Advice Request [Discuss] Recommendation for Which Ports and Windows Services should be blocked via Windows Firewall?

Please provide comments and solutions that are helpful to the author of this topic.

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
Hello everyone,
after conflicting between Tinywall and my VPN (which was blocked whatever related process or executable being white listed) i decided to uninstall Tinywall and depend on myself to configure windows firewall via advanced settings.
so the first question:
which windows services should be blocked that affecting windows 10 to function well.
by default i tried to block all remote access related services and process (rarely used and always used for malware sneaking and dropping such as all services under :Windows remote management ,Windows managment instrumentation (WMI),Windows Defender Firewall Remote Management (RPC),Remote Volume Management (RPC-EPMAP),Remote Desktop - (TCP-WS-In),Remote Desktop ,
Remote Event Log Management (RPC),Remote Administration (NP-In),Remote Desktop - (TCP-WS-In),Remote Shutdown,File and Printer sharing (donot use them in home network)
  1. for Windows Peer to Peer Collaboration Foundation (PNRP-In) is it service required by torrent download or may be blocked ?
  2. for WFD ASP Coordination Protocol (UDP-In),BranchCache services shall be allowed or blocked ?
  3. guide for which windows firewall shall be allowed except for programs which i could troubleshoot ( i mean windows services)
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
You might try 2.99.xx beta, which is very close to release and stable. It is an entirely new version and completely separate from WF, unless you wish to use both together (for which he has built-in rules).
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
This may not directly answer your question but you can also try WFC or SimpleWall since they would have notified you which process is asking for internet connection and you would know what you should have allowed to make your VPN work.
i read that there is specific policy could be adjusted to make windows firewall pop notification about any program try to connect the internet ( iam trying to figure out which one :) ) but i donot know is it applicable for windows built in services or not ?? :unsure::unsure:
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
i read that there is specific policy could be adjusted to make windows firewall pop notification about any program try to connect the internet ( iam trying to figure out which one :) ) but i donot know is it applicable for windows built in services or not ?? :unsure::unsure:
Really! :oops: Let me know if you find such option.
 
  • Like
Reactions: DDE_Server

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
You might try 2.99.xx beta, which is very close to release and stable. It is an entirely new version and completely separate from WF, unless you wish to use both together (for which he has built-in rules).
Thanks for the suggestion may try it :):)
do you remember which layers is checked first for connection ? WPF or WF rules and if this is better or configuring windows firewall rules directly ?

when i get it i will tell you if my understanding is correct :):)
 
F

ForgottenSeer 85911

Hello everyone,
after conflicting between Tinywall and my VPN (which was blocked whatever related process or executable being white listed) i decided to uninstall Tinywall and depend on myself to configure windows firewall via advanced settings.
so the first question:
which windows services should be blocked that affecting windows 10 to function well.
by default i tried to block all remote access related services and process (rarely used and always used for malware sneaking and dropping such as all services under :Windows remote management ,Windows managment instrumentation (WMI),Windows Defender Firewall Remote Management (RPC),Remote Volume Management (RPC-EPMAP),Remote Desktop - (TCP-WS-In),Remote Desktop ,
Remote Event Log Management (RPC),Remote Administration (NP-In),Remote Desktop - (TCP-WS-In),Remote Shutdown,File and Printer sharing (donot use them in home network)
  1. for Windows Peer to Peer Collaboration Foundation (PNRP-In) is it service required by torrent download or may be blocked ?
  2. for WFD ASP Coordination Protocol (UDP-In),BranchCache services shall be allowed or blocked ?
  3. guide for which windows firewall shall be allowed except for programs which i could troubleshoot ( i mean windows services)

you do not need to use TinyWall to have good firewall protection nor a front end like WFC to control Windows Firewall Control
in fact, programs like that are crutches that you come to depend upon to do stuff you should figure out and learn this stuff on your own
such programs keep you in ignorance
however you do need to learn netsh or powershell to create the rules, which is easier than using the Windows Firewall GUI

to answer your questions, you do not need PNRP-In (which requires IPv6) for torrent download (which sort of makes all this hardening moot since you are doing high risk activity), WFD ASP Coordination Protocol not needed, and there are no centralized guides on how to harden Windows Firewall there is a hodge podge of guide and information scattered across the web
you might start here Harden Windows 10 for Security. How to secure Windows 10. which has some decent tips
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
you do not need to use TinyWall nor any other software to control Windows Firewall
however you do need to learn netsh or powershell to create the rules, which is easier than using the Windows Firewall GUI

to answer your questions, you do not need PNRP-In (which requires IPv6) for torrent download (which sort of makes all this hardening moot since you are doing high risk activity), WFD ASP Coordination Protocol not needed, and there are no centralized guides on how to harden Windows Firewall there is a hodge podge of guide and information scattered across the web
you might start here Harden Windows 10 for Security. How to secure Windows 10. which has some decent tips
Thanks for the reply .i am reading interesting book called "Computer Networking a Top down Approach " to gain some networks basics to gain some knowledge
 
  • Like
Reactions: Protomartyr
F

ForgottenSeer 85911

Thanks for the reply .i am reading interesting book called "Computer Networking a Top down Approach " to gain some networks basics to gain some knowledge

to learn WIndows Firewall you must do
it is all trial and error
if you wanted you yourself could just have networking for browser, DNS, DHCP and Windows Updates if you wanted, all else would be blocked by merely using 4 or 5 firewall allow rules
reading a book will help very little because it will not give you all the details you need to harden Windows Firewall
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
to learn WIndows Firewall you must do
it is all trial and error
if you wanted you yourself could just have networking for browser, DNS, DHCP and Windows Updates if you wanted, all else would be blocked by merely using 4 or 5 firewall allow rules
reading a book will help very little because it will not give you all the details you need to harden Windows Firewall
just knowing a glance about protocols give me some insights about which core networking services require as API for the different software and which is complementary and could be blocked .

i
You can follow the "Umbra way":
I know it the original post was by me ;);)
i want to try by myself to learn
 
F

ForgottenSeer 85911

Windows is a general OS hence it is shipped as one layer of garbage atop another layer of garbage
just knowing a glance about protocols give me some insights about which core networking services require as API for the different software and which is complementary and could be blocked .

you have to start learning somewhere
learning ports and associated services is the basis of most firewall blocking

and what you are doing is more than almost all on forums
i just pointed out a book will not give the step-by-step how-tos
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
i also exported the policy of windows firewall created by Tinywall may i i import it again and see which one is blocked by default
:unsure::unsure::unsure:
 
  • Like
Reactions: [correlate]
F

ForgottenSeer 85911

i

I know it the original post was by me ;);)
i want to try by myself to learn

get yourself a notebook
search the web
read take notes
trial and error by doing

i also exported the policy of windows firewall created by Tinywall may i i import it again and see which one is blocked by default
:unsure::unsure::unsure:

importing the TinyWall rule set into native Windows Firewall probably not possible (without TinyWall installed)
ask TinyWall dev
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
get yourself a notebook
search the web
read take notes
trial and error by doing
Good advice thanks

Windows is a general OS hence it is shipped as one layer of garbage atop another layer of garbage


you have to start learning somewhere
learning ports and associated services is the basis of most firewall blocking

and what you are doing is more than almost all on forums
i just pointed out a book will not give the step-by-step how-tos
but the most widely garbage OS used and the most one used for the most developed software :LOL::LOL:
 
  • Like
Reactions: [correlate]
F

ForgottenSeer 85911

but the most widely garbage OS used and the most one used for the most developed software :LOL::LOL:

it is OEMs, business and gaming that keep Windows afloat
Microsoft itself wants to get out of Windows OS biz
wait until Microsoft starts charging subscription to home users which it will eventually do

i exported policy (.WFW) after being created by Tinywall not the exported rules from Tinywall itself

then you should be able to import it
there is a WF restore function so it will set everything back to defaults if it causes breakage
mind you your custom changes can be lost
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
it is OEMs, business and gaming that keep Windows afloat
Microsoft itself wants to get out of Windows OS biz
wait until Microsoft starts charging subscription to home users which it will eventually do



then you should be able to import it
there is a WF restore function so it will set everything back to defaults if it causes breakage
mind you your custom changes can be lost
what about "BranchCache Content Retrieval (HTTP-In)" is it necessary ??
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top