Serious Discussion What is your firewall security setup?

[Azazel]

Do you deny all inbound security traffic, or allow only core networking or default inbound rules.
Do you block lolbins outside network traffic?
Personally I use Windows Firewall Control, allowing only core networking inbound traffic and andy ful's Firewall Hardening tools for outbound traffic.

How would you rate my setup?

 

[Shadowra]

Windows Firewall Control for now, but I'm thinking of switching to NetLimiter or GlassWire... (which are not free)

Do you block lolbins outside network traffic?

Firewall Hardening by @Andy Ful does it without a hitch with Windows Firewall !

 

[Digmor Crusher]

Firewall Hardening

 

[Jonny Quest]

Windows Firewall Control for now, but I'm thinking of switching to NetLimiter or GlassWire... (which are not free)



Firewall Hardening by @Andy Ful does it without a hitch with Windows Firewall !

What I do like about GlassWire is the Network Monitor, the ability to see the first outgoing connections, and the Traffic Monitor where I can review the connections made and to what countries. I'm just using the free version.

 

[simmerskool]

What I do like about GlassWire is the Network Monitor, the ability to see the first outgoing connections, and the Traffic Monitor where I can review the connections made and to what countries. I'm just using the free version.

my ubiquity router shows all network activity. I do have free ZoneAlarm firewall running with MS Defender on one VM. Seems solid, sort of Checkpoint Harmony experience for free.

 

[Trident]

My home devices are behind Virgin Media’s new IPS functionality (on-router) and Check Point firewall (on-device), where possible.

I don’t block LOLBins from connecting, I block them from execution as much as possible.

I would always prefer security solution that blocks malicious traffic for all processes, not just in-browser and I would add secure DNS with NRD blocking to the mix. These features are more important than firewall.

 

[simmerskool]

Windows Firewall Control for now, but I'm thinking of switching to NetLimiter or GlassWire... (which are not free)

just looked at NetLimiter -- looks nice.

 

[monkeylove]

I've been using Firewall App Blocker on Windows firewall.

I tried Malwarebytes Firewall Control with Kaspersky free, and it works fine. I think its main feature is a learning mode, but I felt that if no more additional software's installed then I might as well stick to the app blocker.

The only annoying this is that when I have to update a game using a mod pack, I have to disable the firewall temporarily or add the file as a temporary rule.

I thought of something more advanced, so I tried Comodo free firewall, and for some reason it worked fine with Kaspersky free. I think I uninstalled it because I felt it slowed down the system, which I think is the case when any security program with more features is running.

I had difficulty with Portmaster, though: for some reason Firefox and Edge could no longer browse online. I'm certain it's something in the settings of either the browser or some other app that just needed changing, but I got impatient and decided to just remove the firewall.

I also tried Avast free with the firewall turned on, but the latter looked basic.

 

[simmerskool]

I've been using Firewall App Blocker on Windows firewall.

suggestion: take a look at ZoneAlarm free firewall app. (Might slow you down...)

 

[Jonny Quest]

I had difficulty with Portmaster, though: for some reason Firefox and Edge could no longer browse online. I'm certain it's something in the settings of either the browser or some other app that just needed changing, but I got impatient and decided to just remove the firewall.

Portmaster was a bit to advanced for me, I really couldn't figure it out as confidently as I would have liked. GlassWire just makes more sense to me, easier to follow and understand. I think in some of my research, there was some controversy that if you buy the Pro version (register with them) of GlassWire, there was a privacy concern that they denied (of course) regarding any tracking on their end of your use.

 

[Trident]

suggestion: take a look at ZoneAlarm free firewall app. (Might slow you down...)

I do not recommend the free firewall app for the following reason:
It includes Anti-Bot functionality which does the following:
-Blocks malicious communications based on domain and IP reputation, and communication patterns, such as protocols used.
-Blocks malicious communications based on program behaviour (machine learning).
-Automatically removes programs as soon as they attempt to perform malicious communication, rolls actions back and generates a forensic report (just sitting in a folder with no easy option to access it).

https://www.checkpoint.com/downloads/product-related/datasheets/ds-anti-bot.pdf

Anti-bot requires the forensic recorder engine to be running, which also powers Anti-Ransomware and Behavioural Guard. However, Anti-Ransomware and Behavioural Guard are not available for free, so the engine records all the data just for anti-bot. Waste of resources in my opinion. It would make much more sense to get Extreme Security with the threat emulation and everything, or to just find a lightweight firewall from someone else.

 

[LennyFox]

I am running WHHL wtth Microsoft Defender with Avast Free Firewall.

Just install the Avast Free firewall as only part of the Avast Free security suite.The Avast FW uses the Windows internal FW framework, so it is only an application blacklist layer. It is like Glaswire paid for free. I manually added blockrules for LolBins (not all because some of the LoLbins blocked by Andy Ful in Firewall Hardening did not exist on my Windows 11 config).

I can't find the info on MT anymore by a member posting that Avast has a new "limited" notifications option where it only shows popups which are security related (and not commercial upsell popups tryig to convince you to switch to the paid version). It really seems to work (no go premium popups or you are at risk because you don;t use paid)

 

[Trident]

I can't find the info on MT anymore by a member posting that Avast has a new "limited" notifications option where it only shows popups which are security related (and not commercial upsell popups tryig to convince you to switch to the paid version). It really seems to work (no go premium popups or you are at risk because you don;t use paid)

They are starting to come across as a serious cyber-security vendor and not as an annoying infomercial platform. Good on them. Silent mode + threat alerts seems like a sensible one.

 

[FALLEN]

I use default, public networks/default inbound rules. I'm also thinking of switching to GlassWire. I bought GW (2 separate lifetime elite licenses) in 2017. IDK if they still accept that kind of license key. Hope it will work, but first I need to find the keys in my backups.

 

[Freki123]

I bought GW (2 separate lifetime elite licenses) in 2017. IDK if they still accept that kind of license key. Hope it will work, but first I need to find the keys in my backups.

If you find them and they don't work ask their support for help. My lifetime key was also years old and they still honored it.

 

[Neno]

Windows Firewall Control for now, but I'm thinking of switching to NetLimiter or GlassWire... (which are not free)



Firewall Hardening by @Andy Ful does it without a hitch with Windows Firewall !

I have them both. But I would recommend you the NetLimiter. I don't like the GlassWire firewall rules management, and in my case applications blocked via GlassWire seem to bypass the block after you switch to VPN connection (Adguard in particular).

 

[simmerskool]

Windows Firewall Control for now, but I'm thinking of switching to NetLimiter or GlassWire... (which are not free)

@Shadowra, Quick question, ie, short answer (please)(or anyone here...): I first looked at NetLimiter then Glasswire. I do not see any info on Glasswire site that talked about Glasswire "integration" with AV apps. So far I have only used WFC on machines running MD & of course windows firewall. Is an app like Glasswire "safe" running with AV using their firewalls. Or can you use Glasswire without firewall but only use it to monitor to avoid conflicts, OR non-issue Glasswire does not create any conflicts???

 

[monkeylove]

I just tried Glasswire, but the free version only allows users to block two apps. However, the reporting was clear, and I could see things like connections by country. I think it can be used with the firewall featured turned off and as a monitoring tool, but I'm not sure.

If you install Avast with firewall, and even try to disable the latter, the Glasswire firewall won't be activated. The Avast firewall has to be uninstalled for it to work.

I decided to go back to Malwarebytes, and for some reason it reported that Comodo firewall is registered even though I tried to completely uninstall it using HiBit, although it pushed through with the installation.

 

[simmerskool]

I just logged-in to my UniFi router and it has so much info it is overwhelming -- drilling down, down... I should spend more time with it, but it's always working so don't bother. Also see how secure it is, or appears to be, a comfort. Log shows it blocked an incoming suspicious ICMP from Netherlands 10 days ago and provided oodles of info.

 

[7Oz-64]

Windows 10 firewall + NVT SysHardener + Personal rules
Standalone firewall was good before (privatefirewall, old spyshelter version, Agnitum Outpost........)