Creating outbound rules for the Windows 7 Firewall

Discussion in 'other firewalls' started by moontan, Sep 16, 2012.

Thread Status:
Not open for further replies.
  1. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i took my first plunge today and it's not as hard as it may first seem when you take a look at the Advanced Settings for the first time.

    i wish there was a notification that would popup in the firewall like it does for Inbound connections without rules.
    but it is what it is.

    i know there are some small utilities that take care of that but i'd rather do this with the tools that are already there.

    here's the tutorial i found on the net.
    -http://www.howtogeek.com/112564/how-to-create-advanced-firewall-rules-in-the-windows-firewall/
    it's quite easy to follow along.
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I wish you luck.

    After multiple attemps, I gave up on configuring outbound rules for the WIN 7 firewall. What I did find out in those attempts is Microsoft dials out using "hidden" services making creating effective rules for svchost.exe impossible. I believe most people don't realize these exist and are inadevertly blocking important browser certificate validations and the like. The worst thing you can do is create an outbound rule for svchost.exe allowing all oubound TCP port 80, 443 activity. By doing that you have overridden all Windows Service Hardening(WSH) processing built into the firewall.
     
  3. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    well,

    it was easy for Firefox.

    it's another story altogether when installing a new program that wants to connect as i just found out.
    watta bloody nightmare! lol

    maybe the mods can delete this whole thread. :D
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
  5. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tried all of them so far.
    just re-installed Wokhan WFN and i'm gonna try this one over the next few days to see how it goes.

    i took an image of my machine before just in case it decides to eat my computer. lol
     
  6. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
  7. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    just trying Tinywall right now.
    it's the only one of these kind of apps i had not tried so far.

    seems pretty easy to use.
    i like the "Whitelist by Window" feature.

    i just clicked inside the portable Skype window, relaunched Skype and everything worked.

    nice! :thumb:
     
  8. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    W7 is a very nice firewall. The lightest of them all, but sometimes buggy [sometimes it just blocks the internet for programs when it shouldn't]. Making rules ain't hard at all.
    When I use the W7 firewall, the first thing I do is to enable the advanced logging in event viewer using cmd: auditpol /set /subcategory:"{0CCE9225-69AE-11D9-BED3-505054503030}" /failure:enable [what noob had the idea to set this to disabled by default, I have no idea]. It will log in event viewer the blocked program (including path), protocol, port and few other things which I don't care.
    Then I use MyEventViewer to filter only the blocking messages [don't remember the category right now and I'm too lasy to boot in Windows] which will help me to make the firewall rules. Then I make the rules.
     
  9. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    I've had no issues regulating exactly how svchost-related services connect outbound using windows Firewall w/Advanced Security, and that includes protocol, remote port(s), ip addresses, or even blocking whatever I choose.
     
  10. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx Wroll, but your previous post sounded like rocket science to me. ;)

    i'm gonna try TinyWall for a few days and see where it goes.

    if it doesn't work out i might just have to learn rocketry! lol
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    It's not hard at all, but I think the following might only work on Pro or Ultimate versions of Win7:

    -http://technet.microsoft.com/en-us/library/cc754714(WS.10).aspx-

    Also check out the following post: -http://www.wilderssecurity.com/showpost.php?p=1717632&postcount=135- by member Sparviero

    I use it on Win7 Ultimate.
     
  12. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx wat,

    -http://technet.microsoft.com/en-us/library/cc754714(WS.10).aspx-
    it's way, way too much information.

    see! i barely understood a word of all this.
    which is my clue i should leave it alone. ;)

    i think i'm just gonna stick with TinyWall and pour meself another bloody mary. lol
     
    Last edited: Sep 16, 2012
  13. Aventador

    Aventador Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    420
    I tried all the of. Tinywall is good but it still blocks the Avast updater no matter what. I cannot add it to the rules either cause the exe is only there when updating and learn mode does not work. Was thinking about paying for WFC but still not sure if that would work.
     
  14. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i don't use Avast but have you tried "Allow Outgoing"?

    you could always turn off TinyWall while you update Avast and turn it back on when you're finished.
    you are still protected by the Windows Firewall anyway even if you turn off TinyWall.

    it's worth a try anyway.
     
  15. Aventador

    Aventador Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    420
    Avast's updates automatically the way it should be. Like I said I tried them all. Same thing. Anyone else experiencing this issue? Anyone solve it? When Avast Updates, either manually or automatically "avast.setup" runs. It cannot be found in the program folder either. Hidden or not. That is the exe which needs to be allowed but how can you add it when its not even there? :eek:
     
  16. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    hmmm,

    perhaps it's time for you to try the Avast support team or their forums?
    any luck with that?
     
  17. Aventador

    Aventador Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    420
    Its not an Avast issue so they really wouldn't care.
     
  18. Romagnolo1973

    Romagnolo1973 Registered Member

    Joined:
    Feb 17, 2009
    Posts:
    518
    Location:
    Italy - Ravenna
  19. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Is wokhan a good program for an average user.?
    Im thinking of using the windows firewall because it is a good firewall.
    Thanks.:ninja: :blink:
     
  20. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    For those interested, Stem provides an excellent tutorial, first 5 posts especially, on creating rules in the firewall here:

    -http://www.wilderssecurity.com/showthread.php?t=239750-

    It applies to Win7 as well as Vista.
     
  21. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx wat,

    i might just give this a try for fun and knowledge anyway. :thumb:
    worst that can happen is i turn my computer into something as useful as a pile of bricks. ;)

    it takes me 3:30 minutes to restore an image anyway.
    no biggie.
     
  22. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    You're welcome! You can always revert it to default configuration if something goes wrong.: -http://www.sevenforums.com/tutorials/525-windows-firewall-restore-default-settings.html-

    You may find it helpful digging under the hood a bit, at least to gain some understanding of how it all works, although you can easily use a 3rd party addition to aid in its configuration.
     
  23. garry35

    garry35 Registered Member

    Joined:
    Jan 20, 2009
    Posts:
    329
    i use WFC and i like it apart from a few minor niggles, buts its being active updated
     
  24. garry35

    garry35 Registered Member

    Joined:
    Jan 20, 2009
    Posts:
    329
    i tried wokhan but it notified for EVERY webpage and soon become tiresome, so i ditched it and been using WFC since
     
  25. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i did not see this problem you mentioned.

    maybe it was an earlier version that was buggy?
     
Loading...
Thread Status:
Not open for further replies.