FirewallHardening tool

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
Azazel said:
@Andy Ful
Do blocking outbound connection of lolbins also block legitimate traffic or just useless telemetry?
Click to expand...
As it is mentioned in the FirewallHardening Help, the outbound connections are blocked by Windows policies. All outbound connection of the LOLBin is blocked.
 
  • +Reputation
Reactions: silversurfer
Azazel

Azazel

Level 5
Jun 15, 2023
226
Andy Ful said:
As it is mentioned in the FirewallHardening Help, the outbound connections are blocked by Windows policies. All outbound connection of the LOLBin is blocked.
Click to expand...
What I meant is, is the legitimate traffic from LOLBins important for windows normal functionality or just something not important.
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
Azazel said:
What I meant is, is the legitimate traffic from LOLBins important for windows normal functionality or just something not important.
Click to expand...

What is unclear in the: All outbound connection of the LOLBin is blocked? :unsure:

Yes, I should write:
All outbound connections of the LOLBin are blocked.
 
Last edited:
  • Like
Reactions: Freki123
Azazel

Azazel

Level 5
Jun 15, 2023
226
Andy Ful said:
What is unclear in the: All outbound connection of the LOLBin is blocked? :unsure:

Yes, I should write:
All outbound connections of the LOLBin are blocked.
Click to expand...
The question was not about whether all traffic is blocked, but if some of the traffic is IMPORTANT for windows functionality.
Do we have any idea why they connect to Microsoft servers and what they do with it and if so connection to Microsoft's ip addresses could be whitelisted along with their port they are using.
 
JustInTime

JustInTime

Level 1
Feb 21, 2022
46
Azazel said:
The question was not about whether all traffic is blocked, but if some of the traffic is IMPORTANT for windows functionality.
Do we have any idea why they connect to Microsoft servers and what they do with it and if so connection to Microsoft's ip addresses could be whitelisted along with their port they are using.
Click to expand...
Along with firewall hardening I use Simplewall to block all connections, only allowing Apps I use like browser and F-Secure and haven't faced any issue regarding Windows functionality.
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
Azazel said:
The question was not about whether all traffic is blocked, but if some of the traffic is IMPORTANT for windows functionality.
Do we have any idea why they connect to Microsoft servers and what they do with it and if so connection to Microsoft's ip addresses could be whitelisted along with their port they are using.
Click to expand...

I do not understand you. If all outbound connections of the LOLBin are blocked, that means that also some IMPORTANT connections can be blocked.
The outbound connections of LOLBins blocked by "Recommended H_C" are not "MPORTANT for Windows functionality". Some others can be important, but It depends on what you mean by "IMPORTANT for Windows functionality". Are Windows telemetry IMPORTANT? Are IMPORTANT the Windows Explorer connections to Cloudflare? Are ...., etc.
I do not know. If you do not know too, then unblock the particular LOLBin (use the FirewallHardening Log to see blocked events).
 
  • +Reputation
  • Like
Reactions: South Park, oldschool, Freki123 and 1 other person
Azazel

Azazel

Level 5
Jun 15, 2023
226
I mean that if any problems can happen to windows functionality by blocking lolbins outside connection.
 
wat0114

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
571
As a home user you should require very few ports opened outbound, TCP and UDP protocols for your Internet needs. In my case I have HTTPS (443, DNS (53), email (465, 995), Time (123), 80 & 8080 for rare needs on both IPv4 and IPv6. It is actually questionable if I need 5353, but for some reason, can't remember why, I felt the need to allow it. The following are outbound allowed (inbound and outbound blocked by default) on my Linux desktop:

UFW Rules.png
 
  • Like
Reactions: South Park, Azazel and Andy Ful
F

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
759
Azazel said:
I mean that if any problems can happen to windows functionality by blocking lolbins outside connection.
Click to expand...
That's why you should check the blocked connections log and have a working backup. No dev can guarantee you a 100% problem free experience. You can always be one of the 0.5% exceptional cases (number made up).
 
  • Like
Reactions: South Park and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
Azazel said:
I mean that if any problems can happen to windows functionality by blocking lolbins outside connection.
Click to expand...

You will not get the right answer to unclear questions. Please do as follows:
  1. Apply the FirewallHardening Block List "Recommended H_C".
  2. Forget about other LOLBins, because no one can be sure if some of them can on your computer cause any problems with Windows functionality (whatever that means). (y)
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: South Park, oldschool and Azazel
wat0114

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
571
@Azazel

I think I understand your question, and it actually made me curious to view the list of LOLBins being blocked in FirewallHardening.

if you look at the list of LOLBins blocked in FirewallHardening, it can be seen that Andy has carefully chosen only those that will not break Windows functionality when they are blocked. Microsoft in their infinite wisdom has created an absolutely mind boggling myriad of rules in latest Windows versions for both inbound and outbound networking, most of which are not required for most home users. Things were so much simpler in XP days, made increasingly more complex with each Windows release since then.

As @Kongo mentions above, keeping logging enabled, especially if you perceive network breakage for something is happening, can be very useful for narrowing down the problem.
 
  • Like
  • +Reputation
Reactions: South Park, oldschool, Back3 and 2 others

Similar threads

Victor M
    • Like
    • +Reputation
    • Applause
  • Suggestion
Setup Idea Stop Intrusions - Firewall Rules
Replies
12
Views
1,367
PC Setup Ideas
Jonny Quest
Jonny Quest
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
255
Views
17,420
Hard_Configurator Tools
Andy Ful
Andy Ful
L
    • Like
How to hide randomized advertisements or placeholders with two simple user rules
Replies
2
Views
309
Web Extensions
LennyFox
L

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top