1) true 2) true (it's just a list, filters are not applied forr this apps) 3) true (inet access enabled, except of applied rules with "block" action) as example: -> allow IE internet access you just check iexplore.exe in apps list -> then you need to block 1900 port -> just create new rule 1900/block and apply created rule to iexplore.exe -> simple, isn't it? 4) applied only filters you selected for the app, no another rules applied for the app. Ok, thank you! Lol. In Win10, Matrix has you. In Win7, you have Matrix!
I do not who had who, but would have been useful to provide instructions how to disable Win firewall in Win 10 without nagging: Solution 1. In Windows Security, enable the firewall for all network profiles. Ensure the security centre shield shows a green tick. Do not proceed until security centre is happy. 2. Run gpedit.msc to open local security policy editor as administrator. 3. Navigate to Computer Configuration, Windows Settings, Security Settings, Windows Firewall with Advanced Security. 4. Under Overview, click "Windows Defender Firewall Properties". 5. For each of the required profiles, set Firewall state to "Off".
simplewall is a free program so dev is not obliged to handle every aspect involved. As a community (Wilders) we might suggest changes, improvements or bug fixes. That's it. Now you wrote down a solution. That's great. Fine.
When you get a pop up from IE, assign the "http" rule. If you are on 64bit, you will get 2 pop-up; one for IE and one for IEx86. For both assign "http" rule
Thanks Popescu! Even though I don't use Win10, I am adding your helpful suggestions (Posts # 553 & 556) to my knowledge base -- for my friends who DO use Win10.
Yes, this is a typical procedure to disable windows firewall without getting nags every time you boot your PC and without a red x on "Windows security" icon However, it has been rumoured that this procedure doesn't work for win10 home edition.
Not a rumor. Home does not have gpedit. There probably are some registry edits Home people could do. But then next (of too many) upgrades will likely destroy it. Even though I have Windows-Pro, I decided not to use gpedit. I've learned to live with that red X. And if it vanishes, I will immediately know that something just enabled the firewall. I will also know because the firewall I use (Sphinx) will show popups with "Window Firewall" in the text.
Is not only the red X, but also the pop up time to time about windows firewall being disabled. And is not a good idea to be comfortable with a red x on Windows security icon, because it can be generated for a different reason and you will assume that is because the firewall being disabled.
C:\windows\system32\svchost.exe to ports:80, 443 C:\programdata\microsoft\windows defender\platform\x.xx.xxxx.x-x\msmpeng.exe to ports: 80, 443 C:\programdata\microsoft\windows defender\platform\x.xx.xxxx.x-x\mpcmdrun.exe to ports 80, 443 if it's only checking for protection updates, it will probably only need the svchost rule on port 443. Otherwise, good luck with the other rules, because the "x" variables will occasionally change when the defender engine updates to a newer version. Of course if Simplewall can handle path variables, then you're good to go.
Thanks, but if I open svchost.exe to TCP80,443 is like not having a firewall. Any app can use svchost.exe to communicate over internet. A good example is AdobeX which uses svchost.exe to update.
We've gone over this before, so this is the last time I will explain this to you in hopes you will grasp and embrace the concept; if Simplewall rules can handle remote IP addresses using subnet masks or CIDR blocks, then you can spend a few hours to study how subnet masking and CIDR blocks work, from which you can restrict your rules further by utilizing one or the other concepts. If detailed logging is provided, you can easily figure this out. Remember, knowledge is power.
Hi, I am a long time user of the SimpleWall firewall. Now that I use two laptops, I would like to network share on them both to share files etc. This will only work if I disable SimpleWall. So can you tell me what I need to disable in SimpleWall in order to get both laptops to see each other without compromising on the firewall security? Thank in advance and stay safe everyone!! Scorpion7
After one month, THE GOOD, THE BAD and THE UGLY THE GOOD: nice interface , not based on Windows Firewall, can group the rules per app, minimum impact on CPU and RAM THE BAD: in Win10 you need to manually disable Win Firewall in order not to get alerts about "Firewall disabled" not clear how to use "Service" and "Packages" not possible to use wildcards THE UGLY ; almost zero documentation, on every step you need to "guess" how to do it or what is going to happen because of lack of documentation you do not know if you are doing something wrong or the firewall has an issue no detection if an app is using another app or BITS in order to connect to internet. Ex: if you allow svchost.exe TCP 443 and 80 for windows updates , adobe acrobat X can check for updates without warning.Restricting the interval to Windows IP's (around 1 million) doesn't help. CONCLUSION Nice program , which can improve your computer "cool factor" ; will allow you to restrict access to the internet for most legit applications A well designed malware will slip through without warning, so the firewall will not add another layer of defence to your security suite. After playing with it for 4 weeks, guessing here and there , I uninstalled it.
based on what is happening with "Apps" , services without a check mark should have network access denied , the same like an app without a check mark. But this seems not to be the case....
I guess this is because services can't access network by themselves. Windows services usually use svchost.exe for those. By the method I showed above you can deny specific services.
OK then, but for consistency, all services should have a "check mark" (like unrestricted access) and the user should remove the check mark to block the device or should create rules, the same like in Apps
This could be a limitation of WFP. Anyway you don't need to create multiple block rules. Just create one and check all the services you wish from the list in the rule creation wizard. Enable dropped packet logging so you can analyze what has been blocked.