Troubleshoot Windows Firewall - Block All Outbound and Enable Edge Browser

oldschool · Aug 28, 2018

I need some help configuring Windows Firewall. I want to block all outbound connections and enable only essential Windows processes and those apps I use, including Edge browser. I can get Firefox to connect but not Edge. I've read as much as I can find on the web, especially How To Geek, GHacks, etc., but still no luck. Making basic rules seems simple enough but I am missing something. I know I could use a 3rd party app but I wish to learn how to do this within the native Windows environment and I don't want or need a bunch of notifications. Any help is appreciated.

TairikuOkami · Aug 28, 2018

Unless you use store and other Windows stuff, like Cortana, there is no need to allow any Windows app, except svchost.exe. It is used for Windows updates, obviously, and as DNS resolver, unless you setup your DNS manually, then every software makes its own DNS requests.

This is, what I would use as a basic template just for the browser and svchost. DNS servers being: 156.154.70.2,156.154.71.2

Code:

netsh advfirewall firewall add rule name="Svchost DNS" dir=out action=allow protocol=UDP remoteip=156.154.70.2,156.154.71.2 remoteport=53 program="%WINDIR%\System32\svchost.exe"
netsh advfirewall firewall add rule name="Svchost TCP" dir=out action=allow protocol=TCP remoteport=80,443 program="%WINDIR%\System32\svchost.exe"
netsh advfirewall firewall add rule name="Yandex DNS" dir=out action=allow protocol=UDP remoteip=156.154.70.2,156.154.71.2 remoteport=53 program="Z:\Yandex\YandexBrowser\Application\browser.exe"
netsh advfirewall firewall add rule name="Yandex TCP" dir=out action=allow protocol=TCP remoteport=80,443 program="Z:\Yandex\YandexBrowser\Application\browser.exe"

EDIT: LiveTcpUdpWatch is essential, I would not be able to create any rules without it, it shows everything, what others like currports fail to see.

oldschool · Aug 28, 2018

Thanks, but coding is way above my pay grade!

I'm only willing to use the WF GUI. Is there another way?

Deleted member 178 · Aug 28, 2018

oldschool said:
Thanks, but coding is way above my pay grade! I'm only willing to use the WF GUI. Is there another way?

- install Binisoft Windows Firewall Control.
- enable notifications
- launch and allow the wanted apps
- remove WFC if you don't want it but select the options to keep actual rules.

TairikuOkami · Aug 28, 2018

oldschool said:
I'm only willing to use the WF GUI. Is there another way?

Unfortunately WF was not designed to be user friendly. You could try Firewall App Blocker (Fab) v1.6 as GUI, you do not have to run it all the time, just to create rules. You might only need to use the network monitor to figure out, which exe to allow.

oldschool · Aug 28, 2018

@Umbra & @TairikuOkami - I'm using TinyWall now, which I really like, so don't need the other apps. I'm challenging myself to try the WF UI, in case TW becomes unusable in the future, Windows changes, etc. What processes would I need to make rules for? Any besides Scvhost?

Local Host · Aug 28, 2018

What you looking for is the Edge Content Process, is the only Edge Process you need to allow for Edge to work (as a browser).

Is around "C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe".

There are two other processes related to Edge (but you won't need to allow these two),

"C:\windows\system32\microsoftedgesh.exe"
"C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedge.exe"

Also svchost is unrelated to the browser and you'll need to allow more than svchost for Windows to work properly, like the backgroundtaskhost and taskhostw.

As a suggestion would be a good idea to allow the smartscreen as well.

oldschool · Aug 28, 2018

Local Host said:
What you looking for is the Edge Content Process, is the only Edge Process you need to allow for Edge to work (as a browser).

Is around "C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe".

There are two other processes related to Edge (but you won't need to allow these two),

"C:\windows\system32\microsoftedgesh.exe"
"C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedge.exe"

Also svchost is unrelated to the browser and you'll need to allow more than svchost for Windows to work properly, like the backgroundtaskhost and taskhostw.

As a suggestion would be a good idea to allow the smartscreen as well.

Thanks so much. I included the one Edge Process in my rule so I must have done something wrong

but I will continue with the help offered so far. As @RoboMan told me, "You have to break in order to fix."

RoboMan · Aug 28, 2018

oldschool said:
As @RoboMan told me, "You have to break in order to fix."

Yeah but don't apply it irl if you're a cosmetic surgeon because it can get you into jail

oldschool · Aug 28, 2018

RoboMan said:
Yeah but don't apply it irl if you're a cosmetic surgeon because it can get you into jail

!

Search

Search

Troubleshoot Windows Firewall - Block All Outbound and Enable Edge Browser

oldschool

Level 85

TairikuOkami

Level 40

oldschool

Level 85

Deleted member 178

TairikuOkami

Level 40

oldschool

Level 85

Local Host

oldschool

Level 85

RoboMan

Level 38

oldschool

Level 85

You may also like...