44
17
Can I configure the built-in firewall in Windows 7 to ask me if I want to let a program open an outbound connection?
I can disable all outgoing traffic and manually create rules for programs, but I can't find a way of letting the firewall prompt me when a program wants to initiate an outgoing connection.
olafure
Posted 2010-12-02T12:36:47.510
Reputation: 845
28
Try Windows 7 Firewall Control (the free version is good enough). This program is small, works with the Windows Firewall core - but is independent from the Windows Firewall application itself - and will ask you what to do. There is an annoying sound but this can be disabled.
I found that if you turn off the application, all new programs without firewall rules are blocked without notification.
tolkin
Posted 2010-12-02T12:36:47.510
Reputation: 296
just installed it and tried pinging www.google.com and didn't get any notification and it went through – barlop – 2015-07-29T06:50:17.817
@barlop: Do you remember whether you chose any options during installation? Perhaps the programme needs to be configured first? Or did you stop using it altogether after that? – Cerberus – 2017-08-09T21:41:03.273
@Cerberus I guess I stopped using it after that.. All I recall of it was it was a small program. But if you try it and you get a notification when pinging then i'd be willing to give it another try.. Let me know what happens when you try it – barlop – 2017-08-10T01:26:17.767
@barlop: OK, I will if I ever do. What Firwall did you end up using? By the way, there appear to be two "Windows Firewall Control" programmes, this one and the one below, in another answer. – Cerberus – 2017-08-11T01:31:32.333
@Cerberus I just use whatever one is built into windows. In the past the most other ones i've used has been sygate maybe win98 time or v early winxp time.. like pre 2008 , I really liked that one a lot, it had great monitoring of connections and a great gui generally, but their last free one like that was then, and probably nothing like it since, and as a technical very effective one I tried ipfw on Win XP (though it's not compatible with win7).and even there it was more for playing around, winxp firewall was ok in power and quite simple. – barlop – 2017-08-11T02:59:01.473
@barlop: Ah, OK, that makes sense. I've never actually used a firewall on my computer, but I'm preparing for Windows 10 now. I want to be able to stop Microsoft from phoning home, too... – Cerberus – 2017-08-11T03:19:27.057
@Cerberus If you don't trust your operating system then it's like you're running firewall software on an already compromised system, which is a flawed concept You could use your router's firewall.. many routers have a built in firewall.. But even then, you'd have to know what ports the OS would be using to contact MS. – barlop – 2017-08-11T04:50:13.413
@barlop: That is true: at least in theory, the OS could work around it. But nothing else is practicable: I couldn't find an option to filter traffic in my modem. So doing it from inside the OS is the best I can do...and I'm hoping for security through obscurity: the OS doesn't care about me specifically, and 99.9% of its users won't use the firewall with a whitelist anyway, so it's probably not worth it for Microsoft to create something to work around it. – Cerberus – 2017-08-15T01:16:09.927
4If there was a way to upvote this 10 times I would. I used to work with Sygate Personal Firewall on XP and it was awesome. Windows Firewall Notifier is doing a great job of stopping outgoing connections for approval – KalenGi – 2013-09-03T21:51:14.890
Upon installation, you have to sit through a few dozen "allow this program?" prompts before you can access any settings. – RomanSt – 2014-05-04T14:59:50.097
5
It appears that the default Windows 7 firewall does not support a popup which asks you about outbound connections. The only reference I could find about asking on an outbound connection was people saying it can't be done.
If you want a firewall which does ask you every time there is a connection outbound there are a myriad of products which can do this, the most notable (as it's been around forever) is ZoneAlarm.
From a security perspective disabling all outbound traffic except for specific applications (IE, FF, antivirus, etc.) is a much better solution as once it's setup correctly you will rarely have to update it. If you install new programs frequently though this can be labor intensive and the gains not worth the time spent maintaining the list.
Daisetsu
Posted 2010-12-02T12:36:47.510
Reputation: 5 195
3The problem with that approach is that, if you're constantly installing new software, you have to manually set up rules for every new program. Also, it seems a bit overkill to have to create new rules for temporary software that you're only going to use once or twice. I think a third-party firewall would be the best solution. – Sasha Chedygov – 2010-12-11T00:20:01.123
1@musicfreak I agree. If you were constantly installing or removing software a white list may not be the best tool for the job. On the other hand the majority of users tend to install new programs which require outbound internet access fairly infrequently (at least where it's vital). I will edit my post too include this drawback. – Daisetsu – 2010-12-11T00:22:41.403
1That's true, I'm just saying that I could see the need for such a feature. +1 regardless. – Sasha Chedygov – 2010-12-11T00:25:15.893
Sounds like a good idea, although the number of people who would use it are so limited from Microsoft's point of view it's not likely to happen. – Daisetsu – 2010-12-11T00:28:26.873
The problem with that approach is that, if you're constantly installing new software, you have to manually set up rules for every new program. And worse, it is not always as simple as allowing a single .exe file; there may be dependencies and interactions that complicate what accesses the Internet and specifically what needs to be allowed through and unintended side-effects. For example, how would you allow Windows Update to have access? What file would you make a rule for? svchost.exe? What about all of the other services that use it? – Synetech – 2013-02-24T21:14:36.113
5
A much better program is Binisoft's Windows Firewall Control. Its 275kb - and has awesome functions like selecting an apps window to create a rule for example and is incredibly minimal and easy to use. Unlike that app up there which I tried, its ghastly and the free version doesn't allow system processes control.
Fstarockr
Posted 2010-12-02T12:36:47.510
Reputation: 51
So this programme is entirely different from the other Windows Firewall Control? And this one is better? When you compare the features of the paid versions, can this one do things that the other cannot? – Cerberus – 2017-08-09T22:12:28.813
Users are no longer able to 'register' the app. (I contacted them and apparently this is eue to a current company takover). And without registration, notifications are disabled. – Ben – 2018-07-09T07:03:24.310
3
Good question, but unfortunately, this can't be done with the Windows Firewall. Your only choice if you absolutely need this functionality is to use a third-party firewall. There are plenty of free ones; I recommend Comodo.
Otherwise, Daisetsu is correct: setting up rules is a much better practice from a security standpoint.
Sasha Chedygov
Posted 2010-12-02T12:36:47.510
Reputation: 6 616
I thought that it had finally been added in WF for Vista/7, but apparently not; it’s still as limited as XP SP2. This makes the WF almost completely useless since most users will still need a third-party firewall. ◔_◔ – Synetech – 2013-02-24T21:17:27.517