Advice Request Which apps to whitelist in Simplewall to keep system secure?

Please provide comments and solutions that are helpful to the author of this topic.

JordanMason8

New Member
Thread author
Feb 19, 2022
6
Hi,

I use Simplewall to whitelist apps which are allowed to connect to the internet. Since Windows has quite some privacy-invasive behavior by-default, I would like to only allow apps which strictly need it for security purposes. For example for Windows, Defender and Certificate Updates, and optionally Defender Cloud Protection/Sample Submission (still undecisive about using the latter).

I checked the "Allow Windows Update" rule, however I am unsure about other applications/services. To mention a few:
- mpdefendercoreservice.exe
- lsass.exe
- svchost.exe
- System
- apphostregistrationverifier.exe
- taskhostw.exe
- nissrv.exe
- SppExtComObj.exe

Does anyone know which of these (or other important apps) should be allowed to connect to the internet for security purposes?
 
  • Like
Reactions: silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,508
Hi,

I use Simplewall to whitelist apps which are allowed to connect to the internet. Since Windows has quite some privacy-invasive behavior by-default, I would like to only allow apps which strictly need it for security purposes. For example for Windows, Defender and Certificate Updates, and optionally Defender Cloud Protection/Sample Submission (still undecisive about using the latter).

I checked the "Allow Windows Update" rule, however I am unsure about other applications/services. To mention a few:
- mpdefendercoreservice.exe
- lsass.exe
- svchost.exe
- System
- apphostregistrationverifier.exe
- taskhostw.exe
- nissrv.exe
- SppExtComObj.exe

Does anyone know which of these (or other important apps) should be allowed to connect to the internet for security purposes?
If your AV is Defender (MD/WD) then you should allow both:
  • mpdefendercoreservice.exe that is probably related to Microsoft Defender, just check the file location C:/ProgramData/Microsoft/Windows Defender/
  • nissrv.exe = "Microsoft Network Realtime Inspection Service" (Microsoft Defender Network Protection)
 

JordanMason8

New Member
Thread author
Feb 19, 2022
6
If your AV is Defender (MD/WD) then you should allow both:
  • mpdefendercoreservice.exe that is probably related to Microsoft Defender, just check the file location C:/ProgramData/Microsoft/Windows Defender/
  • nissrv.exe = "Microsoft Network Realtime Inspection Service" (Microsoft Defender Network Protection)
Thx for your answer. Simplewall also shows the name and location. The question is for what purposes they need an internet connection?

MS Defender Updates still seem to work (at least it didnt't complain when triggered) without these two allowed to go through the firewall and cloud protection (MAPS) is off.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top