Windows 8 and 8.1 Forums


Windows Firewall Questions

  1. #1


    Posts : 12
    Windows 8.1

    Windows Firewall Questions


    Hello,

    Have a windows 8.1 x64 pc. If I set my network to public and "block all connections including apps on the list of allowed apps," will this also block allowed apps in 'advanced settings' or are those not included? Or do I need to disable some of the incoming connections in 'advanced settings' for public?

    I'm going to be travelling and connecting to untrusted networks and want everything incoming blocked by default. I will also be using a VPN.

    Do you think outbound protection is necessary? I'm completely paranoid about what I allow to be installed and regularly scan with tdsskiller, malwarebytes, eset nod32, and super antispyware. I haven't got a virus in many, many years.

    Thank you!

      My System SpecsSystem Spec

  2. #2


    Canada
    Posts : 1,950
    windows 8.1 Update 1 Pro 64bit


    Who's firewall are you using, Windows or Eset?
      My System SpecsSystem Spec

  3. #3


    Posts : 12
    Windows 8.1


    Windows, just using eset for anti-virus. Also, I won't be using the vpn all the time, only for work related activities. Otherwise, i'll try to make sure to connect to https:// version of trusted websites.
      My System SpecsSystem Spec

  4. #4


    Posts : 446
    Win 8 64-bit


    Yes, if it's set to 'Block All Connections', it blocks all incoming connections, regardless of any green (allowed/active) rules in the inbound rules.

    In the 'Advanced' section, if you go to 'Windows Firewall Properties', for each profile (domain/private/public), there are two block settings for inbound connections and you can tell what each of them do by the text description in the 'overview' section (see below screenshot).

    If it's set to 'Block (default)', all inbound connections that do not match a rule are blocked (so if there's an allow rule there, it will be allowed). When a connection attempt is encountered, Windows Firewall will first look through all the block rules and if it doesn't find a matching rule it will then look through all the allow rules. As soon as it encounters a matching rule it will stop and apply that rule. If it comes across no rules, then it will apply the action you've set in the 'Windows Firewall Properties' settings (in this case block).

    If it's set to 'Block All Connections', all inbound connections are blocked (regardless of the rules).


    Click image for larger version


    Blocking all incoming connections won't prevent your apps from working as it's blocking incoming connections, not traffic. Internet traffic itself travels in both ways along the connection, however the apps themselves make outgoing connections. I'm not sure about the Skype app though, as I've never tired it.

    For me I always set all networks to public and set it to 'Block All [incoming] Connections' (even at home), as I never need to receive incoming connections (such as for file sharing, hosting games, etc.) or share/stream anything over a network. Different people have different uses though.

    As for your second question, whether outbound rules are necessary is a bit of a disputed area. I use outbound rules myself, but that's more of a personal preference than anything, as I just take an interest in what's making connections and to where. You can also use outbound rules to prevent perfectly legitimate software from phoning home whenever it wants to.

    However, the other school of thought is that outbound rules don't really offer any solid protection against malicious software dialling out to command & control domains because as soon as a piece of software is able to get/is allowed admin privileges, it's game over as it can do what it wants, including creating it's own firewall exceptions, disabling/bypassing firewall protection altogether or possibly even installing it's own drivers. Smartscreen filter and UAC are probably more effective in reality (so there's a reduced chance of people being accidently tricked into installing malicious software), but it may be worth you reading around and deciding what you want to do yourself, as the verdict is split.

    They way I see it is it's all extra layers. Although Windows Firewall isn't particularly user friendly, so you will need to have a bit of an idea what you want it to do when setting up the rules.
    Last edited by ARC1020; 19 Jul 2014 at 11:15.
      My System SpecsSystem Spec

  5. #5


    Posts : 446
    Win 8 64-bit


    ... continued from previous post

    Also one of the major problems with outgoing rules is that the user needs to keep on top of their firewall rules to ensure things that they don't want blocked aren't automatically blocked. That means it requires maintenance, which for most people is just a nuisance, a PITA and really is more hassle than it's worth. The vast majority of people just aren't going to bother, which means it will inevitably lead to problems. Then there's the problem with things being blocked that shouldn't be blocked, for example blocking svchost from connecting to Certificate Authorities to download Certificate Revocation Lists, etc., which blocking will actually make the user less secure.

    Unlike third party firewalls that display notifications for outgoing connections, Windows Firewall doesn't. Therefore, if setting outbound filtering, I'd strongly suggest turning on Firewall blocked connection logging in Group Policy so that you can see exactly what's being blocked by Windows Firewall. Otherwise you will almost certainly end up blocking legitimate Windows Processes that should be allowed to access the internet. Like I mentioned, Windows Firewall is not user friendly in the slightest and I don't think they really designed it for consumer use because of the headaches blocked outbound firewall connections can cause and debatable gain you get from it. But if you do fancy learning about it:

    Enable Windows Firewall Blocked Connection Logging:
    Group Policy Editor > Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Object Access > Audit Filtering Platform Connection > Failure

    Click image for larger version


    Create Firewall Blocked Connection Event Logs in Event Viewer:
    Event Viewer > Create Custom View > XML > Edit Query Manually

    Blocked Inbound Connections Custom View

    Code:
    <QueryList>
      <Query Id="0" Path="Security">
        <Select Path="Security">*[System[(EventID=5150 or EventID=5157)]]
       and *[EventData[Data[@Name="Direction"]="%%14592"]]
    </Select>
      </Query>
    </QueryList>
    Blocked Outbound Connections Custom View

    Code:
    <QueryList>
      <Query Id="0" Path="Security">
        <Select Path="Security">*[System[(EventID=5150 or EventID=5157)]]
       and *[EventData[Data[@Name="Direction"]="%%14593"]]
    </Select>
      </Query>
    </QueryList>

    Which will look similar to this in Event Viewer:

    Click image for larger version
      My System SpecsSystem Spec

Windows Firewall Questions
Related Threads
Windows 8.1 - Firewall Items in System Security
Hello there, New to the forums. Going to have a lot of Windows 8.1 items to discuss and solve (I am a MCSE) so I can discuss at length. I am just posting here to bring some items to peoples attentions, find out what we all have in common and then see if we can find a solution everyone can...
Hi guys, i hava a problem with starting windows firewall on Win 8.1 64 bit, so i tried to manually modify BFE permissions to everyone in registry, but i have no access, it says: registry voice can't be overvritten. I tried tu go in servicies and start it on Auto but i got error 5 "acces denied"....
Hi, I'm running windows 8.1 on my asus x550 laptop,the issue is windows firewall can't be turned off, and when it is on it blocks everything including the browsers and also kaspersky antivirus 2014. I use tiny wall instead of the default firewall,the problem is when I turn off the windows...
Windows Firewall Settings in System Security
First off let me say that I'm a complete moron when it comes to firewall settings. I have no idea what I'm doing, haven't a clue about firewall "rules" and basically have to be directed. The only time I really messed with any firewall settings was YEARS ago when I was running the Look-n-Stop...
Windows 8 Firewall. in System Security
Good Morning All, I am having trouble again (with a capital T), I am running Windows Defender and would like to have Windows Firewall running along side it for complete protection. It does not matter what I do the Firewall will not allow me to switch it on and I cannot find out why. My thoughts now...
Solved Windows Firewall?? in System Security
How do I get to it?? lol
Eight Forums Android App Eight Forums IOS App Follow us on Facebook