Qs on Defender Rules Cleanup w Particular Ref to HNS Container Entries

I am looking at the configuration and settings of Defender Firewall for the dual reasons of ...

Security - in using this workstation as a multi-media server - Plex Ubooquity and NAS - for both the home private network and with enabled remote access - I am conscious of opening up ports and access I really do not fully understand.

Performance - I am trying to squeeze every drop from this old Dell 7010 i5 (system 2 in my computers with Windows 10 Pro 64) and optimal configuration of the Firewall has come up as a worthwhile task in several 'how to squeeze every drop ..' guides I have seen.

So I am trying to understand the rules, and remove those that are unnecessary/redundant.

I do not want to simple reset as all the media servers are currently working, plus this workstation happens to have a unique and very clunky Spanish Government digital certificate that was a real pain to get working.

Whereas there are many apps and guides on cleaning other aspects of the system, I can't find anything on the firewall rules.

Some housekeeping changes are obvious - rules with names of some software i may have installed years ago that has long been consigned to the bin.

But many are way obscure, with no information on what they relate to or other info that may help narrow them down such as when they were added.

My current rules are in excess of 600, and 150+ of these are HNS container entries.

Searching on the HNS rules returned many threads of upset users ranting at MS for not attending to the issue, apparently caused in large part if not entirely, due to the V-Hyper terminal emulator thingy - something I had enabled, don't need and so have turned off.

My question is in two parts:-

1. Does anybody know of any guide, look-up, how-to or tool on cleaning the firewall of duplicate and redundant etc entries?

2. Having turned off the v-Hyper thingy, can I delete all of the HNS entries - none of the upset posts I read today went as far as saying what could be done, or whether the v-hyper emulator was the sole reason these rules propagated in such numbers?

2 screens attached of the hnc entries

steve108 said:

Hello gibbsyns3 and welcome to tenforums ,

I don't have the answer to your questions, but offer that if you don't already make image backups, doing so will help you recover if you otherwise delete something and can't easily fix it:

Backup and Restore with Macrium Reflect

My complements to you on your long, but very readable and nicely presented post

Thanks for the compliments! You make a good point on backup - I am very good at data and media file backup, but have never had cause to bother as much about configuration. If all else fails, at least with firewall rules they can be disabled to test effect and enabled again in case of calamity - but as approaches go, it feels a bit like shooting yourself as a way of testing if a gun has any bullets. There has to be a better way.

hi,

I don't know about any Windows Firewall cleanup utility.

There is honestly not much you can do, If it is a client machine, resetting all to default and giving back authorization is the easiest way to do.

On the left pane, click the Restore defaults link.
Click the Restore defaults button.
Click Yes to confirm.

If it is a server machine... I would check every rules one by one and start by disabling only the suspicious ones...

Then with time slowly tighten things up...

Though this post did not receive any responses that definitively solved the issue of what these HNS Container Entries are and why they proliferated to such an extent, I thought it would be useful to record my actions and the outcome - I initially created the post as found when searching that the question had been asked in various forums many times, but none had received an answer.

If you come to this thread via a web search I can tell you that I disabled all the hundreds of HNS entries in my firewall, and after several weeks there has been no negative effect, no connections have been problematic or closed, everything is working fine and dandy without them.

Obs this applies to my set up, so I can't offer any guarantee you will have the same experience, but if you follow the back up recommended by @steve108 in his reply, you should be able to safely try disabling these entries before taking the step of deleting them for good.