How Defender treats deleted apps after restoring default settings


  1. Posts : 145
    Windows 10 Home
       #1

    How Defender treats deleted apps after restoring default settings


    A lot of pre-installed apps that I consider bloatware which included Store apps that can be uninstalled in Apps and Features, as well as bloatware device Manufacturer apps, were pre-installed by Windows during the initial OS install. I had uninstalled mostly ALL since then using third party tools e.g, Revo, Geek Uninstaller and to remove all leftover remains.

    Still, for whatever reason, some apps still show in the "allowed apps to communicate through the firewall" list with a check next to those apps including a check under the private and public profiles which I use. The function to remove those apps from the list could not be performed because the "remove" button is greyed out (yes! I clicked the button on the top right) in advanced settings. Hence, all that could be performed is "unchecking" those apps.

    I mucked around a bit with the inbound and outbound rules in the Advanced settings. I was able to block some executable files associated with some of the bloatware apps using the 'program' filter. I could trace their location in the Windows Apps folder using the browse button. For other apps where stubborn leftovers were not found in the Windows Apps folder I had used "properties" and just selected the button to block those.

    I would like to restart all over to see possibly what connections Defender re-establishes with uninstalled apps since the initial Windows install.

    I know restoring Defender to default settings restores the firewall back to factory settings. But what I would like to know is whether the default Windows Defender settings will block connections for leftover remains of apps that were uninstalled or will it re-establish connections to allow connections through the firewall? Yes. I saw both outbound and inbound connections allowed after I uninstalled apps under all three profiles.
      My Computer


  2. Posts : 2,583
    Win 11 x 64 Home on PC and Win 11 Home x 64 on Surface 9
       #2

    I use Geek, very good. My firewall is administered by Kaspersky though.

    I am not sure this is of interest but I have this activated in winaerotweaks.

    How Defender treats deleted apps after restoring default settings-tweak-ads.png
    Last edited by elbmek; 24 Feb 2021 at 14:56.
      My Computer


  3. Posts : 145
    Windows 10 Home
    Thread Starter
       #3

    This isn't a comparative analogy but when Windows Media Player was installed, Defender had predetermined rules to allow connections through the firewall. After uninstalling MP within the Windows Settings, no outbound / inbound rules for connections appear any longer. Whether if Defender is monitoring Microsoft MP or not, I can't tell.

    - - - Updated - - -
    @elbmek

    Thanks. I had been considering a tweaking tool, Winaero was one.
    I had been looking to come across a script used through the command line interface first though. Microsoft lists how one can set the inbound and outbound actions to default on Domain devices; however I'm not on a Domain.

    For those I couldn't create a new rule, it was due to the reason that Defender lists those Rule Names as being associated with 'Any' which means Defender doesn't provide the path of the program executable like those that I know are in the WindowsApps folder

    So I selected the option to block those Rule Names by right clicking >Properties->Block. That action apparently does not appear to indicate the rule is being enforced although it says it's blocked e.g, Enabled = No

    - - - Updated - - -

    Defender's comprehensive set of rules where the FW appeared to have added its exceptions without any prompts to allow the leftover remains of apps and programs to receive network and internet access through the firewall led to the decision to create new rules to block them in both directions. A concern was whether the explicit block rules created took precedence behavior over the rule exceptions.

    A general security best practice was enacted to restore the firewall to the default settings. As of now, all of the uninstalled Windows apps and programs are no longer listed as enabled rules. Will be monitoring the firewall going forward.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:04.
Find Us




Windows 10 Forums