Jump to content

Block all outbound traffic in Windows Firewall


Batu69

Recommended Posts

Windows Firewall is the default software firewall of the Windows operating system. It is enabled automatically after installation unless another firewall has been installed already and taken over.

 

The firewall is configured for convenience and not maximum protection by default.  Microsoft configured the firewall to block all incoming connections and allow all outgoing connections except for those for which rules exist by default.

 

Any program for which no outbound rule exists may send data from the local computer to hosts on the Internet.

Programs with phone home functionality, regardless of whether it is designed to check for updates or other purposes, is allowed to do so by default.

 

Windows users may also want to be aware of what is happening in the background on their system in regards to outbound connections, as it may reveal useful information about programs and their behavior.

Blocking outbound traffic in Windows Firewall

windows-firewall outbound connections

 

To open the Windows Firewall configuration applet, do the following:

  1. Tap on the Windows-key on your keyboard.
  2. Type Windows Firewall with Advanced Security. Note: you may not need to type the full name for the result to show up.
  3. Select the entry from the results.

If that does not work, use the following method instead:

  1. Use the keyboard shortcut Windows-Pause to open the classic Control Panel.
  2. Select All Control Panel Items when the new window opens.
  3. Select Windows Firewall on the next page.
  4. Select Advanced Settings located on the left sidebar to open the advanced firewall configuration window.

Windows Firewall Configuration

Note: While it makes sense to block outbound connections by default and create rules for processes that you want them to make, blocking outbound connections may have the effect that programs or program functionality may not work properly anymore.

 

Windows Firewall in addition does not notify you when processes try to establish outbound connections. This means that you will have to check logs to find out about it, or use third-party software like Windows Firewall Control for that.

 

Getting Started

Windows Firewall may use different rules for the three profiles it supports:

  • Domain Profile for domain joined computers.
  • Private Profile for connections to private networks.
  • Public Profile for connections to public networks.

All three profiles share the same configuration by default that blocks inbound connections and allows outbound connections for which rules do not exist.

Select Windows Firewall Properties on the window to change the default behavior.

 

windows firewall configure

 

Switch the outbound connections setting from Allow (default) to Block on all profile tabs. Additionally, click on the customize button on each tab next to Logging, and enable logging for successful connections.

 

firewall enable logging

 

The changes block all outbound connections of processes unless a rule exist that allows the process to make outbound connections.

Once you are done, you may want to check out the existing outbound rules to make sure only programs that you want outbound connections to establish are listed there.

 

This is done with a click on Outbound Rules on the left sidebar of the Windows Firewall with Advanced Security window.

There you find listed rules that ship with the Windows operating system but also rules that programs have added during installation or use.

 

outbound rules

 

Rules may be very broad (allow outbound connections to any remote address), very specific (only allow outbound connections to a specific address using a specific protocol and port), or something in between.

 

You can create new outbound rules with a click on the "new rule" link under actions. This may be necessary once you notice that programs stop working correctly.

You will find all programs with update functionality in the blocked outbound connections log as they cannot contact remote servers anymore to check for updates.

 

update check failed

 

You may also notice that file uploads to the Internet won't work anymore unless you allow programs like web browsers to make outbound connections, and that web browsers may not load sites anymore.

 

Core Windows services and tools will function properly as outbound rules ship with the operating system by default. Still, some Windows features or tools may not work properly as well after you start to block all outgoing connections.

 

That's where a program like Windows Firewall Control comes into play. The program supports several options to add rules to allow programs to make outbound connections, but only one is available to free users

 

windows firewall control

 

Click on the "select program window" button and then on the window of the program that you want to allow to make outbound connections.

The registered version, available for a one-time payment of $10, adds notifications to the app which display prompts that make this process a lot easier.

 

Closing Words

It is certainly inconvenient to block outbound connections by default, and that is likely the main reason why Microsoft set outbound connections to allow by default.

While it takes time to configure the firewall properly, doing so gives you better control over your system and the programs running on it.

 

Article source

Link to comment
Share on other sites


  • Views 1.1k
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...