Troubleshoot Windows Firewall - Block All Outbound and Enable Edge Browser

oldschool

Level 81
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
Briefly explain your current issue(s)
Edge browser won't connect
Steps taken to resolve, but have been unsuccessful
Made outbound rules for Edge.
I need some help configuring Windows Firewall. I want to block all outbound connections and enable only essential Windows processes and those apps I use, including Edge browser. I can get Firefox to connect but not Edge. I've read as much as I can find on the web, especially How To Geek, GHacks, etc., but still no luck. Making basic rules seems simple enough but I am missing something. I know I could use a 3rd party app but I wish to learn how to do this within the native Windows environment and I don't want or need a bunch of notifications. Any help is appreciated.
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Unless you use store and other Windows stuff, like Cortana, there is no need to allow any Windows app, except svchost.exe. It is used for Windows updates, obviously, and as DNS resolver, unless you setup your DNS manually, then every software makes its own DNS requests.

This is, what I would use as a basic template just for the browser and svchost. DNS servers being: 156.154.70.2,156.154.71.2
Code:
netsh advfirewall firewall add rule name="Svchost DNS" dir=out action=allow protocol=UDP remoteip=156.154.70.2,156.154.71.2 remoteport=53 program="%WINDIR%\System32\svchost.exe"
netsh advfirewall firewall add rule name="Svchost TCP" dir=out action=allow protocol=TCP remoteport=80,443 program="%WINDIR%\System32\svchost.exe"
netsh advfirewall firewall add rule name="Yandex DNS" dir=out action=allow protocol=UDP remoteip=156.154.70.2,156.154.71.2 remoteport=53 program="Z:\Yandex\YandexBrowser\Application\browser.exe"
netsh advfirewall firewall add rule name="Yandex TCP" dir=out action=allow protocol=TCP remoteport=80,443 program="Z:\Yandex\YandexBrowser\Application\browser.exe"

EDIT: LiveTcpUdpWatch is essential, I would not be able to create any rules without it, it shows everything, what others like currports fail to see.
 
Upvote 0

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
I'm only willing to use the WF GUI. Is there another way? :unsure:
Unfortunately WF was not designed to be user friendly. You could try Firewall App Blocker (Fab) v1.6 as GUI, you do not have to run it all the time, just to create rules. You might only need to use the network monitor to figure out, which exe to allow.
 
Upvote 0

oldschool

Level 81
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
@Umbra & @TairikuOkami - I'm using TinyWall now, which I really like, so don't need the other apps. I'm challenging myself to try the WF UI, in case TW becomes unusable in the future, Windows changes, etc. What processes would I need to make rules for? Any besides Scvhost?
 
  • Like
Reactions: vtqhtr413
Upvote 0
L

Local Host

What you looking for is the Edge Content Process, is the only Edge Process you need to allow for Edge to work (as a browser).

Is around "C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe".

There are two other processes related to Edge (but you won't need to allow these two),

"C:\windows\system32\microsoftedgesh.exe"
"C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedge.exe"

Also svchost is unrelated to the browser and you'll need to allow more than svchost for Windows to work properly, like the backgroundtaskhost and taskhostw.

As a suggestion would be a good idea to allow the smartscreen as well.
 
Last edited:
Upvote 0

oldschool

Level 81
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
What you looking for is the Edge Content Process, is the only Edge Process you need to allow for Edge to work (as a browser).

Is around "C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe".

There are two other processes related to Edge (but you won't need to allow these two),

"C:\windows\system32\microsoftedgesh.exe"
"C:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedge.exe"

Also svchost is unrelated to the browser and you'll need to allow more than svchost for Windows to work properly, like the backgroundtaskhost and taskhostw.

As a suggestion would be a good idea to allow the smartscreen as well.


Thanks so much. I included the one Edge Process in my rule so I must have done something wrong :rolleyes: but I will continue with the help offered so far. As @RoboMan told me, "You have to break in order to fix." :)
 
Upvote 0

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top