Troubleshoot Windows Firewall - Block All Outbound and Enable Edge Browser

[oldschool]

Briefly explain your current issue(s)

Edge browser won't connect

Steps taken to resolve, but have been unsuccessful

Made outbound rules for Edge.

I need some help configuring Windows Firewall. I want to block all outbound connections and enable only essential Windows processes and those apps I use, including Edge browser. I can get Firefox to connect but not Edge. I've read as much as I can find on the web, especially How To Geek, GHacks, etc., but still no luck. Making basic rules seems simple enough but I am missing something. I know I could use a 3rd party app but I wish to learn how to do this within the native Windows environment and I don't want or need a bunch of notifications. Any help is appreciated.

 

[TairikuOkami]

Unless you use store and other Windows stuff, like Cortana, there is no need to allow any Windows app, except svchost.exe. It is used for Windows updates, obviously, and as DNS resolver, unless you setup your DNS manually, then every software makes its own DNS requests.

This is, what I would use as a basic template just for the browser and svchost. DNS servers being: 156.154.70.2,156.154.71.2

netsh advfirewall firewall add rule name="Svchost DNS" dir=out action=allow protocol=UDP remoteip=156.154.70.2,156.154.71.2 remoteport=53 program="%WINDIR%\System32\svchost.exe"
netsh advfirewall firewall add rule name="Svchost TCP" dir=out action=allow protocol=TCP remoteport=80,443 program="%WINDIR%\System32\svchost.exe"
netsh advfirewall firewall add rule name="Yandex DNS" dir=out action=allow protocol=UDP remoteip=156.154.70.2,156.154.71.2 remoteport=53 program="Z:\Yandex\YandexBrowser\Application\browser.exe"
netsh advfirewall firewall add rule name="Yandex TCP" dir=out action=allow protocol=TCP remoteport=80,443 program="Z:\Yandex\YandexBrowser\Application\browser.exe"

EDIT: LiveTcpUdpWatch is essential, I would not be able to create any rules without it, it shows everything, what others like currports fail to see.

 

[oldschool]

Thanks, but coding is way above my pay grade! I'm only willing to use the WF GUI. Is there another way?

 

[Deleted member 178]

Thanks, but coding is way above my pay grade! I'm only willing to use the WF GUI. Is there another way?

- install Binisoft Windows Firewall Control.
- enable notifications
- launch and allow the wanted apps
- remove WFC if you don't want it but select the options to keep actual rules.

 

[TairikuOkami]

I'm only willing to use the WF GUI. Is there another way?

Unfortunately WF was not designed to be user friendly. You could try Firewall App Blocker (Fab) v1.6 as GUI, you do not have to run it all the time, just to create rules. You might only need to use the network monitor to figure out, which exe to allow.

 

[oldschool]

@Umbra & @TairikuOkami - I'm using TinyWall now, which I really like, so don't need the other apps. I'm challenging myself to try the WF UI, in case TW becomes unusable in the future, Windows changes, etc. What processes would I need to make rules for? Any besides Scvhost?

 

[Local Host]

What you looking for is the Edge Content Process, is the only Edge Process you need to allow for Edge to work (as a browser).

Is around "C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe".

There are two other processes related to Edge (but you won't need to allow these two),

"C:\windows\system32\microsoftedgesh.exe"
"C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedge.exe"

Also svchost is unrelated to the browser and you'll need to allow more than svchost for Windows to work properly, like the backgroundtaskhost and taskhostw.

As a suggestion would be a good idea to allow the smartscreen as well.

 

[oldschool]

What you looking for is the Edge Content Process, is the only Edge Process you need to allow for Edge to work (as a browser).

Is around "C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe".

There are two other processes related to Edge (but you won't need to allow these two),

"C:\windows\system32\microsoftedgesh.exe"
"C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedge.exe"

Also svchost is unrelated to the browser and you'll need to allow more than svchost for Windows to work properly, like the backgroundtaskhost and taskhostw.

As a suggestion would be a good idea to allow the smartscreen as well.

Thanks so much. I included the one Edge Process in my rule so I must have done something wrong but I will continue with the help offered so far. As @RoboMan told me, "You have to break in order to fix."

 

[RoboMan]

As @RoboMan told me, "You have to break in order to fix."

Yeah but don't apply it irl if you're a cosmetic surgeon because it can get you into jail

 

[oldschool]

Yeah but don't apply it irl if you're a cosmetic surgeon because it can get you into jail

!