Windows 10: Firewall setup?

I found this site quite interesting, tests your internet router security. Probably more to do with adapter/router settings than firewall but still quite interesting...

GRC

 

I'm following this Windows 10 hardening guide and they recommend turning outbound blocking on. My question is once I have set outbound connections to blocked for each profile why do the outbound rules still show as allowed? The rules in the green box are ones that I've created.





:)

 

Can't send email via IMAP account outside of server domain on PPC WM6.1

Thanks,

I will check with my IT administrator tomorrow and we will see if we can get it to work. I will update you then

Bruce

 

Can't send email via IMAP account outside of server domain on PPC WM6.1

I have a Sprint Mogul PPC 6800 running Windows Mobile 6.1.

1. I have a fully functioning Hotmail account

2. I have a problematic IMAP account to access an Exchange Server at work. I can receive and send emails to my work domain but when I try to send emails outside of the domain, for example, a test message to my hotmail account, I receive the following message.

From System Administrator: the message "test " was not sent and has been moved to the draft folder. The server returned the following error message: 550 No such domain at this location (*** Email address is removed for privacy ***).

If I copy someone within the work domain they receive the test message but it will not relay beyond our server.

I have deleted and rebuilt the IMAP account. This used to solve the issue.

I have hard reset and rebuilt the entire phone.

I have installed the MS relay patch KB958639 and the Buttonboy patch from Xda-developers forums.

Are there any additional suggestions before I look for another phone and software system.

Bruce

BC

 

You have to either remove the rules or set them to block. Default deny - what is not allowed, is blocked.

 

Unfortunately, and just my opinion based on experience, I do not rate the Windows Firewall, as it has always seemed not up to the job, others are happy with it ...

I always recommend Comodo Free firewall to anyone looking for a serious standalone product- It is the same technology as Comodo supply to Professional clients (indeed they state that the reason they supply if free for personal use is to protect their corporate clients from workers with infected devices.)

It can provide a good protection Out of the Box, but with a bit of effort in learning the way it is customised can provide Professional level protection , tailored to your needs. There is a learning Curve which can be steep, but once understood the knowledge will transfer to other products. It includes several levels of automation, including a learning mode which you can run for a while and will ask you what you want to do with each attempt to send or receive data, and write the rules based on your reply. it contains a lockdown mode for emergency use and an all off mode for testing.

There are also some great firewalls included with the top Anti Malware suites, I myself do not use the Comodo firewall, any longer, after many years of use, as I run the Pro paid version of Bitdefender which includes an excellent firewall system

 

Indeed. Besides, any software with admin rights, even some malware, can add/changes rules at will, regardless of what the user wants. Not to mention, that WF does not display any notifications for outbound, because by default, it is supposed to be allowed. WF is anything, but user friendly. *Rolleyes

 

When outbound connections is set to allow is basically every app and service allowed through the firewall? What are the existing apps/services with green ticks next to them? Microsoft defaults? Why is it that many apps and services don't show in the outbound rules? For example the ones I manually added in the green box? This makes me think that when outbound is set to allow it just allows every app through and does not need to show it in the outbound list is that correct?

 

Yes, but if you have only trusted apps installed, it is not really an issue.

Yes. You can remove those, you do not need. In case of problems, you can always reset it to default.
Code: netsh advfirewall reset[/quote] My ruleset for comparison (I have removed all default rules):

Some apps can use Windows processes to connect, like svchost.exe, and some can connect via allowed processes hijacking them. Zone Alarm or Comodo Firewall would prevent that.

If you want to use Windows Firewall, it is better to get a usable GUI for it.
Glasswire has a really nice one and you can easily see, what is going on.
Windows 10 Firewall Control displays alerts, so you can easily manage it.

 

I'll probably have some more questions as I get into the firewall so would be grateful for anyone who wants to stick around. Need to take this one slow. *Smile

 

said:


When outbound connections is set to allow is basically every app and service allowed through the firewall?



TairikuOkami "Yes, but if you have only trusted apps installed, it is not really an issue."

Does this mean that when I install an app that requires an outbound connection it still won't even show in the outbound rules list when outbound connections is set to allow?

 

Is there nothing at all from the default Microsoft rules that you wanted to keep enabled? Some of the rules I don't understand and why they require and outbound connection, namely some of the core networking ones. What are the rules that are disabled by default and why are they disabled?

 

No. If I need something, I enable outbound temporarily and the disable it again with commands: Code: netsh advfirewall set PublicProfile firewallpolicy blockinboundalways,allowoutbound netsh advfirewall set PublicProfile firewallpolicy blockinboundalways,blockoutbound[/quote]

You should keep Core rules for svchost.exe, it is required by Windows updates and also by DNS requests, unless you setup DNS servers manually, like I did. As for the rest, it depends, what software and features you are using, like network sharing, store apps, Windows Defender updates, etc. Some rules are disabled and get enabled, only if you enable related features.

 

GlassWire is a good starter to see Internet activity and processes that are running regularly. Some links can be blocked from the app. Try blocking c:\windows\system32\svchost.exe and see what it does. It won't take long to re-enabling them.

There are many rules that are safe to block, but don't push your luck too far. Some of them will be re-enabled by internal process on restart or shutdown, so they have to be checked on a regular basis.

If you block Edge, for exemple, it won't start anymore. Same for others... There are rules that you don't touch (svchost.exe): WU, Defender, apps you are using, GlassWire, FF... Removing apps that you are not using, removes their rule(s). Ex. Media player, IE, tiles...

 

Removing Store apps doesn't seem to delete their rules. I still have outbound rules for BubbleWitchSaga, Candy Crush, Bing News, Twitter, Facebook and all the rest of that pre-installed junk. I should probably tidy it up a bit now I've noticed.