Windows Firewall Control (WFC) by BiniSoft.org

Yes, they are special. Svchost.exe is used by all Microsoft Windows services to connect to the Internet. The operating system has some restrictions on which protocols and ports some of these services are expected to execute. This is why for certain services, a generic allow rule will not apply. The same thing for SYSTEM, certain network related actions are expected to happen and allowed only in certain circumstances. If you check the Windows Firewall default rules, there are many rules for svchost.exe and System. They can't just be replaced with 2 rules only.

 

Thanks!

So other than the Windows default rules + WFC recommended rules, it's fine to just ignore any other svchost.exe and System notifications and leave them blocked?

 

WFC recommended rules is a subset of Windows default rules, a minimum ruleset required for basic networking operations. You can use WFC recommended rules as a starting point, on top of which you will add new rules for your custom programs. If you don't need to access/ping your machine from your local network, you can delete all the inbound rules from this subset. Below is my starting ruleset:



No inbound access, my web browser allowed and the rules required for my printer to print papers.