FirewallHardening tool

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,183
@Andy Ful
Do blocking outbound connection of lolbins also block legitimate traffic or just useless telemetry?
As it is mentioned in the FirewallHardening Help, the outbound connections are blocked by Windows policies. All outbound connection of the LOLBin is blocked.
 
  • +Reputation
Reactions: silversurfer
A

Azazel

As it is mentioned in the FirewallHardening Help, the outbound connections are blocked by Windows policies. All outbound connection of the LOLBin is blocked.
What I meant is, is the legitimate traffic from LOLBins important for windows normal functionality or just something not important.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,183
What I meant is, is the legitimate traffic from LOLBins important for windows normal functionality or just something not important.

What is unclear in the: All outbound connection of the LOLBin is blocked? :unsure:

Yes, I should write:
All outbound connections of the LOLBin are blocked.
 
Last edited:
  • Like
Reactions: Freki123
A

Azazel

What is unclear in the: All outbound connection of the LOLBin is blocked? :unsure:

Yes, I should write:
All outbound connections of the LOLBin are blocked.
The question was not about whether all traffic is blocked, but if some of the traffic is IMPORTANT for windows functionality.
Do we have any idea why they connect to Microsoft servers and what they do with it and if so connection to Microsoft's ip addresses could be whitelisted along with their port they are using.
 

JustInTime

Level 2
Feb 21, 2022
53
The question was not about whether all traffic is blocked, but if some of the traffic is IMPORTANT for windows functionality.
Do we have any idea why they connect to Microsoft servers and what they do with it and if so connection to Microsoft's ip addresses could be whitelisted along with their port they are using.
Along with firewall hardening I use Simplewall to block all connections, only allowing Apps I use like browser and F-Secure and haven't faced any issue regarding Windows functionality.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,183
The question was not about whether all traffic is blocked, but if some of the traffic is IMPORTANT for windows functionality.
Do we have any idea why they connect to Microsoft servers and what they do with it and if so connection to Microsoft's ip addresses could be whitelisted along with their port they are using.

I do not understand you. If all outbound connections of the LOLBin are blocked, that means that also some IMPORTANT connections can be blocked.
The outbound connections of LOLBins blocked by "Recommended H_C" are not "MPORTANT for Windows functionality". Some others can be important, but It depends on what you mean by "IMPORTANT for Windows functionality". Are Windows telemetry IMPORTANT? Are IMPORTANT the Windows Explorer connections to Cloudflare? Are ...., etc.
I do not know. If you do not know too, then unblock the particular LOLBin (use the FirewallHardening Log to see blocked events).
 
A

Azazel

I mean that if any problems can happen to windows functionality by blocking lolbins outside connection.
 

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
565
As a home user you should require very few ports opened outbound, TCP and UDP protocols for your Internet needs. In my case I have HTTPS (443, DNS (53), email (465, 995), Time (123), 80 & 8080 for rare needs on both IPv4 and IPv6. It is actually questionable if I need 5353, but for some reason, can't remember why, I felt the need to allow it. The following are outbound allowed (inbound and outbound blocked by default) on my Linux desktop:

UFW Rules.png
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
I mean that if any problems can happen to windows functionality by blocking lolbins outside connection.
That's why you should check the blocked connections log and have a working backup. No dev can guarantee you a 100% problem free experience. You can always be one of the 0.5% exceptional cases (number made up).
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,183
I mean that if any problems can happen to windows functionality by blocking lolbins outside connection.

You will not get the right answer to unclear questions. Please do as follows:
  1. Apply the FirewallHardening Block List "Recommended H_C".
  2. Forget about other LOLBins, because no one can be sure if some of them can on your computer cause any problems with Windows functionality (whatever that means). (y)
 
Last edited:

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
565
@Azazel

I think I understand your question, and it actually made me curious to view the list of LOLBins being blocked in FirewallHardening.

if you look at the list of LOLBins blocked in FirewallHardening, it can be seen that Andy has carefully chosen only those that will not break Windows functionality when they are blocked. Microsoft in their infinite wisdom has created an absolutely mind boggling myriad of rules in latest Windows versions for both inbound and outbound networking, most of which are not required for most home users. Things were so much simpler in XP days, made increasingly more complex with each Windows release since then.

As @Kongo mentions above, keeping logging enabled, especially if you perceive network breakage for something is happening, can be very useful for narrowing down the problem.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top