Win 10, what could be done with MS re-enabling disabled firewall rules

Discussion in 'other firewalls' started by lunarlander, Feb 20, 2019.

  1. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    220
    Hi,

    Win 10 automatically re-enables firewall rules that have been deliberately disabled. Like for Photos, Xbox and several others. These are apps that are not being used. What could be done ?
     
  2. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    Idk about Windows Firewall, but you can use a 3rd party firewall if you want finer control and other features
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,800
    Location:
    Romania
    This works as expected. Depending on the features/programs that are required, the operating system will enable/disable certain firewall rules based on their group name. You can use Windows Firewall Control to remove these rules (you don't use them anyway) and enable Secure Rules so that they won't be recreated again.
     
  4. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    408
    Unless you are on a Home version without access to it you could rely on the Group Policy firewall instead.

    1) Export the existing (desired) firewall rules to a .wfw
    2) Run gpedit.msc > Local Computer Policy > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security
    3) import the .wfw you saved
    4) Open up the properties and then for each of the 3 'profile' tabs goto > settings > customize > apply local firewall rules = no
    5) Remember to add any new rules or make changes here instead or they won't get applied.
    Then apps you install or windows Apps, update etc can 'enable', add, remove to their hearts content in the normal firewall area and the rules will simply be ignored applying only those existing in gp.
     
  5. guest

    guest Guest

    Or a Windows Firewall front end Gui, there is some good ones like binisoft/Malwarebytes WFC, easy to use, quite efficient and free.

    About the OP question, he can just export his settings and import them back after the updates/upgrades.
     
  6. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
    Windows Firewall rules are in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
    By manipulating permissions to it, you can prohibit or allow changes to the firewall rules. There are solutions in the form of .bat + subinacl.exe.
     
  7. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    Someone already tried that and it resulted in BSOD. I remove all rules daily and then re-apply mine.
    Code:
    netsh advfirewall firewall delete rule name=all
     
  8. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
    Blocking firewall rules can not lead to BSOD. I block with .bat + subinacl.exe, and everything works fine.
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    Blocking firewall rules not, but blocking permissions for system processes can, because it is an unexpected behaviour and it can result in a crash.
     
  10. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    451
    Location:
    Germany
    Blocking Firewall Rules through locking Registry Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules (including blocking permissions for system processes) no errors or bsod.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,721
    Location:
    U.S.A.
    It's almost impossible to control creation/deletion of Win 10 firewall rules. For example everytime a Win 10 store app is updated, its file name changes. The OS will delete any existing firewall rules and create new ones for the app.

    Much worse is recent Abode Reader DC behavior I have observed. Everytime a .pdf is opened via browser, Reader will delete its existing firewall rule(why one exists is beyond me) and create a new firewall rule. Believe its either protected mode or appcontainer causing this but as expected, Abobe is of zip help with the behavior.
     
  12. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    220
    I tried using Task Scheduler to automatically re-import a exported set of rules, but now, MS disallows that. Manually importing previously exported rules is fine, just not a scheduled one.

    Found a solution. BiniSoft's Windows Firewall Control. It has a Secure Rules feature, and correctly blocks all changes. Let's see what MS's next move is.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.