FirewallHardening tool

Andy Ful said:
Look into the Windows Registry and export the content of the below key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules
Click to expand...

Yeah, I was also already aware that I could see the rules and commands in regedit. But both, whether importing the rules through Windows Firewall, or also through regedit, both ways are a more laborious way to view and manipulate the rules and commands (one by one, too much handy work).

I thought that perhaps you had on your hands a simple list of rules and commands, and I thought that perhaps it was simpler to ask you the favor of sharing that list with me.

But don't worry @Andy Ful , I've already taken up too much of your time, I really appreciated your contacts, so thank you.
 
  • Like
Reactions: Andy Ful
Decopi said:
Yeah, I was also already aware that I could see the rules and commands in regedit. But both, whether importing the rules through Windows Firewall, or also through regedit, both ways are a more laborious way to view and manipulate the rules and commands (one by one, too much handy work).

I thought that perhaps you had on your hands a simple list of rules and commands, and I thought that perhaps it was simpler to ask you the favor of sharing that list with me.

But don't worry @Andy Ful , I've already taken up too much of your time, I really appreciated your contacts, so thank you.
Click to expand...
You can export the policy by right clicking Windows Defender>

1720893423338.png


Unfortunately being .wfw extension, not something you can import into the likes of WFC as that uses .wpw Anyway, manually adding doesn't take all that long and most AVs and FWs leave Windows Firewall running. E.g. Comodo and Windows Firewall run along side each other so you can still use the hardening rules and those files will be blocked natively by windows firewall. In the case of WFC, at long as a conflicting rule created it works fine.
 
  • Like
Reactions: Andy Ful, oldschool and simmerskool
ErzCrz said:
You can export the policy by right clicking Windows Defender>

Unfortunately being .wfw extension, not something you can import into the likes of WFC as that uses .wpw Anyway, manually adding doesn't take all that long and most AVs and FWs leave Windows Firewall running. E.g. Comodo and Windows Firewall run along side each other so you can still use the hardening rules and those files will be blocked natively by windows firewall. In the case of WFC, at long as a conflicting rule created it works fine.
Click to expand...

Thank you.
Import/Export through Windows Firewall is what @Kongo had already suggested in previous messages, and I was also already aware of this possibility.
It happens that import/export through WF or Regedit, both are two very laborious ways to view and manipulate (around 100) rules and commands. And I was looking for a simple list with the rules/commands.
Anyway, once again, thank you all very much for your intention to help.
 
  • Like
Reactions: oldschool
Decopi said:
I thought that perhaps you had on your hands a simple list of rules and commands, and I thought that perhaps it was simpler to ask you the favor of sharing that list with me.
Click to expand...

The exact list of rules is that one exported from the Windows Registry. There is no simpler list of rules.
To manage many LOLBins, you must use a program. This can be done by using a file that contains the paths of LOLBins and the script that reads the paths one by one from that file , creates the firewall rule for each path, and writes the rules into the Windows Registry.
 
Last edited:
  • +Reputation
  • Thanks
Reactions: ForgottenSeer 67091 and simmerskool
@Andy Ful -- I have used your tools before but not in a systematic controlled way (my_bad -- trying again)
I have ESET Nod32 on win10_VM and I had Windows Firewall Control running with but suspect that your Firewall Hardening Tool is better, so I uninstalled WFC, installed FWH, selected: Recommended + LOLBins + ms_office + adobe_acrobat & rebooted. No issues seen. I was looking for written instructions for FWH, ie, if any are needed and didn't find any on github. I also enabled Log, but not sure what where blocks are logged. I guess if you noticed something blocked, check the Log and change the rule if brave, or stupid... :unsure:
PS I often check dnsleaktest.com (labeled as ivpn site) and now no return it stays blank, while other dns checkers work ok. Sorta wondering what dnsleaktest is doing to get blocked by FWH. -- I know check the Log...:rolleyes:
 
  • Like
Reactions: Dave Russo, Andy Ful and Sorrento
simmerskool said:
Sorta wondering what dnsleaktest is doing to get blocked by FWH. -- I know check the Log...:rolleyes:
Click to expand...

If you suspect something is wrong, you can use the Firewall-Hardening Log - especially if you activated many LOLBins. Most of the blocked events are not harmful (telemetry) and do not disturb running applications.
If you want to know what the DNS leak test does, you may post to the FirewallHardening thread:
malwaretips.com

FirewallHardening tool

FIREWALLHARDENING (new ver. 3.0.0.1, July 2024) FirewallHardening is a part of the Hard_Configurator project and can be used also as a standalone application among a few others included in the H_C_HardeningTools repository...
malwaretips.com malwaretips.com
 
  • Like
  • +Reputation
Reactions: dronefox1166, simmerskool, Dave Russo and 2 others
rashmi said:
Any specific reason? All your tools have a unique download link except FH.

Can I extract WHHL with an archiver in "C:\PortablePrograms" to use only ConfigureDefender and FirewallHardening?
Click to expand...
Just download the Hardening Tools here: H_C Hardening Tools FWH is part of that zip package.
 
  • Like
Reactions: dronefox1166, Andy Ful, piquiteco and 2 others
rashmi said:
Can I extract WHHL with an archiver in "C:\PortablePrograms" to use only ConfigureDefender and FirewallHardening?
Click to expand...
ErzCrz said:
Just download the Hardening Tools here: H_C Hardening Tools FWH is part of that zip package.
Click to expand...
Indeed. @rashmi download H_C, extract to location of your choice. You can then copy FHT.exe and place it where you like. Delete parts of the H_C package you don't need. Easy.
 
  • Like
Reactions: ErzCrz, piquiteco and simmerskool
I know that, but I wonder if @Andy Ful recommends the default location. For example, WHHL extracts in the program data folder and creates a shortcut folder on the desktop. @Andy Ful mentioned the default desktop location for the shortcut folder is safer/more secure. I wonder if it's the same for extracting the tools.

I can run no tools if I extract Hard Configurator with an archiver, but I can with WHHL.
 
Last edited:
  • Like
Reactions: dronefox1166, ErzCrz and piquiteco
rashmi said:
Any specific reason? All your tools have a unique download link except FH.

Can I extract WHHL with an archiver in "C:\PortablePrograms" to use only ConfigureDefender and FirewallHardening?
Click to expand...

Yes.
 
  • Like
Reactions: rashmi and piquiteco
rashmi said:
I know that, but I wonder if @Andy Ful recommends the default location. For example, WHHL extracts in the program data folder and creates a shortcut folder on the desktop. @Andy Ful mentioned the default desktop location for the shortcut folder is safer/more secure. I wonder if it's the same for extracting the tools.
Click to expand...

Instead of extracting the tools to the user-chosen folder, I would recommend installing WHHLight and using the tools you need without changing their location. Another recommendation would be copying the needed tools into %ProgramFiles% (the location will be non-writable with standard rights).
The WHHL package is installed in the folder %ProgramData%\WindowsHybridHardening_Tools, which is created as non-writable with standard rights. Non-writable locations are slightly safer than typical locations in userspace (writable by default).
 
  • Like
  • +Reputation
Reactions: dronefox1166, piquiteco, simmerskool and 3 others
blueblackwow65 said:
can this be used with fortfirewall or is it too much? Thanks
Click to expand...
Fort Firewall alerts when the LOLBin tries to make the outbound connection. If you choose "Block," then this will work as with FirewallHardening.
If you do not know/remember which LOLBins are worth blocking, you can use FirewallHardening.
FirewallHardening blocks override the Fort Firewall settings.
 
  • Like
  • Thanks
  • +Reputation
Reactions: Dave Russo, dronefox1166, blueblackwow65 and 4 others
I wanted to turn off (undo) FWH (reset to win10 default) to make sure there's no conflict with Eset Ultimate's firewall as a Patch Tuesday update is not installing, and I'm trying to pinpoint why, and I read the help in FWH and it is not jumping out at me. Do you simply click the Remove button after LOLBins etc underneath Help and reboot. Sorry for asking the obvious...
 
  • Like
Reactions: Andy Ful and Dave Russo
I need to add multiple folders/subfolders of some programs containing exes to block, all at once. Could you add such a feature?

I've got some questions:
1. I wonder why rules added from gpedit.msc say v2.30. Rules added by FirewallHardening tool shows v2.30.
2. Also, I wonder why rules added by this tool doesn't appear listed in the group policy editor.
3. Are these rules, created by your tool, overridden if I install a third-party security suite with its own firewall?
 
Last edited:
  • Like
Reactions: simmerskool and Andy Ful

You may also like...