Outbound connections are allowed by default in Windows Firewall unless there is a specific block rule. Windows has a lot of outbound allow rules that are enabled by default when you install it and no block outbound rules. I want to understand the reason behind it. it seems like they are unnecessary and without any of the allow rules, everything should work fine.
1 Answer
If you examine the list of outbound rules, you will find that the large majority of then were created by application, probably at the time that they were installed. The reason is to assure connectivity for that app, whatever other rules exist (unless some rule explicitly blocks, as Block has the precedence over Allow).
This behavior might have been inspired by Microsoft articles such as Checklist: Creating Outbound Firewall Rules:
Important: By default, outbound filtering is disabled. Because all outbound network traffic is permitted, outbound rules are typically used to block traffic that is not wanted on the network. However, it is a best practice for an administrator to create outbound allow rules for those applications that are approved for use on the organization’s network. If you do this, then you have the option to set the default outbound behavior to block, preventing any network traffic that is not specifically authorized by the rules you create.
This seems to say that app-specific outbound rules are good, because they can ensure that this application will continue on working when otherwise it might be blocked by some general filtering.
-
I see, thank you, I tried keeping the same rules but enabled Outbound filtering, many things from Windows components stopped working because they couldn't connect to the Internet. so the Outbound allow lists don't include every Microsoft/Windows program and service.– user1737559Commented Oct 10, 2022 at 15:50
-