Windows 10: Windows Firewall Public Outbound restrictions

Hi Everyone,


How are you all handling the fact windows Firewall does not support wildcards?


We want to restrict all outbound traffic to stop casual droppers based on a whitelist. However it seems several Microsoft app's are breaking the standard location convention e.g. teams and skype. Since you can't do wildcards in these folders, you can't use URL white-listing, they don't run with a service and if you prevent admin merge of rules so only GPO's work you can't script a fix either.


It seems you have to compromise security to make a Microsoft app work because it's using a non-standard location and I thought there must be a way around this?

:)

 

Windows 10 Firewall won't keep my inbound/outbound rules

Hi,

I realize the inconvenience caused to you regarding the Windows Firewall. I will certainly assist you.

I suggest you to restart the Windows firewall service and check if it helps.

Follow the below steps for the same.

• Press Windows key + R simultaneously for Run.
• Type services.msc and then Enter.
• Right click on the Windows firewall services and then restart the services and check if it helps.

If the issue still persists then I suggest you to remove and then read the Windows fire wall rule.

Hope this information is helpful. Please get back to us with the information required, if you need further assistance, we’ll be glad to assist you.

 

Windows 10 Firewall - outbound 'block all' causes Windows to need Re-activating after a while

Hi,

I wonder if anyone could help me please? I am rather security conscious and go a step further than most people - I BLOCK all OUTBOUND firewall connections BY DEFAULT. I then create specific 'allow' rules to allow each friendly application through my firewall
to access the internet. This is to:

a) Protect my system from initiating mysterious outbound connections all over the internet from apps preinstalled that I have no idea do what. Hopefully this would also ensure my computer was never used as an internet bot (if it got compromised).

b) Allows me to control every application that 'I' know and pre-approve that application accessing the internet.

c) Seems a sensible, and wise thing to do.

d) Saves data transmissions costs when I'm paying for the internet connection (I want to use my allowance on what I want to do).

Hopefully the above doesn't seem unreasonable?

It's all been working perfectly for two weeks, when I was surprised to find that Windows 10 requires re-activation when it can't 'call home'. I have spent three hours of quality of time with Microsoft call centre, but haven't found anyone who knows what
blocking outbound firewall connections actually means. I was lucky enough to get them to reactivate my genuine copy of windows after much haggling and persuasion (phew!). But my outbound firewall blocking is definitely causing problems/complications that
Windows doesn't like.

I would like to please ask, I have Googled (or should I say Bing'd) this topic, but there's not much (ZERO) out there on:

1) What minimum list of applications does Windows require for OUTBOUND firewall connectivity. For instance there's lots that can AND SHOULD be blocked by default (Adobe Reader needs outbound connectivity by default? - I think not!).

2) For Windows Upgrade to work (inc online Activation / checkup) what applications / services need to 'call home' on a regular basis (so that I can create outbound rules that work just for those).

3) Windows Firewall logging is abysmal - it's not user friendly to decipher when it's blocking stuff that's requesting access. Plus there's no notifications.

4) Some people are suggesting allowing svchost.exe outbound access, but that seems to be a catchall for lots of applications to access the internet.

Thank you for your time reading this and replying if you're an absolute wizard on Windows Firewall )

 

Windows Firewall blocking program even with inbound/outbound rule enabled.

Windows firewall is like a fart when you have squirty dumplings, you shouldn't really trust it.


Disable the private network firewall, if the application works fine do this.

Open a CMD prompt window with admin rights. type in "netstat" without the quotes and press enter. You should get a list of what IP and port is connecting to what port and or service. Open those ports for the application, or just allow those ports to be unfiltered.