Windows 10: Windows Firewall Block (Mostly) All Outbound But Allow Windows Update?

Im trying to improve W10 security by using Windows Firewall to block all outbound connections and only allow my select programs and services to connect. One issue ive found no solution for is how to make key Windows 10 components like Windows Update work without allowing svchost . exe port 80, 443. I understand that this is important component for Windows but i also read that malware sometimes uses svchost.

With svchost being able to connect, am i at all better off with my strict outbound rules? This also raised another concern, say i allow Chrome to have outbound connection, cant a malware just infect my Chrome binary and my outbound rules will fail at protection?

What's a good security measure using Windows's builtin tools and how well does the W10 Firewall protect with the settings above?

submitted by /u/voidstructure
[link] [comments]

:)

 

Outbound rules still show as allowed.

Why do all of the default (pre-defined) MS Firewall outbound rules still show as allowed when I have set outbound connections to block for the Domain, Private and Public profiles? Shouldn't setting outbound connections to block block everything in the outbound list?

 

Windows 10 Firewall - outbound 'block all' causes Windows to need Re-activating after a while

Hi,

I wonder if anyone could help me please? I am rather security conscious and go a step further than most people - I BLOCK all OUTBOUND firewall connections BY DEFAULT. I then create specific 'allow' rules to allow each friendly application through my firewall
to access the internet. This is to:

a) Protect my system from initiating mysterious outbound connections all over the internet from apps preinstalled that I have no idea do what. Hopefully this would also ensure my computer was never used as an internet bot (if it got compromised).

b) Allows me to control every application that 'I' know and pre-approve that application accessing the internet.

c) Seems a sensible, and wise thing to do.

d) Saves data transmissions costs when I'm paying for the internet connection (I want to use my allowance on what I want to do).

Hopefully the above doesn't seem unreasonable?

It's all been working perfectly for two weeks, when I was surprised to find that Windows 10 requires re-activation when it can't 'call home'. I have spent three hours of quality of time with Microsoft call centre, but haven't found anyone who knows what
blocking outbound firewall connections actually means. I was lucky enough to get them to reactivate my genuine copy of windows after much haggling and persuasion (phew!). But my outbound firewall blocking is definitely causing problems/complications that
Windows doesn't like.

I would like to please ask, I have Googled (or should I say Bing'd) this topic, but there's not much (ZERO) out there on:

1) What minimum list of applications does Windows require for OUTBOUND firewall connectivity. For instance there's lots that can AND SHOULD be blocked by default (Adobe Reader needs outbound connectivity by default? - I think not!).

2) For Windows Upgrade to work (inc online Activation / checkup) what applications / services need to 'call home' on a regular basis (so that I can create outbound rules that work just for those).

3) Windows Firewall logging is abysmal - it's not user friendly to decipher when it's blocking stuff that's requesting access. Plus there's no notifications.

4) Some people are suggesting allowing svchost.exe outbound access, but that seems to be a catchall for lots of applications to access the internet.

Thank you for your time reading this and replying if you're an absolute wizard on Windows Firewall )

 

How to configure Win10 firewall to block outbound connections without a rule, but still allow Windows Update?

For those of us that prefer to have Windows Firewall set to "Block Outbound connections that do not have a rule": What rule(s) need to be added to allow Windows Update to still work?

I've tried adding rules for Windows Update service, BFE, BITS, but the Windows Update still gives the error message "We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet." Windows Troubleshooter just wants to unblock all traffic.

Any suggestions other than just allowing all outbound traffic? Thanks!