Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Firewall: Targeting Tricky Programs Regarding Online Access

01 May 2018   #1
iron7

7 64
 
 
Firewall: Targeting Tricky Programs Regarding Online Access

Originally posted in Security, but I think this is more of a general help question.

Some programs manage to get online despite my setting up firewall rules designed to prevent it. My method was to scan their programs folder and appdata folder for any .EXEs, and block those, but this hasn't worked. Where should I be looking & what should I be blocking?

I realize a third party firewall can be employed, but I am asking specifically about going the manual route using the native 7 firewall.

Thanks


My System SpecsSystem Spec
.
02 May 2018   #2
Alejandro85

Windows 7 Ultimate x64
 
 

First of all I must ask, how do you know that some program managed to escape your blocks? What behavior are you noticing?
Then, what rules exactly are you adding?

Have a look at enabling the firewall logs, it can show what connections where denied/allowed and pinpoint the root cause. Also you could run a network monitor tool (Process Hacker has one and I think Process Explorer too) to see in realtime the active network connections and its associated processes.

Rogue programs can bypass firewalls in a number of ways. Some add their own rules during their installation, others call some other (allowed) program to do the dirty work for them (Internet Explorer is a prime target for this, as it's almost always installed in a well-known location, and rarely secured). Having a kernel-mode driver is also possible. And of course, if the rogue program is run as administrator, it can tamper the firewall in real time.

I need to add that your approach is the wrong one. Instead of selectively blocking programs you want to prevent, do it the other way around. Block everything by default, and selectively let some programs to connect. that way, if you miss something, software cannot access the network unless you add them latter. While more work, this is the way you get the most out of the firewall. In security, always prefer to whitelist instead to blacklist.
My System SpecsSystem Spec
03 May 2018   #3
iron7

7 64
 
 

That was very helpful, thanks. Are you using the native firewall on block all out then?
My System SpecsSystem Spec
.

03 May 2018   #4
Alejandro85

Windows 7 Ultimate x64
 
 

Yes, block everything by default. At first that means you'll lose all network connectivity, but then you allow those programs you know need network access and add exceptions for them. Everything else will be blocked, even if you forgot.

Note that the Windows Firewall does this only for inbound connections (and by default has a bunch of rules that add exceptions for virtually everything) and for outgoing connections it allows them all by default. You'll get the most protection from the outgoing ones rather than inbound actually.
My System SpecsSystem Spec
03 May 2018   #5
iron7

7 64
 
 

Right, thanks again. I was just curious if you yourself have stayed with the native FW only, but I understand if you'd rather not comment.
My System SpecsSystem Spec
03 May 2018   #6
Alejandro85

Windows 7 Ultimate x64
 
 

I still use the built-in Windows Firewall, and for most simple purposes I can recommend it (since Vista and later, not the one in XP). Not a great secret really and neither though it would matter what do I use
I find it adequately good, not quite impressive but certainly good enough for me and many other things.

Of course, most things I said about its configuration and the like applies equally to any other firewall and even other OSs, if anyone wants to try something different.
My System SpecsSystem Spec
Reply

 Firewall: Targeting Tricky Programs Regarding Online Access




Thread Tools




Similar help and support threads
Thread Forum
Firewall Tweaking: Targeting Tricky Programs Regarding Online Access
I have noticed some programs manage to get online despite my setting up firewall rules designed to prevent it. My method was to scan their programs folder and appdata folder for any .EXEs, and block those, but this hasn't worked. Where should I be looking & what should I be blocking? I realize a...
System Security
Windows Firewall not allowing programs through firewall
I'm trying to have my firewall allow the PS3 Media Server through it, but it doesn't let me. It says "Windows firewall cannot allow PS3 Media Server to the list of exceptions." I tried other programs, same result. Tried again through the advanced settings>inbound rules, and I get this message "An...
System Security
Unidentified Network, No internet access, tricky problem.
Wow. I am officially stumped. Maybe someone here can offer some insight. I have a brand new Toshiba Satellite, nothing special, but it gets the job done. I don't have internet at home and go to multiple locations to get wi-fi. The one I use the most is a hotel down the street. It has the...
Network & Sharing
a tricky problem: cannot get access to my files
hi everyone! thanx to some of you my pc managed to recover from a serious crash a week ago. now, everything is up again and running. except for one pretty important partition with all my music and foto stuff on it. the problem is, although i can see what is on the partition, i cannot get access to...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:56.
Twitter Facebook Google+