Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

how to lock down windows-10 firewall rules?


  • Please log in to reply
30 replies to this topic

#16 Guest_Joe C_*

Guest_Joe C_*

  •  Avatar image
  • Guests
  • OFFLINE
  •  

Posted 20 September 2018 - 04:59 PM

Windows 10 LTSB.

You'll have more choice about your updates and your not going to see Cortana bother you



BC AdBot (Login to Remove)

 


#17 Marpessa

Marpessa

  •  Avatar image
  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 24 September 2018 - 09:54 AM

All great info!!!

 

I've noticed that Win 10 has somehow disabled 3 of my firewall apps via updates. And I can hear something running undetected by my process monitor app, task manager or any firewall, that stops when i turn off the internet. If anyone has any info on that...

 

How do I get notices for updates to this discussion?

Just updating to say that since I switched browsers from Chrome my computer is silent and no longer roaring with unidentifiable internet activity. Same 55 tabs open in Ungoogled Chromium.



#18 lola-d

lola-d

  •  Avatar image
  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 11 May 2019 - 03:57 PM

"Does anyone know better?"
 
of course someone knows better
 
1. Bring up Run dialog by pressing Win + R key combination.
 
2. Type mmc.exe wf.msc in the box and click OK
 
3. when "Windows Defender Firewall with Advanced Security" Console comes up, 
right mouse click on "Windows Defender Firewall with Advanced Security on Local Computer" and choose "Export Policy..."
save as example Desktop\firewallrule.wfw
 
Attached File  1.PNG   31.2KB   0 downloads
 
Now
 
1. Bring up Run dialog by pressing Win + R key combination.
 
2. Type gpedit.msc in the box and click OK. Then local Group Policy Editor will open.
 
3. Open Local Computer Policy\Security Settings\Windows Defender Firewall with Advanced Security - Local Group Policy Object
 
right mouse click on "Windows Defender Firewall with Advanced Security - Local Group Policy Object" and choose "Import Policy...",
select the previously saved as firewallrule.wfw and import.
 
Attached File  2.PNG   27.28KB   0 downloads
 
 
 
 

 


Edited by lola-d, 11 May 2019 - 05:20 PM.


#19 lola-d

lola-d

  •  Avatar image
  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 11 May 2019 - 04:23 PM

follow:
 
1. mouse click on "Windows Defender Firewall with Advanced Security - Local Group Policy Object" in the right window, open 
"Windows Defender Firewall Properties"
 
2. A new pop-up  will open. In each Profile (Domain, Private, Public) do the same, open Setings ==> Customise, in new pop-up select 
 "Apply local firewall rules": No, and "Apply local connection security rules": No ==> OK
 
Attached File  3.PNG   61.35KB   0 downloadsAttached File  4.PNG   21.79KB   0 downloadsAttached File  5.PNG   16.94KB   0 downloads
 
 
3. Open the cmd console as administrator and type: netsh advfirewall firewall delete rule name=all
It will remove all the previous  Windows Firewall Rules, every new created windows system adds rules or other software rules will be ignored.
You will new or modify your existing firewall rules change or make only from Group Policy Editor.
 
:P

Edited by lola-d, 11 May 2019 - 04:38 PM.


#20 Plush

Plush

  •  Avatar image
  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 14 October 2019 - 08:16 PM

removed


Edited by Plush, 14 October 2019 - 08:55 PM.


#21 Lunarlander

Lunarlander

  •  Avatar image
  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:00 PM

Posted 03 November 2019 - 08:10 PM

The above suggestion of using Group Policy by lola-d works, but you have to have Win 10 Pro. Windows Firewall Control https://www.binisoft.org/wfc.php works for both Home and Pro users. If you go to it's Main Panel and then Security section, it has two useful features: 1) Secure Profile, which forbids modification to firewall rules via any other program other than itself, and 2) Secure Rules, which makes your list of firewall Group Names activate-able and all other rules disabled. Together, these 2 features stop Windows from re-adding/re-activating it's preferred firewall rules.

WFC uses the Win 10 Defender Firewall engine, it just aims to give a stronger UI. However, it cannot create or modify firewall rules that deals with Windows package names; you still have to disable Secure Profile feature temporarily and use Windows Defender Firewall with Advanced Security to create those.

Edited by Lunarlander, 03 November 2019 - 08:16 PM.


#22 Digika

Digika

  •  Avatar image
  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 16 June 2020 - 06:44 AM

 

follow:
 
1. mouse click on "Windows Defender Firewall with Advanced Security - Local Group Policy Object" in the right window, open 
"Windows Defender Firewall Properties"
 
2. A new pop-up  will open. In each Profile (Domain, Private, Public) do the same, open Setings ==> Customise, in new pop-up select 
 "Apply local firewall rules": No, and "Apply local connection security rules": No ==> OK
 
 
 
3. Open the cmd console as administrator and type: netsh advfirewall firewall delete rule name=all
It will remove all the previous  Windows Firewall Rules, every new created windows system adds rules or other software rules will be ignored.
You will new or modify your existing firewall rules change or make only from Group Policy Editor.
 
:P

 

 

 

I have registered to point out this statement is FALSE. Much like with local Windows Firewall anyone you grant elevated privilegies can modify that policy (and MS never had any issues modifying anything ever). And you\d be surprised how often you gran such privs to all kinds of programs and apps: installer (Nullsoft/Inno setup have it as a built-in feature), network apps, any other "security" apps that require elevated privileges in order to work.

 

You can test it for yourself, run CMD.EXE as admin and using reg you can add any kind of rules here:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules

 

For any slightly malicious or unceremonious program it takes single IF case to check if you are using LGPO instead of Local Firewall and add rules to proper place instead.


Edited by Digika, 16 June 2020 - 06:45 AM.


#23 zebanovich

zebanovich

  •  Avatar image
  • Members
  • 556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:EU
  • Local time:08:00 AM

Posted 18 June 2020 - 10:29 AM

First step to lock down rules and firewall is to stop using "Active Store" firewall in control panel.

Second step is to use GPO to manage firewall "GPO store", nobody can modify it without your (Administrator) consent.

 

How successful you will be doing this depends on you, it's not easy to make good firewall (rules).



#24 Digika

Digika

  •  Avatar image
  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 18 June 2020 - 03:37 PM

nobody can modify it without your (Administrator) consent.

Any app that you launch with elevated privilegies - can. As I said:

And you'd be surprised how often you gran such privs to all kinds of programs and apps: installers (Nullsoft/Inno setup have it as a built-in feature), network apps, any other "security" apps that require elevated privileges in order to work.


And MS updates always install with highest possible privs- TrustedInstaller

#25 zebanovich

zebanovich

  •  Avatar image
  • Members
  • 556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:EU
  • Local time:08:00 AM

Posted 24 June 2020 - 02:15 PM

 

nobody can modify it without your (Administrator) consent.

Any app that you launch with elevated privilegies - can. As I said:

 


 

 

not true, firewall won't be modified.

 

secondly, you should not use administrative account anyway.

 

Exception is malware, but then, that's again your (user) problem not firewall problem.



#26 glenndm

glenndm
  • Topic Starter

  •  Avatar image
  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 13 December 2023 - 01:19 PM

Back to say Hi to my younger self; things are going to be bleak for some time.

To my older self - coming back here in a few years:

I solved the issue by:

-prefacing the names of my rules with prefix ".G_"  < these are the only ones I want.

-running following powershell script manually or automatically
   the script removes all rules with names not starting with .G_

$rules = (Get-NetFirewallRule | Select-Object DisplayName).DisplayName

ForEach($rule in $rules) {
	if ( $rule -notlike ".G_*") {
		write-Output  "dp =  $rule"
		Remove-NetFirewallRule -DisplayName "$rule"
	}
}

done
 



#27 ranchhand_

ranchhand_

  •  Avatar image
  • Members
  • 5,312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:06:00 AM

Posted 14 December 2023 - 05:42 PM

Glen, I quickly perused this thread, and I did not see one referral to the absolute solution to any infection, malware, virus, hack, ransomware or mechanical failure.

A complete image backup, saved to an off-line USB drive.

That is the one thing that will never get corrupted, never fail to fix an infection, and is easy to do.

People don't want to bother with backups and they eventually pay the price.

Just a thought based on thousands of trashed operating systems and bewildered posters wanting help to clean their machines.


If there are no responses to my post for 3 days I remove it from my answer list. If you wish to continue the thread after 3 days please PM me.


#28 glenndm

glenndm
  • Topic Starter

  •  Avatar image
  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 15 December 2023 - 05:50 AM

Glen, I quickly perused this ..

I quickly perused your reply and I found it devoid of relevancy. Thank you AI bot
 



#29 ranchhand_

ranchhand_

  •  Avatar image
  • Members
  • 5,312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:06:00 AM

Posted 15 December 2023 - 08:37 AM

Glen, click on my signature name; is that an AI bot?

Sorry you don't see any relevancy to my post, I'll just move on.


If there are no responses to my post for 3 days I remove it from my answer list. If you wish to continue the thread after 3 days please PM me.


#30 0lds0d

0lds0d

  •  Avatar image
  • Members
  • 4,986 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:00 PM

Posted 18 December 2023 - 07:52 PM

https://www.bleepingcomputer.com/forums/t/751381/windows-7-firewall-settings-whathowwhy-oldsod-invited-to-star-here/


Colossians 3:12-3





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users