1

I currently have Windows 10 and noticed a process with the firewall that does not sit well with me.

I have noticed that several windows programs will automatically add entries into the firewall without consulting me or notifying otherwise. This is not an issue (per se) seeing as the programs being entered don't do anything crazy that could compromise my system. However, I do have my firewall STRICTLY managed and keep it's entries as organized as possible, so seeing this being automatically entered freaks me out.

Is there a way to ensure that no entry can be "Automatically" entered and requires direct user confirmation or direct user entry?

Pictures for reference

List of (annoying) firewall exceptions

  • Here is the picture of the items that keep entering themselves. I also noticed some of them, even though I blocked the connections will actually add duplicate exceptions ...

NOTICE

I was referenced this solution here by Ƭᴇcʜιᴇ007, however this solution does not work for me because it disables ANY and ALL modification ... even manual entries. I will use this as a last result if nothing else works

Improve this question
1

3 Answers 3

Reset to default
1

I think it's the metro apps that do it; almost 100 firewall rules are created per user. But I don't know how you can stop it, except by completely disabling all metro apps. As long as you don't have a ton of users that keep creating new profiles, it shouldn't be a problem. Otherwise, you can see svchost.exe pegging at 25% cpu, after a new user logs in.

EDIT:

counting the firewall rules with powershell:

get-netfirewallrule | measure-object
get-netfirewallrule -policystore configurableservicestore | measure-object

A lot of them you can't see in the control panel. I would only delete them if they're owned by an sid that no longer has a profile.

Improve this answer
1
  • While this answer is informative (if it's actually correct information) it does not actually answer the author's question. Please edit your answer, and in specific detail, answer the author's question. The reason the firewall rules are created does not answer the author's question. There is no need to reply to this comment, responses which include the phrase, "I don't have enough reputation to submit a comment" will simply be flagged for not being constructive.
    – Ramhound
    Commented Jan 30, 2017 at 20:47
1

No. There appears to be no way to prevent a program to add itself to the windows 10 (v1903 as of the moment) firewall inbound ruleset. Windows apparently has a built-in list of trusted programs/providers that are allowed to add firewall rules. It does not seem to allow changing existing rules. Outbound are by default set to allow by windows, unless you have enabled the outbound firewall as well - I have not seen examples of automatic added rules for outbound connections, only inbound (which is also the most problematic).

A workaround is to let the program(s) add their rules and then have a copy of the added rules set to block connection or use impossible high encryption. The restrictions should take priority and effectively block the program.

Improve this answer
1

It is very possible. Instead of changing the firewall as you are now; do it via the policy editor (gpedit.msc) and create / remove your entries there. You can see where to navigate to via the screenshot.

http://woshub.com/wp-content/uploads/2019/08/configuring-windows-firewall-inbound-rules-via-gpo-768x369.png

If you have a look through the options you will see that it is possible to avoid merging rules with the "other" firewall settings.

http://woshub.com/windows-firewall-settings-group-policy/

That way, the rules automatically added to the firewall do not actually affect the main firewall controlled by gpedit.

I am finding it hard to explain but frankly it is because the whole thing is a bit of a mess. Think of the non-gpedit firewall as the "consumer firewall" and the gpedit one as the "administrator firewall". If you lock down the firewall securly and tell it to ignore the consumer firewall apps and scripts seem to be unable to change the group policy firewall settings.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .