In Vista (or XP for that matter) I've never once been notified when WF supposedly blocks a program. I've looked and looked and can't find anything that really explains this issue and what can be done about it. Does anyone have the real scoop on this?
I cannot answer your question but I have exactly the same thing on Win 7, I never get any notification of blocking from the native firewall and wondered about this myself. Gordon
In Windows 7 x64, I have received notifications occasionally. Check the configuration settings for the Activity Center.
I'm starting to think what WF means by "Blocks a program" is much different than what I think it is. It probably notifies in special circumstances. I've been expecting it to notify like most of the third-party firewalls, but it must work silently most of the time, at least when default settings are used.
Good question, I also wondered about the same thing on Win 8, but I never bothered to do any research. I also got a feeling that it doesn't really alert like regular firewalls.
It only warns when a program is blocked attempting to accept incoming connections, where it's behaving like a server. There are no warnings for blocked outgoing attempts.
I haven't seen a blocking alert from the firewall in years I don't know why either. I do remember there was a lot of criticism about the firewall when it was first released in Vista, it should have been a very good firewall but it seemed that MS saw fit to cripple it shortly before release by not including outbound alerts. As soon as I saw it I felt it was deliberate to ensure malware could phone home, most people seemed to think that opinion was just tin foil hat stuff then several years later Snowden revealed a few things...
wat0114 is correct. Only problem for me is its log don't show what program tried to perform outbound connection. Default-allow outbound is IMO unavoidable, otherwise there will be too many troubles. One way is to build up smart decision based on whitelist, blacklist, and some kind of heuristics but that's too much for Win FW as basic FW, and I think many advanced user don't want that. If you don't like, change setting to block outbound connection and adjust rules so that only necessary connection can be made.
Thanks for the explanation guys, I understand more fully now. 142395 .... Yes I already block incoming and outgoing connections that don't match a specified rule. Gordon
Start with post #135 and read down to #142. It's a bit crude but it does work. https://www.wilderssecurity.com/thre...vanced-security-guide-for-vista.239750/page-6
Microsoft would seem to go by the surmise that if anything non-legit is on your system making outbound calls then your anti-malware is at fault rather than the firewall. Incidentally the in built firewall on linux runs pretty much the same way although on linux there are more controls over outbound connections.
I believe that is true only for application programs. I have had incoming blocks from svchost.exe and not a peep from the WIN 7 x 64 firewall.