configure W7 MS firewall


  1. Posts : 332
    windows 7 premium home 64bit
       #1

    configure W7 MS firewall


    Hello Folks. All these years I've just left MS Firewall alone, basically because I haven't the faintest idea how to configure it. I thought it was time I found out, because there are dozens of entries in 'Inbound' and just as many in 'Outbound', the majority of which mean nothing to me: should they be there, should they be changed... removed... it's a mystery.
    I had a search of the forum for any tutorials on configuration but didn't see anything. Is there any advice to be had on how to run this firewall or should I maybe just leave it alone? I have no idea what is talking to who and I'm kinda suspicious.
      My Computer


  2. Posts : 2,465
    Windows 7 Ultimate x64
       #2

    The critical bit of the post is when you say: "I haven't the faintest idea how to configure it". Reality dictates that, for taking advantage of a firewall, you need a minimum of understanding of networks, communication software, TCP/IP, ports, security and the like (and I would say somewhat above the bare minimum).

    Another fact is that, Windows Firewall is practically disabled by default. Outbound connections are all allowed, and inbound have tons of rules that allow every single built-in service. So by default it provides almost zero protection against anything practical.

    To get some real benefit out of a firewall (any firewall, not just Windows built-in one) you must understand some networking, what software do you use and what network access does it requires (and what things it doesn't really needs). You must take into account your specific use case, there are very few general rules that apply to everything.

    Since you have little idea of networking, I would suggest you invest some time in learning the basics. Until then, just disable any firewall, as it does you no good at all. Then you can begin tweaking things bit by bit until you understand the practical consequenses of each and every rule.

    My personal preference is to simply delete all rules in the firewall (both incoming and outbound), block everything by default, then adding exceptions to allow specific programs do specific things. The rest of the system should be unable to access the network at all.
      My Computer


  3. Posts : 332
    windows 7 premium home 64bit
    Thread Starter
       #3

    Yes, well, I agree with everything you say.
      My Computer


  4. Posts : 16,132
    7 X64
       #4

    If you don't fancy fiddling around, you could try this little thing
    Windows Firewall Control 4 - YouTube
      My Computers


  5. Posts : 332
    windows 7 premium home 64bit
    Thread Starter
       #5

    Is it really an acceptable option to disable it completely?
    If it is not doing anything useful, quote Alejandro 85: "So by default it provides almost zero protection against anything practical" is it better to remove it?
    My personal predilection is always to maintain complete control over everything my computer does and I get nervous if it does things without asking or at least informing me.
    I see a host of entries, soon after start-up, accessing the web then they all disappear - or at least they appear to disappear; hence my concern.
    Last edited by urbanspaceman1; 31 Mar 2018 at 15:43. Reason: additional text
      My Computer


  6. Posts : 2,465
    Windows 7 Ultimate x64
       #6

    urbanspaceman1 said:
    Is it really an acceptable option to disable it completely?
    If it is not doing anything useful, quote Alejandro 85: "So by default it provides almost zero protection against anything practical" is it better to remove it?
    Although you'll better prefer a second opinion from someone else , I'll attempt to answer that myself.
    A firewall's sole purpose in life is to block unwanted network connections and only allow those you know to proceed, that's its main and only function. Now, if you configure your firewall to accept all and every connection, what good does it do for you? What risks does it attempts to mitigate?

    I cannot think of any useful purpose it serves under that conditions, I don't think it does any harm either. But it's a basic security concept that anything unused it's a potential risk and it's better left disabled, and if you're not taking any advantage out of the firewall, disable it and save its resources for something else.


    urbanspaceman1 said:
    I see a host of entries, soon after start-up, accessing the web then they all disappear - or at least they appear to disappear; hence my concern.
    Firewall rules don't change at all just for browsing. They're part of the configuration, and that don't change at all unless you do that explicitly or some programs add rules when installed. Besides, modifying firewall configuration requires administrator access, something browsers must never have.
      My Computer


  7. Posts : 332
    windows 7 premium home 64bit
    Thread Starter
       #7

    I have a 'Resources' facility that I can use to view OS activity, and looking at the Network section I see a lot of connections being made when I first boot up that generally disappear quickly.
    That was what made me suspicious and sent me looking at the firewall settings.
      My Computer


  8. Posts : 2,465
    Windows 7 Ultimate x64
       #8

    Ok, that's very much different, network connections are very volatile, and change rapidly according on what are you doing and what software are you running.
    It could be a lot of things to justify such trafic, for example programs automatically looking for updates, some DNS queries, other computers in your network pinging you, broadcast messages or even spyware trying to leak things about you.

    What to do about them is very much dependent on the exact nature of the connections. A firewall is a very good tool when dealing with rogue network activity, but you need some practice with it.
    A good learning exercise could be to look at those connections and see what process uses what port, under which protocol and to what server. Understanding those details will help in developing rules to forbid or allow connections.
      My Computer


  9. Posts : 332
    windows 7 premium home 64bit
    Thread Starter
       #9

    I devised a system whereby I video recorded the 'Resource Monitor' network page on screen after I connected to the internet, as there is too much activity to pinpoint individual addresses and PIDs. I was then able to identify what was what. However, when I go looking up these PIDs and addresses the info I get back is meaningless... at least to me anyway. I don't know if this stuff is kosher or not.
    Here's an example that has two entries with different PIDs: 3892 & 4; 239.255.255.250.
    Does it mean anything to anyone?
    3892 appears to be my computer ID.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:26.
Find Us