Batu69 Posted August 27, 2015 Share Posted August 27, 2015 Most of the time we want our applications online and connected to both our local network and the greater Internet. There are instances, however, when we want to prevent an application from connecting to the Internet. Read on as we show you how to lock down an application via the Windows Firewall.Why Do I Want To Do This?Some of you might have been sold immediately by the headline, as blocking an application is exactly what you’ve been wanting to do. Others may have opened this tutorial curious as to why one would block an application in the first place.Although you generally want your applications to have free access to the network (after all what good is a web browser that can’t reach the web) there are a variety of situations in which you may wish to prevent an application from accessing the network.Some simple and commonplace examples are as follows. You might have an application that insists on automatically updating itself (but those updates break some functionality and you wish to stop the updates). You might have a video game that you’re comfortable with your child playing, but you’re not so comfortable with the online (and unsupervised) multiplayer elements. You might be using an application with really obnoxious ads that can be silenced by cutting off the application’s Internet access.Regardless of why you want to drop the cone of network connectivity silence over a given application, a trip into the guts of the Windows Firewall is an easy way to do so. Let’s take a look at how to block an application from accessing the local network and Internet now.Creating a Windows Firewall Rule Link to comment Share on other sites More sharing options...
mike.mt Posted August 28, 2015 Share Posted August 28, 2015 Most of the time we want our applications online and connected to both our local network and the greater Internet. There are instances, however, when we want to prevent an application from connecting to the Internet. Read on as we show you how to lock down an application via the Windows Firewall.Creating a Windows Firewall Rule@Batu69.....Cheers for the well meaning input, but sadly the artcle falls short of the desired result to lockdown all traffic.The tutorial is correct to the point regarding applying rules through the Windows Firewall Advanced GUI. But by deploying rules in this manner will not prevent new apps with admin privilege’s / new software installs run as Admin from making changes.So before any members follow the guide's route and fall into a false sense of security they best comprehend the following:With rules set through Windows Firewall with Advanced Security snap-in any new application running with Administrator rights can create it's own rule to completely override user settings. This applies to all Win versions with WFAS.How can this be prevented ????A computer will not allow any firewall local exceptions not set by group policy.First (If not installed) you must open the local group policy settings by opening mmc going to File->Add/Remove Snap-In... And add the Group Policy Object Editor for your local computer.If already installed open the Run box. Type gpedit.msc then press enter keyFrom there navigate to Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile\ and there are two settings you want to set to disabled, Windows Firewall: Allow local port exceptions and Windows Firewall: Allow local program exceptions.Once those are set you can no longer make any changes to the windows firewall using the Windows API, including going in by hand and editing it via advanced settings. If you want to enable a exception you will need to do it through the group policy now. You can set the rules up in Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security - Local Group Policy Object. These rules will be the only rules in effect on your system.If you are on a domain you just need to use the domain group policy tools instead of the local ones.The only other alternatives are to deploy apps similar to Win 10 Firewall Control, WFC etc. that are based on the Windows Filtering Platform (WFP), that allow new traffic requests to be blocked as default. Or apply an independent firewall app.To prove the point a user can set up the native Win Firewall as the linked guide describes. Install an app as Admin that makes outgoing connection requests for updates etc. Then take a look @ the newly created FW rules.BRMike Link to comment Share on other sites More sharing options...
humble3d Posted August 29, 2015 Share Posted August 29, 2015 Yes, if more users would look into using: Type gpedit.msc then press enter key...They would soon learn how owned by msft they are and that they have beengiving "consent" to msft to own their machines...Everything in this life IS rigged... :ph34r: They are so smart that they could be space aliens... :lol: The original post should be very useful for those uninitiated... :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.