How to block multiple EXE files Windows Firewall

spapakons · 05 Mar 2016

Hello!

I want to block a certain application from any access to the internet, either inbound or outbound, so it will never attempt to upgrade. I went in the Advanced Settings in Windows Firewall but I can only block one-by-one the executable files (EXE) and this application has at least 30. Is there any way to block all EXE files in a specific folder at once?

Thank you in advance.

PS: This was asked in sevenforums.com by another poster and all replies were about blocking other users to share the folder. WRONG! I want to block all executables from accessing or receiving data from the internet, which is a totally different thing. So please reply only if you have something useful to say and keep it on topic. Thanks.

bro67 · 05 Mar 2016

The problem is that without telling anyone what programs you are looking at restricting, there is not much that can be done. You do not block the programs from connecting outside of the LAN. You are blocking the ports that they use. It has always been that way. Blocking folders has nothing to do with this, so really do not even know why you brought it up, along with mentioning the other forum and getting upset about something by capitalizing your anger at something that has nothing to do with what you want to do.

Windows Firewall rules are something that you can cause other issues if you do not create them right. Technet at microsoft.com has all of the information that you need to create firewall rules for the built in firewall.

ARC1020 · 05 Mar 2016

Windows Firewall doesn't support wildcards, therefore I'm thinking using a batch file would probably be the quickest way. Batch files aren't really my forte, however as an example maybe something along these lines.

1) Paste ALL the following into NotePad (including the last line that's hidden from view) and obviously edit to show the folder path where the applications that you want to block are.

Code:

for %%G in ("C:\Program Files (x86)\Test Folder\*.exe") do (

netsh advfirewall firewall add rule name="Blocked With Batchfile %%G" dir=in action=block program="%%G" enable=yes profile=any
netsh advfirewall firewall add rule name="Blocked With Batchfile %%G" dir=out action=block program="%%G" enable=yes profile=any

)

2) Save the text file and rename it to BlockInOut.bat

3) Right-click BlockInOut.bat and run as administrator.

How to block multiple EXE files Windows Firewall-001.jpg

4) Check your Inbound and Outbound firewall rules afterwards

How to block multiple EXE files Windows Firewall-002.jpg

Note: Before carrying out any of the above, I'd recommend that you open Windows Firewall With Advanced Settings in the advanced view. Right-Click and select 'Export Policy', then save it somewhere safe. This way in the event of any problems, you'll be able to import your policy again to reset it back to how it is currently.

How to block multiple EXE files Windows Firewall-003.jpg

Obviously be aware that Windows Firewall won't give you/the user any indication if or when it's blocking connections, unless you specifically set up Blocked Connection logging in Event Viewer.

topgundcp · 06 Mar 2016

In addition to the above. You can also try:
Download TinyWall
OR:
Windows Firewall Control

spapakons · 06 Mar 2016

ARC1020 said:

Windows Firewall doesn't support wildcards, therefore I'm thinking using a batch file would probably be the quickest way. Batch files aren't really my forte, however as an example maybe something along these lines.

1) Paste ALL the following into NotePad (including the last line that's hidden from view) and obviously edit to show the folder path where the applications that you want to block are.

Code:

for %%G in ("C:\Program Files (x86)\Test Folder\*.exe") do (

netsh advfirewall firewall add rule name="Blocked With Batchfile %%G" dir=in action=block program="%%G" enable=yes profile=any
netsh advfirewall firewall add rule name="Blocked With Batchfile %%G" dir=out action=block program="%%G" enable=yes profile=any

)

2) Save the text file and rename it to BlockInOut.bat

3) Right-click BlockInOut.bat and run as administrator.

4) Check your Inbound and Outbound firewall rules afterwards

Note: Before carrying out any of the above, I'd recommend that you open Windows Firewall With Advanced Settings in the advanced view. Right-Click and select 'Export Policy', then save it somewhere safe. This way in the event of any problems, you'll be able to import your policy again to reset it back to how it is currently.

Obviously be aware that Windows Firewall won't give you/the user any indication if or when it's blocking connections, unless you specifically set up Blocked Connection logging in Event Viewer.

Exactly the reply I was looking for! The script did the job in seconds! All I had to do was copy-paste the folder path from Windows explorer and modify the script. Million Thanks!

Another guy mentioned blocking the ports. This is not the case, since the same ports could be used by another application and I don't know which ports I should block.

Also it shouldn't cause any damage to block a specific application from accessing the internet, unless the application works by accessing the internet and other applications depend on it. So it is irrelevant which was the application I wanted to block. The script is the same, just use the proper path. Thanks again!

spapakons · 06 Mar 2016

topgundcp said:

In addition to the above. You can also try:
Download TinyWall
OR:
Windows Firewall Control

I downloaded Windows Firewall Control, but haven't tried yet since the script by ARC1020 did the job. Thank you any way! I added that in my Utilities collection.

topgundcp · 06 Mar 2016

spapakons said:

I downloaded Windows Firewall Control, but haven't tried yet since the script by ARC1020 did the job. Thank you any way! I added that in my Utilities collection.

Glad it works out for you. However, Try WFC, you might find it useful as it does what the script does and a lot more.
In some case, blocking the .exe is not enough, you also need to block the .dll also.

DudeInMyrtleBch · 09 Dec 2016

bro67 said:

The problem is that without telling anyone what programs you are looking at restricting, there is not much that can be done. You do not block the programs from connecting outside of the LAN. You are blocking the ports that they use. It has always been that way. Blocking folders has nothing to do with this, so really do not even know why you brought it up, along with mentioning the other forum and getting upset about something by capitalizing your anger at something that has nothing to do with what you want to do.Windows Firewall rules are something that you can cause other issues if you do not create them right. Technet at microsoft.com has all of the information that you need to create firewall rules for the built in firewall.

Old thread, but I gotta add -- the above is just plain incorrect. Windows firewall does indeed have the capability of blocking an application from accessing the internet regardless of the ports it use. It's always been that way.

spapakons · 10 Dec 2016

Yes doesn't matters which port the application tries to use, you can block it for any port and any protocol (UDP or TCP) to make sure. If you don't know which of many EXE the application launches to connect to the internet, you just block the whole folder (see earlier posts in this thread) so there is no way it can access the internet without you explicitly giving permission. This is to avoid auto updates that can screw the application and cannot be turned off by the user. You cannot turn it off, so you block it and you have a peace of mind. However be careful not to block an application that relies on internet access to work or you effectively disable it.

jpeni · 27 Feb 2017

Use this batch file to add exe and dll files to Firewall in Windows 10 - it works perfectly.

GitHub - charlesdh/addfwrs: addfwrs - created by Charles de Havilland