Firewall in Windows for me confused. I don't even know if its working, so here are some questions: 1. If I were to delete all Inbound and Outbound rules in Windows 10 Firewall settings, what would that do? Would firewall then allow or block default Windows 10 services/processes communications? 2. Why is it that some internet programs ask for Windows Firewall permissions while others do not? For example, if I were to delete all Inbound and Outbound rules, then launch Steam, Windows Firewall permission would appear for Steam Bootstrapper, but not Steam itself. Windows Firewall permission notifications never show up for MS Edge (the new Edgium), Uplay, Origin, a ton of other internet/network-using programs, but do show up for Chrome... 3. What does it actually mean to give a program firewall permission for either Public or Private usage? If, for example, I create a manual Inbound and Outbound rule for CCleaner.exe and CCleaner64.exe to be blocked, then the update notification would not show up. That means the blocking rules worked. However, if I delete all Chrome-related Inbound and Outbound rules, launch Chrome, deselect everything during Firewall Notification (which is equivalent of having Chrome blocked for Inbound-only), Chrome still connects just fine to all websites, downloads, etc. Why does firewall block CCleaner, but not Chrome? 4. Since CCleaner.exe/CCleaner64.exe blocking works, then I assume my Windows Firewall works, but neither TinyWall nor Malwarebytes Windows Firewall Control start for me. They both have issues with their services not starting and I think it's due to over-tweaking/NTLitening . 5. There used to be a portable Firewall App/Utility that did work and I recall it having black/dark theme (black/dark background, white font). Does anyone know which one that was? It was portable for sure...
i never like that app CCleaner and tinywall hasnt been updated sense 2016 ....leave the firewall setting to default.
1. you will break connectivity...you need at least some "core rules" 2. You can disable notifications in windows firewall (properties/customize/display a notification) : 3. Public Private and Domain are related to your network connection (or adapter settings). Usually home computer are private network. 4. You should really learn about whitelist mode (thanks CODY for your brillant work btw)...save you some hassle. WFC is really useful for me, it's just a front UI for windows firewall, and make settings and rules much more clear... In your case, you could lock firewall registry key with NSudo+setACL, as a way to prevent applications to add rules. Adding rules via script and context menu is relatively easy: learn about netsh advfirewall commands. Then you can adapt a script with those Nsudo and SetACL commands I shared in CODYQX4 post (answer to 1.) to unlock/add rule/lock again. Seems you are constantly running in problems and seems you know why, maybe one day you'll put the pieces together.
> 1. If I were to delete all Inbound and Outbound rules in Windows 10 Firewall settings, what would that do? Would firewall then allow or block default Windows 10 services/processes communications? Deleting enabled Inbound rules (Outbounds usually have no effect as outbound connections are allowed by default) may cause issues with whatever programs that rely on those rules to perform certain tasks. > 2. Why is it that some internet programs ask for Windows Firewall permissions while others do not? I haven't look much into this but as far as I know, certain programs like Apache HTTP Server may trigger the Firewall alert when it attempts to create a new rule in the firewall for itself. > 3. What does it actually mean to give a program firewall permission for either Public or Private usage? If, for example... Chrome still connects just fine to all websites... Why does firewall block CCleaner, but not Chrome? Public means that the rule applies to connections that are in the Public group. Chrome still works because the things you do on it:- connect to website, makes it to use outgoing Internet connection via common ports (i.e. TCP 80 & 443) that is allowed by default in the firewall. Try create an outbound rule that blocks TCP, remote ports "80, 443" and apply to all profiles, and you'll find that you can no longer get to websites. Or try an outbound rule to block ICMPv4, all ports & all profiles, and you can no longer ping.
The only time I mess with firewall is if an app I need to access internet asks for permission or I do not want an app to access internet due to activation issues.