FirewallHardening tool

D

Decopi

Level 8
Verified
Oct 29, 2017
360
Andy Ful said:
Look into the Windows Registry and export the content of the below key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules
Click to expand...

Yeah, I was also already aware that I could see the rules and commands in regedit. But both, whether importing the rules through Windows Firewall, or also through regedit, both ways are a more laborious way to view and manipulate the rules and commands (one by one, too much handy work).

I thought that perhaps you had on your hands a simple list of rules and commands, and I thought that perhaps it was simpler to ask you the favor of sharing that list with me.

But don't worry @Andy Ful , I've already taken up too much of your time, I really appreciated your contacts, so thank you.
 
  • Like
Reactions: Andy Ful
ErzCrz

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,291
Decopi said:
Yeah, I was also already aware that I could see the rules and commands in regedit. But both, whether importing the rules through Windows Firewall, or also through regedit, both ways are a more laborious way to view and manipulate the rules and commands (one by one, too much handy work).

I thought that perhaps you had on your hands a simple list of rules and commands, and I thought that perhaps it was simpler to ask you the favor of sharing that list with me.

But don't worry @Andy Ful , I've already taken up too much of your time, I really appreciated your contacts, so thank you.
Click to expand...
You can export the policy by right clicking Windows Defender>

1720893423338.png


Unfortunately being .wfw extension, not something you can import into the likes of WFC as that uses .wpw Anyway, manually adding doesn't take all that long and most AVs and FWs leave Windows Firewall running. E.g. Comodo and Windows Firewall run along side each other so you can still use the hardening rules and those files will be blocked natively by windows firewall. In the case of WFC, at long as a conflicting rule created it works fine.
 
  • Like
Reactions: Andy Ful, oldschool and simmerskool
D

Decopi

Level 8
Verified
Oct 29, 2017
360
ErzCrz said:
You can export the policy by right clicking Windows Defender>

Unfortunately being .wfw extension, not something you can import into the likes of WFC as that uses .wpw Anyway, manually adding doesn't take all that long and most AVs and FWs leave Windows Firewall running. E.g. Comodo and Windows Firewall run along side each other so you can still use the hardening rules and those files will be blocked natively by windows firewall. In the case of WFC, at long as a conflicting rule created it works fine.
Click to expand...

Thank you.
Import/Export through Windows Firewall is what @Kongo had already suggested in previous messages, and I was also already aware of this possibility.
It happens that import/export through WF or Regedit, both are two very laborious ways to view and manipulate (around 100) rules and commands. And I was looking for a simple list with the rules/commands.
Anyway, once again, thank you all very much for your intention to help.
 
  • Like
Reactions: oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,777
Decopi said:
I thought that perhaps you had on your hands a simple list of rules and commands, and I thought that perhaps it was simpler to ask you the favor of sharing that list with me.
Click to expand...

The exact list of rules is that one exported from the Windows Registry. There is no simpler list of rules.
To manage many LOLBins, you must use a program. This can be done by using a file that contains the paths of LOLBins and the script that reads the paths one by one from that file , creates the firewall rule for each path, and writes the rules into the Windows Registry.
 
Last edited:
  • +Reputation
  • Thanks
Reactions: Decopi and simmerskool
simmerskool

simmerskool

Level 40
Verified
Top Poster
Well-known
Apr 16, 2017
2,915
@Andy Ful -- I have used your tools before but not in a systematic controlled way (my_bad -- trying again)
I have ESET Nod32 on win10_VM and I had Windows Firewall Control running with but suspect that your Firewall Hardening Tool is better, so I uninstalled WFC, installed FWH, selected: Recommended + LOLBins + ms_office + adobe_acrobat & rebooted. No issues seen. I was looking for written instructions for FWH, ie, if any are needed and didn't find any on github. I also enabled Log, but not sure what where blocks are logged. I guess if you noticed something blocked, check the Log and change the rule if brave, or stupid... :unsure:
PS I often check dnsleaktest.com (labeled as ivpn site) and now no return it stays blank, while other dns checkers work ok. Sorta wondering what dnsleaktest is doing to get blocked by FWH. -- I know check the Log...:rolleyes:
 
  • Like
Reactions: Dave Russo, Andy Ful and Sorrento
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,777
simmerskool said:
Sorta wondering what dnsleaktest is doing to get blocked by FWH. -- I know check the Log...:rolleyes:
Click to expand...

If you suspect something is wrong, you can use the Firewall-Hardening Log - especially if you activated many LOLBins. Most of the blocked events are not harmful (telemetry) and do not disturb running applications.
If you want to know what the DNS leak test does, you may post to the FirewallHardening thread:
malwaretips.com

FirewallHardening tool

FIREWALLHARDENING (new ver. 3.0.0.1, July 2024) FirewallHardening is a part of the Hard_Configurator project and can be used also as a standalone application among a few others included in the H_C_HardeningTools repository...
malwaretips.com malwaretips.com
 
  • Like
  • +Reputation
Reactions: simmerskool, Dave Russo, ErzCrz and 1 other person

Similar threads

M
    • Like
Question Everything.exe blocked due to certificate revoked
Replies
10
Views
957
Hard_Configurator Tools
Digmor Crusher
Digmor Crusher
R
    • Like
    • Applause
Serious Discussion HideAway VPN—Introducing Custom Rules!
Replies
6
Views
517
VPN and DNS
Sorrento
Sorrento
R
Question Comodo Firewall and AnyDesk
Replies
6
Views
978
Comodo
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top