Stop auto creation of Windows Firewall rules

Discussion in 'Windows 10' started by xy667, Apr 2, 2017.

  1. xy667

    xy667 MDL Novice

    Jul 23, 2015
    26
    3
    0
    I have my Windows firewall rules locked down exactly like I want them but I sometimes find that when I install software or make changes on my machine there are new firewall rules that are created.

    Is there a way to stop auto creation of firewall rules when you install software or make changes? I'd rather go add firewall rules manually after installed new software or making changes.

    Is this possible?

    I'm running Windows 10 Enterprise 1703.
     
  2. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    3,741
    4,030
    120
    @Mr.X yay thanks for the very good info dude, myself also suspect something so I need verify this application with more attention:g:still thanks for the link:)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. xy667

    xy667 MDL Novice

    Jul 23, 2015
    26
    3
    0
    Thanks very much for this tip!

    I've just had a play with WFC and it seems awesome! I tried the Secure Rules option and sure enough after installing some software I know creates some firewall rules WFC deleted them!

    I also like the Connections Log, very helpful. The logfile in Windows for the firewall is a nightware to use.

    Is there a reason you mentioned the registry modifications in Windows 10?
     
  4. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,992
    13,566
    180
    Yes.
    Some say by changing permissions to read only or to be modified by only one admin account this key HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\
    you are good although I never tried before to be honest. But you can try and see if it works for you.
     
  5. xy667

    xy667 MDL Novice

    Jul 23, 2015
    26
    3
    0
    Oh I see. Thanks for mentioning this but I won't be modifying this registry keys permission.

    I think I'm sold on WFC, the Secure Rules options did it for me :worthy:
     
  6. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,992
    13,566
    180
  7. JJ2SMILY

    JJ2SMILY MDL Novice

    Mar 10, 2012
    24
    40
    0
    I assume you're using Windows Firewall under Control Panel. If so, use Windows Firewall in Local Security Policy or Local Group Policy Editor. The following steps won't prevent programs to create rules in Windows Firewall under Control Panel(not in Local Security Policy), but they will simply be ignored by Window Firewall in Local Security Policy, so you will be good. Just once in a while, check there to see what programs have created rules and delete them.

    1) Open Control Pane and set View option to Small icons. Then go to Windows Firewall - Advanced settings.
    2) Export your Windows Firewall settings by selecting Export Policy... from the context menu of Windows Firewall with Advanced Security on Local Computer.
    3) Delete all the rules from Inbound and Outbound Rules by Ctrl+A and Delete keys.
    4) Go to Control Panel - Administrative Tools - Local Security Policy.
    5) Expand Windows Firewall with Advanced Security.
    6) From the context menu of Windows Firewall with Advanced Security - Local Group Policy Object,
    - Select Import Policy... to import your firewall policy file(.wfw) created by step 2.
    - Select Properties and then click Customize... in Settings under each profile tab(Domain, Private, Public), and set No to Apply local firewall rules.
     
  8. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,992
    13,566
    180
    I ask alexandrud, WFC developer, regards your suggestion. This is his response:

    1. This does not work if you have a Home Edition of Windows which does not include Group Policy Editor. For this reason this is not a solution for everyone.
    2. Windows Firewall API won't return the firewall rules enforced through Group Policy Editor, this means these rules won't be displayed in WFC Rules Panel. However, they will be displayed in WFwAS but they will be read only. They can't be modified or removed.
    3. Setting No to Apply local firewall rules will just ignore the rules defined in WFwAS and only the rules defined in Group Policy Editor will be taken into consideration. Any new rule created through WFC or WFwAS or by a 3rd party software through netsh, will not apply at all. You will have to create any of your rules from Group Policy Editor. In this case the user is forced to use an interface similar to WFwAS, which is the reason why WFC was created.
     
  9. JJ2SMILY

    JJ2SMILY MDL Novice

    Mar 10, 2012
    24
    40
    0

    It was a reply to give another option to xy667, who has the feature with Windows 10 Enterprise and who seems to be comfortable with Windows Firewall.
     
  10. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,992
    13,566
    180
    Fair enough. I agree with you.