Windows Firewall Advanced Settings

M

murby

Member
Member
Messages
31
Hi Folks,
I'm browsing through my windows firewall settings and I'd like to disable everything that's not required for proper operation.

It is my opinion that the more stuff that is disabled in my computer system, the more secure it is.. Anyone have a different opinion?
I already went through Services.msc and disabled stupid things like telephony and remote desktop connection and things that I'll never use.

Inside the Windows Firewall advanced settings, can I disable all the windows media player sharing service stuff? I use windows media player to play music and movies but I certainly don't do any sharing with it.

What about wifi direct scan and wifi driect network discovery... My desktop pc is hardwired (cat5).. I don't need any of that stuff right?

Sonic Wall mobile content??? Huh?

What about Play To Streaming Server ??

More to follow!T

thanks
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    CPU
    PentiumD
    Motherboard
    Intel
    Memory
    4 Gigs
murby said:
It is my opinion that the more stuff that is disabled in my computer system, the more secure it is.. Anyone have a different opinion?
Click to expand...

Not necessarily. For example, it wouldn't be more secure if you blocked software updates that fixed security vulnerabilities, or blocked svchost from connecting to Certificate Authorities to check for revoked SSL/TLS certificates, blocked Smartscreen filter connections, etc.

I'm browsing through my windows firewall settings and I'd like to disable everything that's not required for proper operation.
Click to expand...

I'd leave all the Core Networking and Network Discovery rules there. If you look at the Network Discovery rules, they're only enabled on Private Networks by default anyway, the rules are disabled in the firewall rules for Public networks (grey tick, not green. You can also double-check the settings HERE). And if you have file and printer sharing switched off, your private network is treated as a 'Public' network anyway.

In addition, even though I don't have Wi-Fi on my main machine, I left the Wi-Fi Direct rules there as well, mainly so that if I import the rules into a laptop the rules are already set up. I was planning on trying out Miracast at some point with a laptop, but never got around to it, so if you don't plan on using a Wi-Fi direct printer/scanner/screen/etc., then I can't think off the top of my head why you'd need those rules. Although, if you look closer at the Wi-Fi direct rules such as the 'Wi-Fi direct scan' rule for example, you'll see that it's bound to specific services anyway, for example 'Wi-Fi direct scan' is bound to the Windows Image Acquisition service, so it's not allowing svchost to do whatever it wants under that rule.

Firewall-Binding.jpg

I get the impression Microsoft don't like people blocking outbound connections due to the headaches it can cause and so personally I think that's why Windows Firewall isn't user friendly. For example, although I agree with Microsoft's logic in not having intrusive firewall popups (like you get third-party firewalls), they go too far the other way whereby they make it incredibly difficult to enabling blocked connection logging (so you can see what's actually being blocked). I can't see how anyone could use Windows Firewall for outbound filtering without this, yet Microsoft make it really, really difficult! You can find instructions on how to enable blocked connection logging from one of my other posts HERE .

If you want an idea on what Windows processes will likely want outbound connections, you can have a look through the rules in the screenshot below. The user added rules have a '+' in front of them to keep them grouped separately at the top. Windows Firewall on my machine is setup so that it's quite restrictive, inbound is set to 'Block all connections' (not just set to 'block (default)') and all outbound connections that don't match a rule are blocked. And as mentioned above, file and printer sharing is switched off, as I have no use for it. However, all this is more for curiosity than security because once malicious software is given/gained full admin privileges on a machine, it could just bypass the firewall anyway. Although, outbound firewall filtering will help against this type of thing.

Firewall-Rules.jpg
 

My Computer

System One

  • OS
    Win 8 64-bit
Great information..
Take a look at the screen capture below.. What is all that Windows Media Player stuff that is enabled? I don't want my windows media player communicating with anything other than my screen and my speakers! LOL.. any harm in disabling this garbage?
DisableStuff.jpg
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    CPU
    PentiumD
    Motherboard
    Intel
    Memory
    4 Gigs
murby said:
Take a look at the screen capture below.. What is all that Windows Media Player stuff that is enabled? I don't want my windows media player communicating with anything other than my screen and my speakers! LOL.. any harm in disabling this garbage?
Click to expand...

It's up to you. Looking at your rules, those rules only apply when you're on a private network. For me, I removed the Windows Media Player Network Sharing rules as I have no need for them. I can always add new rules again if and when I need to, but it's not something I'd be likely to ever use. Alternatively, when outbound connections are set to 'outbound connections that don't match a rule are blocked', you can always disable rules, instead of deleting them. If there's no allow rule, it's automatically blocked anyway.

I did however keep the Windows Media Player TCP and UDP out rules for both 32-bit and-64 bit versions of Windows Media Player, so that Windows Media Player will still be able to get album information from the internet and play content from the internet if need be. Your ones only seem to be set for private network though for some reason (rather than 'all' networks).

Before making changes to your firewall, I'd right-click on the 'Windows Firewall with Advanced Security on local computer' in the left hand coloumn and select 'Export Policy'. Save it somewhere as a backup, so that you can always re-import it again if need be. There's also an option to 'Restore Default Policy', which although will restore the main rules, I doubt it will restore rules for store apps, etc. as they add their own rules on top of the default rules when they install/update.

Also, 'Network Discovery' is enabled for both Private and Public networks in your screenshot. ALthough you're on your own LAN connected with cat5, I'd get into the habbit of leaving 'Network Discovery' and 'File Sharing' off for Public Networks, unless there's a particular reason you want it on.

http://www.eightforums.com/tutorials/9840-network-discovery-turn-off-windows-8-a.html

http://www.eightforums.com/tutorials/9837-network-location-set-private-public-windows-8-a.html
 

My Computer

System One

  • OS
    Win 8 64-bit
ARC1020 said:
Also, 'Network Discovery' is enabled for both Private and Public networks in your screenshot. ALthough you're on your own LAN connected with cat5, I'd get into the habbit of leaving 'Network Discovery' and 'File Sharing' off for Public Networks, unless there's a particular reason you want it on.
Click to expand...

Oh.. good point.. My understanding isn't nearly as comprehensive as yours.. Will export the settings and then turn off the media player and public discovery junk.
See anything else that catches your eye? Maybe I should do another screen shot for you of the rest of the list.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    CPU
    PentiumD
    Motherboard
    Intel
    Memory
    4 Gigs
You must log in or register to reply here.
Back
Top