Advice Request Which apps to whitelist in Simplewall to keep system secure?

Please provide comments and solutions that are helpful to the author of this topic.
J

JordanMason8

New Member
Thread author
Feb 19, 2022
6
7
4
Hi,

I use Simplewall to whitelist apps which are allowed to connect to the internet. Since Windows has quite some privacy-invasive behavior by-default, I would like to only allow apps which strictly need it for security purposes. For example for Windows, Defender and Certificate Updates, and optionally Defender Cloud Protection/Sample Submission (still undecisive about using the latter).

I checked the "Allow Windows Update" rule, however I am unsure about other applications/services. To mention a few:
- mpdefendercoreservice.exe
- lsass.exe
- svchost.exe
- System
- apphostregistrationverifier.exe
- taskhostw.exe
- nissrv.exe
- SppExtComObj.exe

Does anyone know which of these (or other important apps) should be allowed to connect to the internet for security purposes?
 
  • Like
Reactions: silversurfer
JordanMason8 said:
Hi,

I use Simplewall to whitelist apps which are allowed to connect to the internet. Since Windows has quite some privacy-invasive behavior by-default, I would like to only allow apps which strictly need it for security purposes. For example for Windows, Defender and Certificate Updates, and optionally Defender Cloud Protection/Sample Submission (still undecisive about using the latter).

I checked the "Allow Windows Update" rule, however I am unsure about other applications/services. To mention a few:
- mpdefendercoreservice.exe
- lsass.exe
- svchost.exe
- System
- apphostregistrationverifier.exe
- taskhostw.exe
- nissrv.exe
- SppExtComObj.exe

Does anyone know which of these (or other important apps) should be allowed to connect to the internet for security purposes?
Click to expand...
If your AV is Defender (MD/WD) then you should allow both:
  • mpdefendercoreservice.exe that is probably related to Microsoft Defender, just check the file location C:/ProgramData/Microsoft/Windows Defender/
  • nissrv.exe = "Microsoft Network Realtime Inspection Service" (Microsoft Defender Network Protection)
 
  • Like
  • +Reputation
Reactions: TairikuOkami, cryogent, vtqhtr413 and 3 others
silversurfer said:
If your AV is Defender (MD/WD) then you should allow both:
  • mpdefendercoreservice.exe that is probably related to Microsoft Defender, just check the file location C:/ProgramData/Microsoft/Windows Defender/
  • nissrv.exe = "Microsoft Network Realtime Inspection Service" (Microsoft Defender Network Protection)
Click to expand...
Thx for your answer. Simplewall also shows the name and location. The question is for what purposes they need an internet connection?

MS Defender Updates still seem to work (at least it didnt't complain when triggered) without these two allowed to go through the firewall and cloud protection (MAPS) is off.
 
JordanMason8 said:
Hi,

I use Simplewall to whitelist apps which are allowed to connect to the internet. Since Windows has quite some privacy-invasive behavior by-default, I would like to only allow apps which strictly need it for security purposes. For example for Windows, Defender and Certificate Updates, and optionally Defender Cloud Protection/Sample Submission (still undecisive about using the latter).

I checked the "Allow Windows Update" rule, however I am unsure about other applications/services. To mention a few:
- mpdefendercoreservice.exe
- lsass.exe
- svchost.exe
- System
- apphostregistrationverifier.exe
- taskhostw.exe
- nissrv.exe
- SppExtComObj.exe

Does anyone know which of these (or other important apps) should be allowed to connect to the internet for security purposes?
Click to expand...
All
Just block CompatTelRunner.exe when prompted
 
You can block for example systemsettings.exe when prompted (microsoft doesn't need to know your personal settings), same for windowspackagemanagerserver.exe and more.
You can also manage to block other things which you don't use (Smb, Upnp.......) (exept if you're already cut off these via GroupPolicy, you'll never be prompted by simplewall).

But remember that this firewall is for advanced users, if you're not confortable with it, better to look away before compromising your security.
 
None of those apps need to be whitelisted to keep system secure.
Example, i only whitelist svchost when i run windows update or i need a particular windows maintenance function which relies on svchost which is rare. Otherwise it stays blocked along windows update
 

You may also like...