Solved Set Windows Firewall to block everything and ask for permission

[Seymour Kelburn]

Hi!

I've been trying to set Windows Firewall to behave like that, but can't figure how.

In two lines, I want this:

- Every attempt to connect to internet is blocked, and a pop-up warns about it and ask for permission.

- There's a "remember this action" checkbox so you only have to authorize Chrome, Mozilla, utorrent and other main internet apps once.

I'm pretty sure years ago this was the default behavior of Windows Firewall, wasn't it? Anyway, I'm trying to setup firewall to this, but can't see how. I've tried the most evident tweaks in Firewall setup, but I must be missing something.

Any help? Thanks in advance!

 

[Alejandro85]

With the Windows firewall, it's not possible to do what you want. The fundamental lacking feature you're looking for are connection attempt notifications, which it doesn't have.

It has the ability to block outgoing connections (which is disabled by default), but you can enable and fine tune them on the advanced firewall settings, putting the rules to allow only certain programs to connect under certain protocols and ports. However, when a connection is blocked due to those rules, the firewall will NOT warn you (without chance of allow/deny), the program will simply fail with an access denied.

You may use a third party programs that attempt to give back those notifications. I've used Windows Firewall Notifier - Home, with limited success, but didn't find that useful. Give it a try at least. But if you really want reliable notifications, a good thing, I'm afraid you should begin to look at other, more serious firewall options.

 

[Seymour Kelburn]

Gracias mil, Alejandro, y un saludo desde Galicia.

Bad news, but at least I can stop wondering what I'm doing wrong ( ; Can't believe a "standard" firewall can't do something so basic. Amazing.

I'm a 3D/VFX guy, muy knowledge about nets and firewalls is at basic user level. Maybe that behavior I want, that seems so esasy and natural to me, is in fact something weird or difficult to manage, and that's why "home firewalls" dont give you that option. Because nobody wants that.

I tried to lock everithing with window firewall, and then create specific In and Out rules to allow Chrome, but it's not working. Don't know why. Maybe I should give permissions to some other "core" .exes, not only chrome.exe.

I'll take a look at that program you mention (thanks) and check features of the most common firewall apps, ZoneAlarm or so.

If it gets too tricky for me, I have a radical solution: That sensible machine won't be connected to Internet no longer, and problem solved.

 

[Lady Fitzgerald]

Instead of trying to make Win 7's firewall do what it really wasn't intended to so, try replacing it with ZoneAlarm's Free Firewall. I just downloaded and scanned the installation file to make sure there was no malware attached since so many websites that were once clean are now doing so. When installing it, just be alert to any toolbars, etc. being offered (you do not need ZoneAlarm's tool bar; if you can't block its installation, you can remove it later).

ZoneAlarm will provide a popup that will allow you to choose to allow or deny the outbound transmission one time only or every time. There will be quite a few popups at first but, as ZA becomes "trained", they will reduce in frequency.

 

[LMiller7]

I used ZoneAlarm years ago on Windows 2000 and Windows 98 before that. Windows 2000 didn't have a built in firewall. I rather liked it. If Windows firewall doesn't have the features you need then ZoneAlarm would probably be a good choice.

Windows firewall doesn't have some of these advanced features because they would be misunderstood and misused by many users. Remember that most Windows users know little to nothing about computers and don't want to learn.

 

[Seymour Kelburn]

That was Mac users!!!

Tonite I'll test Zone Alarm and report.

Thanks you all!

 

[Seymour Kelburn]

Zone Alarm rules.

Mark as Solved. Thanks to you all.