keep Core rules for svchost.exe, it is required by Windows updates and also by DNS requests, unless you setup DNS servers manually, like I did. As for the rest, it depends, what software and features you are using, like network sharing, store apps, Windows Defender updates, etc. Some rules are disabled and get enabled, only if you enable related features.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:11.
Find Us




Windows 10 Forums