Serious Discussion Laptop in an Internet cafe.

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,879
By the way, there are enabled firewall rules for Network Discovery in the public profile. And SSDP is active, doesn't seem to matter whether you are using the public profile. I guess discovery type of things don't matter much if it doesn't automatically connect. Maybe they don't reach out and touch someone, but what if an attacker touches you?

I use Public profile:

1743343670716.png

Network Discovery is configured to Allow the connection, but it is not enabled.
Anyway, my settings are not default. After applying the Restore Default Policy, Network Discovery is enabled only for the Private profile (as expected).

1743358281113.png

Post updated.
 
Last edited by a moderator:

Victor M

Level 16
Verified
Top Poster
Well-known
Oct 3, 2022
799
That's odd - my firewall says some are enabled? And I didn't touch those rules. They were there when I got there.

Something is wonky then, I have done a 'reset to default rules' in the past. Maybe those restore-to-default rules are wrong?

EDIT. I did a restore-to-default-rules just now. And some network discovery rules are enabled. So I'll blame myself for forgetting to check everything before modifying and exporting the profile. If your rules are out-of-the-box, then the restore-to-default-rules are wrong for the public profile. It is not the first time that the restore-rules are wrong. I remember one time, forgot which version, it restored rules from a previous version - some feature was removed by then and yet the restored-rules have rules for it.
 
Last edited:

Victor M

Level 16
Verified
Top Poster
Well-known
Oct 3, 2022
799
Anyways, now that that is cleared away, the point is that firewall rules are important to check. Maybe one doesn't have a set of tight rules suitable for cafe use. PCI-DSS reminds us to check our firewall rules every 6 months . But I guess they missed out on the fact that laptops go places. I just finished an self-audit a month or two ago and there were no audit provisions to take care of that issue.

I guess the lesson here is to make use of network firewall profiles to have different rules for different environments. But since Windows doesn't prompt one to choose a firewall profile upon install finish, many people will not know to use the different profiles.

Plus of course to remember also to change the profile when the environment changes.
 
Last edited:

TairikuOkami

Level 38
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,752
Anyways, now that that is cleared away, the point is that firewall rules are important to check.
I remove firewall rules at shutdown, in case they were changed by windows updates or apps and I add my own.
Code:
netsh advfirewall set allprofiles state on

rem Block all inbound network traffic and all outbound except allowed apps
netsh advfirewall set DomainProfile firewallpolicy blockinboundalways,blockoutbound
netsh advfirewall set PrivateProfile firewallpolicy blockinboundalways,blockoutbound
netsh advfirewall set PublicProfile firewallpolicy blockinboundalways,allowoutbound

rem Remove All Windows Firewall Rules
netsh advfirewall firewall delete rule name=all

rem Windows Firewall Block Rules
netsh advfirewall firewall add rule name="TCP Block" dir=out action=block protocol=TCP remoteport=1-42,44-79,81-442,444-586,588-852,854-992,994-1024,1025-3073,3075-5227,5229-27014,27051-65535
netsh advfirewall firewall add rule name="UDP Block" dir=out action=block protocol=UDP remoteport=1-122,124-442,444-1024

netsh advfirewall firewall add rule name="Brave TCP" dir=out action=block protocol=TCP remoteport=1-442,444-5227,5229-65535 program="%LocalAppData%\BraveSoftware\Brave-Browser\Application\brave.exe"
netsh advfirewall firewall add rule name="Brave UDP" dir=out action=block protocol=UDP remoteport=1-442,444-65535 program="%LocalAppData%\BraveSoftware\Brave-Browser\Application\brave.exe"
netsh advfirewall firewall add rule name="Edge TCP" dir=out action=block protocol=TCP remoteport=1-442,444-65535 program="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe"
netsh advfirewall firewall add rule name="Edge UDP" dir=out action=block protocol=UDP program="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe"
netsh advfirewall firewall add rule name="LibreWolf TCP" dir=out action=block protocol=TCP remoteport=1-442,444-65535 program="%ProgramFiles%\LibreWolf\librewolf.exe"
netsh advfirewall firewall add rule name="LibreWolf UDP" dir=out action=block protocol=UDP program="%ProgramFiles%\LibreWolf\librewolf.exe"
netsh advfirewall firewall add rule name="OneDrive TCP" dir=out action=block protocol=TCP remoteport=1-442,444-65535 program="%ProgramFiles%\Microsoft OneDrive\OneDrive.exe"
netsh advfirewall firewall add rule name="IceDrive TCP" dir=out action=block protocol=TCP remoteport=1-442,444-65535 program="%LocalAppData%\Temp\IcedrivePortable\Icedrive.exe"

capture_03302025_202535.jpg
 
  • Like
Reactions: simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top