Block or Unblock Programs in Windows Defender Firewall

By Mitch Bartlett 15 Comments

In Microsoft Windows 10 you can set the Windows Defender Firewall to block or unblock certain applications. Here’s how.

1. Select the “Start” button, then type “firewall“.
2. Select the “Windows Defender Firewall” option.
3. Choose the “Allow an app or feature through Windows Defender Firewall” option in the left pane.
   
4. Unchecking the box to the left of the application name disallows it from accessing network resources, while checking it allows access. You can also check the boxes to the right of the name labeled “Private” or “Public” to allow and disallow the app on private or public networks respectively.
   
5. If the program you wish to block or unblock is not listed, you can click the “Allow another app…” button to add it. Choose the application in the list and select “Add“. If the program is not in this list, use the “Browse…” button to select the program file manually.

You Might Also Like

Filed Under: Windows Tagged With: Windows 10

Reader Interactions

Comments

Susan Olson says

No…I am definitely not a pro…so a little more explanation would be great…say, what about gallery or settings….?

Susan Olon says

Could you give me an example as to what applications should NOT cross the firewall??

Any application can block any crack microsoft office .. can you help me how to block any crack microsoft on my laptop ..

Richard Jordan says

The firewall is blocking access to open areas of the United Nations website. Even public press releases. How do I uninstall Micrsoft Edge, if that is what is blocking me.

So, what’s the meaning of a checked box and an unchecked box?
I am trying to allow zoom to have access but firewall is blocking it.

I’m trying to block Microsoft family features so it won’t send me the annoying pop-ups about signing in.

I’m on the correct thing but I can’t uncheck the box beside it. If I click the box it does nothing,

Do we have any registry settings for the same.

Thanks, it worked

What if when you click “Allow another app” and then Choose the app in the directory and it gives an error about a possible virus?

Josh Everett says

Is there any way to do this without Administrator rights?

Settings for some pro, doesn’t change!
its somehow locked, as if a registry rule is overriding this windows rules.

Richard S Nye says

I have been trying for hours to Block “Fortnite” from my PC windows 10

Edwin Wetzel says

nothing helps. i’ve been trying to hook up my wifi scanner and i’ve been doing this for hours without any success. i’ve followed all the different procedures on line including going into the defender advanced settings and allowing file and printer sharing rules and still does not work.

What if you cant click the “Allow the app or feature through windows defender firewall”?

Mike Bading says

Mitch,
First, I hope this note finds all well with you and yours.
Second, thank you for your effort here.
Third, my question(s):
What do you do when Windows Defender keeps resetting Microsoft Apps you have unchecked/deselected in Windows 10 Home or Windows 10 Pro?
Example: Let’s say I wish to block Cortana (or any other app). I then follow your instructions here and uncheck/deselect all the boxes pertaining to Cortana and then close the window.
Let’s say, that for whatever reason(s), I return to the window in your example only to find that Windows has reset/unblocked Cortana without notice and without my permission. This would happen all the time in Win10Home; and I would like to know if this would happen in Win10Pro and what to do about it if it does.

Respectfully,
Mike Bading

Did this help? Let us know! Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Recent Posts

Who’s Behind Technipages?

My name is Mitch Bartlett. I’ve been working in technology for over 20 years in a wide range of tech jobs from Tech Support to Software Testing. I started this site as a technical guide for myself and it has grown into what I hope is a useful reference for all.

Follow me on Twitter, or visit my personal blog.

Windows Firewall: блокировка доступа в Интернет, исходящего и входящего трафика

В статье мы рассмотрим, как заблокировать входящий или исходящий Интернет трафик любому приложению с помощью Windows Firewall . Современную жизнь трудно представить без соединения с интернетом. Все мобильные телефоны, планшеты, компьютера и ноутбуки постоянно взаимодействуют между собой в рамках локальной сети или получают, и отправляют информацию в Интернет. Как бы мы не зависли от сети, в определенных случаях необходимо заблокировать доступ в Интернет некоторым приложениям .

Для чего это может понадобится? Блокировка входящего трафика позволяет отключить не нужные обновления ПО, назойливую рекламу или экономить трафик. Блокировка исходящего – может предотвратить распространение конфиденциальной информации. Возможно вы захотите ограничить вашего ребенка от просмотра нежелательного контента или чрезмерного проведения времени за онлайн играми. В статье мы рассмотрим, как заблокировать входящий или исходящий трафик любому приложению с помощью Windows Firewall. Это наиболее простой и одновременно гибкий способ блокировки доступа.

Мы рассмотрим работу фаервола в Windows 10, однако эта инструкция будет работать и для пользователей Windows 8 или 7.

Создание правила брандмауэра Windows

Для начала необходимо запустить расширенный интерфейс межсетевого экрана. Для этого перейдите в панель управления, выберите режим отображения крупные значки и кликните «Брандмауэр Windows» . Панель управления можно вызвать, кликнув правой кнопкой мышки по кнопке Пуск и выбрав нужный пункт меню, или нажать Пуск и затем ввести Панель управления . В окне брандмауэра нужно кликнуть на Дополнительные параметры .

Расширенный интерфейс брандмауэра содержит множество настроек. Вносите все изменения максимально внимательно, в точности следуя этой инструкции. Не правильная настройка приведет к множеству проблем в работе компьютера.

В левой навигационной панели выберите «Правила для исходящего подключения» . Система отобразит все созданные ранее правила, не удивляйтесь, что список заполнен десятками различных записей, созданных Windows.

В правой панели кликните на «Создать правило» .

По умолчанию предлагается создать правило для программы, подтвердите выбор нажав кнопку Далее .

На следующем шаге необходимо указать путь к исполняемому файлу программы для блокировки. На примере браузера Opera мы проверим блокировку подключения к интернету. Вы можете как внести полный путь к exe файлу вручную, так и воспользоваться кнопкой Обзор .

В последнем случае система автоматически заменит часть пути файла на переменную окружения. В нашем случае файл находится по адресу C:\Program Files\Opera\45.0.0.255225846\opera.exe , но брандмауэр автоматически заменяет путь на %ProgramFiles%\Opera\45.0.0.255225846\opera.exe .

Важно : По ряду причин переменные окружения могут неправильно определяться системой. Если вы столкнулись с тем, что созданное правило блокировки не работает – отредактируйте правило, вставив полный путь к файлу в поле ввод вручную.

Тоже важно : В большинстве случаев достаточно заблокировать исполняемый файл программы, для ограничения доступа к интернету. Но этот подход может не сработать для онлайн игр. К примеру, если вы хотите заблокировать возможность подключения к игровым серверам Minecraft, блокировать нужно приложение Java (исполняемый файл Javaw.exe). Так как игра подключается к сети Интернет через Java.

Подтвердите выбор файла нажав кнопку Далее .

На следующем шаге подтвердите выбор «Блокировать подключение» нажав кнопку Далее .

Block all outbound traffic in Windows Firewall

Windows Firewall is the default software firewall of the Windows operating system. It is enabled automatically after installation unless another firewall has been installed already and taken over.

The firewall is configured for convenience and not maximum protection by default. Microsoft configured the firewall to block all incoming connections and allow all outgoing connections except for those for which rules exist by default.

Any program for which no outbound rule exists may send data from the local computer to hosts on the Internet.

Programs with phone home functionality, regardless of whether it is designed to check for updates or other purposes, is allowed to do so by default.

Windows users may also want to be aware of what is happening in the background on their system in regards to outbound connections, as it may reveal useful information about programs and their behavior.

Blocking outbound traffic in Windows Firewall

To open the Windows Firewall configuration applet, do the following:

1. Tap on the Windows-key on your keyboard.
2. Type Windows Firewall with Advanced Security. Note: you may not need to type the full name for the result to show up.
3. Select the entry from the results.

If that does not work, use the following method instead:

1. Use the keyboard shortcut Windows-Pause to open the classic Control Panel.
2. Select All Control Panel Items when the new window opens.
3. Select Windows Firewall on the next page.
4. Select Advanced Settings located on the left sidebar to open the advanced firewall configuration window.

Windows Firewall Configuration

Note : While it makes sense to block outbound connections by default and create rules for processes that you want them to make, blocking outbound connections may have the effect that programs or program functionality may not work properly anymore.

Windows Firewall in addition does not notify you when processes try to establish outbound connections. This means that you will have to check logs to find out about it, or use third-party software like Windows Firewall Control for that.

Getting Started

Windows Firewall may use different rules for the three profiles it supports:

• Domain Profile for domain joined computers.
• Private Profile for connections to private networks.
• Public Profile for connections to public networks.

All three profiles share the same configuration by default that blocks inbound connections and allows outbound connections for which rules do not exist.

Select Windows Firewall Properties on the window to change the default behavior.

Switch the outbound connections setting from Allow (default) to Block on all profile tabs. Additionally, click on the customize button on each tab next to Logging, and enable logging for successful connections.

The changes block all outbound connections of processes unless a rule exist that allows the process to make outbound connections.

Once you are done, you may want to check out the existing outbound rules to make sure only programs that you want outbound connections to establish are listed there.

This is done with a click on Outbound Rules on the left sidebar of the Windows Firewall with Advanced Security window.

There you find listed rules that ship with the Windows operating system but also rules that programs have added during installation or use.

Rules may be very broad (allow outbound connections to any remote address), very specific (only allow outbound connections to a specific address using a specific protocol and port), or something in between.

You can create new outbound rules with a click on the «new rule» link under actions. This may be necessary once you notice that programs stop working correctly.

You will find all programs with update functionality in the blocked outbound connections log as they cannot contact remote servers anymore to check for updates.

You may also notice that file uploads to the Internet won’t work anymore unless you allow programs like web browsers to make outbound connections, and that web browsers may not load sites anymore.

Core Windows services and tools will function properly as outbound rules ship with the operating system by default. Still, some Windows features or tools may not work properly as well after you start to block all outgoing connections.

That’s where a program like Windows Firewall Control comes into play. The program supports several options to add rules to allow programs to make outbound connections, but only one is available to free users

Click on the «select program window» button and then on the window of the program that you want to allow to make outbound connections.

The registered version, available for a one-time payment of $10, adds notifications to the app which display prompts that make this process a lot easier.

Closing Words

It is certainly inconvenient to block outbound connections by default, and that is likely the main reason why Microsoft set outbound connections to allow by default.

While it takes time to configure the firewall properly, doing so gives you better control over your system and the programs running on it.