how to lock down windows-10 firewall rules?

Windows 10 LTSB.

You'll have more choice about your updates and your not going to see Cortana bother you

All great info!!!

 

I've noticed that Win 10 has somehow disabled 3 of my firewall apps via updates. And I can hear something running undetected by my process monitor app, task manager or any firewall, that stops when i turn off the internet. If anyone has any info on that...

 

How do I get notices for updates to this discussion?

Just updating to say that since I switched browsers from Chrome my computer is silent and no longer roaring with unidentifiable internet activity. Same 55 tabs open in Ungoogled Chromium.

"Does anyone know better?"

 

of course someone knows better

 

1. Bring up Run dialog by pressing Win + R key combination.

 

2. Type mmc.exe wf.msc in the box and click OK

 

3. when "Windows Defender Firewall with Advanced Security" Console comes up, 

right mouse click on "Windows Defender Firewall with Advanced Security on Local Computer" and choose "Export Policy..."

save as example Desktop\firewallrule.wfw

 

 1.PNG   31.2KB   0 downloads

 

Now

 

1. Bring up Run dialog by pressing Win + R key combination.

 

2. Type gpedit.msc in the box and click OK. Then local Group Policy Editor will open.

 

3. Open Local Computer Policy\Security Settings\Windows Defender Firewall with Advanced Security - Local Group Policy Object

 

right mouse click on "Windows Defender Firewall with Advanced Security - Local Group Policy Object" and choose "Import Policy...",

select the previously saved as firewallrule.wfw and import.

 

 2.PNG   27.28KB   0 downloads

 

 

 

 

 

Edited by lola-d, 11 May 2019 - 05:20 PM.

Edited by lola-d, 11 May 2019 - 04:38 PM.

removed

Edited by Plush, 14 October 2019 - 08:55 PM.

The above suggestion of using Group Policy by lola-d works, but you have to have Win 10 Pro. Windows Firewall Control https://www.binisoft.org/wfc.php works for both Home and Pro users. If you go to it's Main Panel and then Security section, it has two useful features: 1) Secure Profile, which forbids modification to firewall rules via any other program other than itself, and 2) Secure Rules, which makes your list of firewall Group Names activate-able and all other rules disabled. Together, these 2 features stop Windows from re-adding/re-activating it's preferred firewall rules.

WFC uses the Win 10 Defender Firewall engine, it just aims to give a stronger UI. However, it cannot create or modify firewall rules that deals with Windows package names; you still have to disable Secure Profile feature temporarily and use Windows Defender Firewall with Advanced Security to create those.

Edited by Lunarlander, 03 November 2019 - 08:16 PM.

 

follow:

 

1. mouse click on "Windows Defender Firewall with Advanced Security - Local Group Policy Object" in the right window, open 

"Windows Defender Firewall Properties"

 

2. A new pop-up  will open. In each Profile (Domain, Private, Public) do the same, open Setings ==> Customise, in new pop-up select 

 "Apply local firewall rules": No, and "Apply local connection security rules": No ==> OK

 

3.PNG, 4.PNG, 5.PNG

 

 

3. Open the cmd console as administrator and type: netsh advfirewall firewall delete rule name=all

It will remove all the previous  Windows Firewall Rules, every new created windows system adds rules or other software rules will be ignored.

You will new or modify your existing firewall rules change or make only from Group Policy Editor.

 

 

 

 

I have registered to point out this statement is FALSE. Much like with local Windows Firewall anyone you grant elevated privilegies can modify that policy (and MS never had any issues modifying anything ever). And you\d be surprised how often you gran such privs to all kinds of programs and apps: installer (Nullsoft/Inno setup have it as a built-in feature), network apps, any other "security" apps that require elevated privileges in order to work.

 

You can test it for yourself, run CMD.EXE as admin and using reg you can add any kind of rules here:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules

 

For any slightly malicious or unceremonious program it takes single IF case to check if you are using LGPO instead of Local Firewall and add rules to proper place instead.

Edited by Digika, 16 June 2020 - 06:45 AM.

First step to lock down rules and firewall is to stop using "Active Store" firewall in control panel.

Second step is to use GPO to manage firewall "GPO store", nobody can modify it without your (Administrator) consent.

 

How successful you will be doing this depends on you, it's not easy to make good firewall (rules).

nobody can modify it without your (Administrator) consent.

Any app that you launch with elevated privilegies - can. As I said:

And you'd be surprised how often you gran such privs to all kinds of programs and apps: installers (Nullsoft/Inno setup have it as a built-in feature), network apps, any other "security" apps that require elevated privileges in order to work.

And MS updates always install with highest possible privs- TrustedInstaller

 

nobody can modify it without your (Administrator) consent.

Any app that you launch with elevated privilegies - can. As I said:

 

 

 

not true, firewall won't be modified.

 

secondly, you should not use administrative account anyway.

 

Exception is malware, but then, that's again your (user) problem not firewall problem.

Back to say Hi to my younger self; things are going to be bleak for some time.

To my older self - coming back here in a few years:

I solved the issue by:

-prefacing the names of my rules with prefix ".G_"  < these are the only ones I want.

-running following powershell script manually or automatically
   the script removes all rules with names not starting with .G_

$rules = (Get-NetFirewallRule | Select-Object DisplayName).DisplayName

ForEach($rule in $rules) {
	if ( $rule -notlike ".G_*") {
		write-Output  "dp =  $rule"
		Remove-NetFirewallRule -DisplayName "$rule"
	}
}

done
 

Glen, I quickly perused this thread, and I did not see one referral to the absolute solution to any infection, malware, virus, hack, ransomware or mechanical failure.

A complete image backup, saved to an off-line USB drive.

That is the one thing that will never get corrupted, never fail to fix an infection, and is easy to do.

People don't want to bother with backups and they eventually pay the price.

Just a thought based on thousands of trashed operating systems and bewildered posters wanting help to clean their machines.

Glen, I quickly perused this ..

I quickly perused your reply and I found it devoid of relevancy. Thank you AI bot
 

Glen, click on my signature name; is that an AI bot?

Sorry you don't see any relevancy to my post, I'll just move on.

https://www.bleepingcomputer.com/forums/t/751381/windows-7-firewall-settings-whathowwhy-oldsod-invited-to-star-here/