Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How do you block Regsvr32.exe/Regsvr64.exe using windows firewall?

25 Apr 2016   #1
groze

W7 32 bit, Linux Mint Xfce 18 64 bit
 
 
How do you block Regsvr32.exe/Regsvr64.exe using windows firewall?

You can run any app on Windows machines by exploiting this security flaw (website)


How do you block Regsvr32.exe/Regsvr64.exe using windows firewall?

I figured out how to create custom rule to block it. My question is do you create rules for both inbound & outbound connection?

If exist where is Regsvr64.exe located on windows 7, 8, or 10?






My System SpecsSystem Spec
.
25 Apr 2016   #2
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

I don't use Wimdows Firewall do I don't know how to use it.

RE: regsvr64.exe - I don't see it on my 64bit machine.

VoodooShield blocks regsvr32 by default and there's no option to block regsvr64 so I guess that it doesn't exist.
How do you block Regsvr32.exe/Regsvr64.exe using windows firewall?-voodooshield-settings.jpg
EDIT:

Found these paths to block:

Block %systemroot%\System32\regsvr32.exe and %systemroot%\SysWoW64\regsvr32.exe from network access

Note: SysWoW64\regsvr32.exe on a 64bit machine.

Maybe someone who uses Windows Firewall can post the solution?


My System SpecsSystem Spec
25 Apr 2016   #3
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Okay it looks like only outbound connections need to be blocked as the exploit will attempt to connect to a URL.

The Powershell command to create a new rule should be:

New-NetFirewallRule -DisplayName "Block Regsrvr32" -Program "%SystemRoot%\System32\regsvr32.exe" -Direction Outbound -Action Block

and for 64bit:

New-NetFirewallRule -DisplayName "Block Regsvr32" -Program "%SystemRoot%\SysWOW64\regsvr32.exe" -Direction Outbound -Action Block
How do you block Regsvr32.exe/Regsvr64.exe using windows firewall?-administrator_-elevated-command-prompt-powershell.jpg
If you plan on upgrading to Windows 10 you'll need to use full paths:

"C:\Windows\System32" and "C:\Windows\SysWow64" instead of "%SystemRoot%\System32\" and "%SystemRoot%\SysWOW64\"


My System SpecsSystem Spec
.

25 Apr 2016   #4
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

I've blocked regsvr32.exe in my firewall anyway. (Even though it's already blocked from running by VoodooShield)

Thanks for posting!
How do you block Regsvr32.exe/Regsvr64.exe using windows firewall?-firewall.jpg


My System SpecsSystem Spec
27 Apr 2016   #5
Brds7t7

Windows 7 Pro 64-Bit, Windows 7 Ultimate 64-Bit, Windows 8.1 Pro 64-Bit
 
 

I also couldn't find a regsvr64.exe on my system, same as Callender I just have regsvr32.exe in those two locations.

Blocked using Comodo!

How do you block Regsvr32.exe/Regsvr64.exe using windows firewall?-capture-02.png


My System SpecsSystem Spec
Reply

 How do you block Regsvr32.exe/Regsvr64.exe using windows firewall?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Block Firefox with Windows Firewall ?
Is there a way to block Firefox traffic to only 'Public Network' ?? I use OpenVPN and when it's connected it shows as an Unidentified network, Public network. I have managed to block my torrent client to only work when my VPN is active by using Win firewall and blocking it from Domain and Private...
Network & Sharing
Set Windows Firewall to block everything and ask for permission
Hi! I've been trying to set Windows Firewall to behave like that, but can't figure how. In two lines, I want this: - Every attempt to connect to internet is blocked, and a pop-up warns about it and ask for permission. - There's a "remember this action" checkbox so you only have to...
System Security
Windows firewall help allow all, block some
How does one make windows firewall allow everything to go through, but block specific exe's from having any outgoing/incoming connections?
System Security
How do i block firefox using windows firewall ?
Hi, Is there a way for me to block firefox from accessing internet using windows 7 firewall ? I've set inbound and outbound rules to block connection from all port, all ip address and all network type (public,home,work) but to no avail, firefox can still browse the internet. I managed to block...
System Security
Have Windows Firewall prompt you to allow or block??
is there a way to make windows firewall to prompt you to whether to block or allow all programs that want to connect to the internet (e.g. MS Word, pidgin, or skype) ? Thanks in advance.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:19.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App