Creating outbound rules for the Windows 7 Firewall

i took my first plunge today and it's not as hard as it may first seem when you take a look at the Advanced Settings for the first time.

i wish there was a notification that would popup in the firewall like it does for Inbound connections without rules.
but it is what it is.

i know there are some small utilities that take care of that but i'd rather do this with the tools that are already there.

here's the tutorial i found on the net.
-http://www.howtogeek.com/112564/how-to-create-advanced-firewall-rules-in-the-windows-firewall/
it's quite easy to follow along.

 

I wish you luck.

After multiple attemps, I gave up on configuring outbound rules for the WIN 7 firewall. What I did find out in those attempts is Microsoft dials out using "hidden" services making creating effective rules for svchost.exe impossible. I believe most people don't realize these exist and are inadevertly blocking important browser certificate validations and the like. The worst thing you can do is create an outbound rule for svchost.exe allowing all oubound TCP port 80, 443 activity. By doing that you have overridden all Windows Service Hardening(WSH) processing built into the firewall.

 

well,

it was easy for Firefox.

it's another story altogether when installing a new program that wants to connect as i just found out.
watta bloody nightmare! lol

maybe the mods can delete this whole thread.

 

would it be easier to use like sphinx or another windows firewall control.http://www.sphinx-soft.com

 

tried all of them so far.
just re-installed Wokhan WFN and i'm gonna try this one over the next few days to see how it goes.

i took an image of my machine before just in case it decides to eat my computer. lol

 

LOL.

 

just trying Tinywall right now.
it's the only one of these kind of apps i had not tried so far.

seems pretty easy to use.
i like the "Whitelist by Window" feature.

i just clicked inside the portable Skype window, relaunched Skype and everything worked.

nice!

 

W7 is a very nice firewall. The lightest of them all, but sometimes buggy [sometimes it just blocks the internet for programs when it shouldn't]. Making rules ain't hard at all.
When I use the W7 firewall, the first thing I do is to enable the advanced logging in event viewer using cmd: auditpol /set /subcategory:"{0CCE9225-69AE-11D9-BED3-505054503030}" /failure:enable [what noob had the idea to set this to disabled by default, I have no idea]. It will log in event viewer the blocked program (including path), protocol, port and few other things which I don't care.
Then I use MyEventViewer to filter only the blocking messages [don't remember the category right now and I'm too lasy to boot in Windows] which will help me to make the firewall rules. Then I make the rules.

 

I've had no issues regulating exactly how svchost-related services connect outbound using windows Firewall w/Advanced Security, and that includes protocol, remote port(s), ip addresses, or even blocking whatever I choose.

 

tnx Wroll, but your previous post sounded like rocket science to me.

i'm gonna try TinyWall for a few days and see where it goes.

if it doesn't work out i might just have to learn rocketry! lol

 

It's not hard at all, but I think the following might only work on Pro or Ultimate versions of Win7:

-http://technet.microsoft.com/en-us/library/cc754714(WS.10).aspx-

Also check out the following post: -http://www.wilderssecurity.com/showpost.php?p=1717632&postcount=135- by member Sparviero

I use it on Win7 Ultimate.

 

tnx wat,

-http://technet.microsoft.com/en-us/library/cc754714(WS.10).aspx-
it's way, way too much information.

see! i barely understood a word of all this.
which is my clue i should leave it alone.

i think i'm just gonna stick with TinyWall and pour meself another bloody mary. lol

 

I tried all the of. Tinywall is good but it still blocks the Avast updater no matter what. I cannot add it to the rules either cause the exe is only there when updating and learn mode does not work. Was thinking about paying for WFC but still not sure if that would work.

 

i don't use Avast but have you tried "Allow Outgoing"?

you could always turn off TinyWall while you update Avast and turn it back on when you're finished.
you are still protected by the Windows Firewall anyway even if you turn off TinyWall.

it's worth a try anyway.

 

Avast's updates automatically the way it should be. Like I said I tried them all. Same thing. Anyone else experiencing this issue? Anyone solve it? When Avast Updates, either manually or automatically "avast.setup" runs. It cannot be found in the program folder either. Hidden or not. That is the exe which needs to be allowed but how can you add it when its not even there?

 

hmmm,

perhaps it's time for you to try the Avast support team or their forums?
any luck with that?

 

Its not an Avast issue so they really wouldn't care.

 

this was working for me when i have used avast
http://wokhan.online.fr/progs.php?sec=WFN

 

Is wokhan a good program for an average user.?
Im thinking of using the windows firewall because it is a good firewall.
Thanks.

 

For those interested, Stem provides an excellent tutorial, first 5 posts especially, on creating rules in the firewall here:

-http://www.wilderssecurity.com/showthread.php?t=239750-

It applies to Win7 as well as Vista.

 

tnx wat,

i might just give this a try for fun and knowledge anyway.
worst that can happen is i turn my computer into something as useful as a pile of bricks.

it takes me 3:30 minutes to restore an image anyway.
no biggie.

 

You're welcome! You can always revert it to default configuration if something goes wrong.: -http://www.sevenforums.com/tutorials/525-windows-firewall-restore-default-settings.html-

You may find it helpful digging under the hood a bit, at least to gain some understanding of how it all works, although you can easily use a 3rd party addition to aid in its configuration.

 

i use WFC and i like it apart from a few minor niggles, buts its being active updated

 

i tried wokhan but it notified for EVERY webpage and soon become tiresome, so i ditched it and been using WFC since

 

i did not see this problem you mentioned.

maybe it was an earlier version that was buggy?