Configure Windows Firewall to block ALL applications system-wide, except for a select few?

4

1

I'd like to make it so Windows disregards internet access for every system and user application, and let me add exceptions as I see fit, but I'm having problems...

Going to "Windows Firewall with Advanced Security", selecting "Windows Firewall Properties", and then setting Inbound/Outbound connections to "Block" on all tabs should theoretically, as described on the previous menu, block inbound/outbound connections for applications that do not match a rule. In this case, everything except my internet browser, but it does something else instead. It completely turns off any Internet access to the device, and puts it in a "Limited" state (Local connection). This means I can't access the internet anywhere, and I'm not sure how to fix it. Disabling Windows Firewall allows internet access yet again, but I can't live with the amount of connections this system makes without being paranoid.

Is there perhaps a system service I need to allow internet access to before I can get my primary applications to function over the net? That's the only thing I can think of, but I wouldn't know which one to allow access to. I've scanned this site for a little bit, and I can't really find anything that helps.

Huntereb

Posted 2016-02-06T19:41:16.803

Reputation: 43

Did you delete all the standard outbound rules? That would certainly cause problems. – Ben N – 2016-02-06T19:52:25.013

@BenN It's currently blank, besides my browser. https://i.imgur.com/0XOGqug.png

– Huntereb – 2016-02-06T19:56:19.567

Went through pretty much all of the network-related presets and created "allow" rules for them, it's still doing the same thing. Never had this happen before, I might just revert back to Windows 8.1 and cry... – Huntereb – 2016-02-06T21:34:38.653

Answers

1

In the comments, you said:

It's currently blank, besides my browser.

There's your problem. You need a little more than just the web browser to have a working Internet connection. Specifically, all of the Core Networking rules are important, especially DNS. (It's rather difficult to visit web sites if you can't resolve their IPs.)

You can restore the standard rules - both outbound and inbound - by right-clicking the root node in the firewall management window and choosing Restore Default Policy. That will roll back the firewall state to what it was when Windows was first installed. You'll lose all custom entries, so some programs might need to have their rules re-added. (Alternatively, you could attempt to restore them by creating "predefined" rules.) After you do that, you can try disabling some outbound rules until stuff breaks, at which point you've discovered which ones are critical. Be aware that the network icon in the notification area isn't necessarily right about whether you can access the Internet; its checks may differ from what you're interested in.

My experimentation indicates that only the Core Networking ones are super important. You'll need to allow your browser too, of course. Note: Some browsers (Microsoft Edge, for instance) have one executable that is the UI and one that makes the actual requests; you need to unblock the latter.

I recommend also allowing the Windows Update service; you can create a service rule by creating a "custom rule", leaving the Program screen setting at All programs, and choosing a service with the Customize button at the bottom.

If you want pinging to work, you'll need to create a rule that allows certain types of ICMP traffic, which will also be a "custom rule." Let it apply to all programs, but on the Protocols and Ports screen, click the Customize button after choosing ICMPv4 as the protocol. Select the specific types that you're interested in; I recommend Echo Request (ping) and Destination Unreachable.

Ben N

Posted 2016-02-06T19:41:16.803

Reputation: 32 973

This seems to be a step in the right direction, as the "Local" status on my connection has changed. However, even after adding my programs to the exception list, it's giving me this: https://i.imgur.com/U5VV9X6.png

– Huntereb – 2016-02-06T22:49:54.977

I wanted to add a return and create a new paragraph in that last comment, but anyway... That error message is peculiar. Edge gives me a similar message, even with it on the exception list as well. – Huntereb – 2016-02-06T22:51:07.310

I'm beginning to think this is simply a Windows 10 issue. Maybe they broke it on purpose to force users to keep an active internet connection? I have a Windows 8.1 ISO and my old key ready to downgrade if this can't be resolved, but I'm gonna give up on it for the night. – Huntereb – 2016-02-07T01:08:52.303

@Huntereb I tested this on Windows 10; it's working for me. Note that for Edge, you need to add the other executable in the Edge folder (it has two letters after it, I can't remember what they are). I suggest using netstat -bn on a normal machine to see what processes are actually connecting to places. – Ben N – 2016-02-07T02:10:40.413

This does work for edge, but just adding a single executable for Iridium has always worked on every other machine I've used... Oh well, I guess it's something. Thanks for the help! – Huntereb – 2016-02-07T02:31:58.153

Asked: 2016-02-06T19:41:16.803

Viewed: 4 643 times

Active: 2016-02-06T22:16:26.253