Firewall Issues


Pocah

Pocah

Well-known member
Member
Local time
5:08 AM
Posts
131
OS
Win 11
I am having an ever-increasing issue with the Win 11 firewall.

Apps are bypassing it. The latest one is iCUE.

This app, from Corsair, is a darn nuisance, because Corsair can't develop software to save their lives and often release a new version that has fatal problems. To limit damage, I block updates in the firewall, and then check the forum before manually updating. Problem is that now it seems that iCUE can see right through the firewall despite attempts to block it. I blocked the app, the loader and the updater. Doesn't stop it.

I don't understand the situation here, but what I am wondering is, is there a better firewall app to help out with this situation?
 

My Computer My Computer

At a glance

Win 111270032gb3070ti
OS
Win 11
Computer type
PC/Desktop
CPU
12700
Memory
32gb
Graphics Card(s)
3070ti
Sound Card
-
Screen Resolution
3840x1600, 2560x1080
Even when you enable outbound blocking and remove default rules, windows firewall adds them back at will.
You have to use something like Binisoft WFC, it will protect rules from tampering by an app with admin rights.

capture_12202023_183218.jpg
 

My Computer My Computer

At a glance

Home26H2CanAMD Ryzen 5 8600G (07/24)2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200...ASROCK Radeon RX 6600 Challenger D 8G @48FPS ...
OS
Home26H2Can
Computer type
PC/Desktop
CPU
AMD Ryzen 5 8600G (07/24)
Motherboard
ASROCK B650M-HDV/M.2 (07/24) BIOS 4.21 AGESA ComboAM5 1.3.0.1 (04/26)
Memory
2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200 CL36 (07/24)
Graphics Card(s)
ASROCK Radeon RX 6600 Challenger D 8G @48FPS (08/24)
Sound Card
Creative Sound BlasterX AE-5 Plus (05/24)
Monitor(s) Displays
24" Philips 24M1N3200ZS/00 (05/24)
Screen Resolution
1920×1080@165Hz via DP1.4
Hard Drives
Kingston KC3000 NVMe 2TB (05/24)
ADATA XPG GAMMIX S11 Pro 512GB (07/19)
PSU
Seasonic Core GM 550 Gold (04/24)
Case
Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
Cooling
Noctua NH-U12S with Noctua NF-P12 (04/24)
Keyboard
HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
Mouse
Logitech M330 Silent Plus (01/26)
Internet Speed
500/100 Mbps via RouterOS (05/21) & TCP Optimizer
Browser
Edge, Brave for YouTube, LibreWolf for FB
Antivirus
NextDNS blocking 1/3 Traffic
Other Info
Phone: Motorola Moto G86 (02/26)
Backup: Hasleo Backup Suite (PreOS)
Headphones: Sennheiser RS170 (09/10)
Chair: Huzaro Force 4.4 Grey Mesh (05/24)
Notifier: Xiaomi Mi Band 9 Milanese (10/24)
FlexCore USB-C 3.2 Gen 1 (M) to LAN (F) (08/25)
If you create a new rule for the app in question and set it to block outbound (and optionally inbound) then any rule that allows that specific app will have no effect.

Those rules which allow it are created by that app, deleting them doesn't help since they can be recreated without your knowledge, but creating block rule voids them all because block rule has precedence over allow rules.
 

My Computer My Computer

At a glance

Windows 11 Pro 23H2Intel i3 8100 @3.6Ghz1 x 16GB DDR4 @2400 MHzNvidia GeForce GT 1030 2GB SDDR4
OS
Windows 11 Pro 23H2
Computer type
PC/Desktop
Manufacturer/Model
MSI / MS-7B29
CPU
Intel i3 8100 @3.6Ghz
Motherboard
H310M PRO-VDH (MS-7B29)
Memory
1 x 16GB DDR4 @2400 MHz
Graphics Card(s)
Nvidia GeForce GT 1030 2GB SDDR4
Sound Card
Realtek VEN_10EC&DEV_0887 / NVIDIA VEN_10DE&DEV_0081
Monitor(s) Displays
Acer V226HQL
Screen Resolution
1920 x 1080
Hard Drives
SSD 500 GB Crucial MX500 / HDD 1 TB TOSHIBA DT01ACA100
PSU
ATX, details unknown
Case
Everest 551B
Cooling
details unknown
Keyboard
Mechanical Gaming Hydra R7 - Rampage
Mouse
Logitech G703
Internet Speed
Down: 28Mbps / Up: 19Mbps
Browser
Microsoft Edge
Antivirus
Microsoft Defender Antivirus
Other Info
Bluetooth: TP Link 5.0 Nano USB adapter UB500
WLAN: D-Link 150 Pico USB adapter, N standard
Web camera: Logitech C270 HD 720p @30fps
Microphone: Trust MICO, model 23790
zebal said:
Those rules which allow it are created by that app, deleting them doesn't help since they can be recreated without your knowledge, but creating block rule voids them all because block rule has precedence over allow rules.
Click to expand...
Yes, but Windows works in mysterious ways and it presumes that user is always wrong, like accidentally blocking an app.
Besides apps change with an each update, so blocking an exe will not block an updated exe. I had a problem to enable them.
C:\program files\windowsapps\microsoft.windowsstore_22311.1401.2.0_x64__8wekyb3d8bbwe\winstore.app.exe
Click to expand...
 

My Computer My Computer

At a glance

Home26H2CanAMD Ryzen 5 8600G (07/24)2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200...ASROCK Radeon RX 6600 Challenger D 8G @48FPS ...
OS
Home26H2Can
Computer type
PC/Desktop
CPU
AMD Ryzen 5 8600G (07/24)
Motherboard
ASROCK B650M-HDV/M.2 (07/24) BIOS 4.21 AGESA ComboAM5 1.3.0.1 (04/26)
Memory
2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200 CL36 (07/24)
Graphics Card(s)
ASROCK Radeon RX 6600 Challenger D 8G @48FPS (08/24)
Sound Card
Creative Sound BlasterX AE-5 Plus (05/24)
Monitor(s) Displays
24" Philips 24M1N3200ZS/00 (05/24)
Screen Resolution
1920×1080@165Hz via DP1.4
Hard Drives
Kingston KC3000 NVMe 2TB (05/24)
ADATA XPG GAMMIX S11 Pro 512GB (07/19)
PSU
Seasonic Core GM 550 Gold (04/24)
Case
Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
Cooling
Noctua NH-U12S with Noctua NF-P12 (04/24)
Keyboard
HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
Mouse
Logitech M330 Silent Plus (01/26)
Internet Speed
500/100 Mbps via RouterOS (05/21) & TCP Optimizer
Browser
Edge, Brave for YouTube, LibreWolf for FB
Antivirus
NextDNS blocking 1/3 Traffic
Other Info
Phone: Motorola Moto G86 (02/26)
Backup: Hasleo Backup Suite (PreOS)
Headphones: Sennheiser RS170 (09/10)
Chair: Huzaro Force 4.4 Grey Mesh (05/24)
Notifier: Xiaomi Mi Band 9 Milanese (10/24)
FlexCore USB-C 3.2 Gen 1 (M) to LAN (F) (08/25)
TairikuOkami said:
Besides apps change with an each update, so blocking an exe will not block an updated exe.
Click to expand...
Agree with that! in an app is updated then block rule might no longer be valid due to path or file name change, so you'd need to recreate or update the block rule.
 

My Computer My Computer

At a glance

Windows 11 Pro 23H2Intel i3 8100 @3.6Ghz1 x 16GB DDR4 @2400 MHzNvidia GeForce GT 1030 2GB SDDR4
OS
Windows 11 Pro 23H2
Computer type
PC/Desktop
Manufacturer/Model
MSI / MS-7B29
CPU
Intel i3 8100 @3.6Ghz
Motherboard
H310M PRO-VDH (MS-7B29)
Memory
1 x 16GB DDR4 @2400 MHz
Graphics Card(s)
Nvidia GeForce GT 1030 2GB SDDR4
Sound Card
Realtek VEN_10EC&DEV_0887 / NVIDIA VEN_10DE&DEV_0081
Monitor(s) Displays
Acer V226HQL
Screen Resolution
1920 x 1080
Hard Drives
SSD 500 GB Crucial MX500 / HDD 1 TB TOSHIBA DT01ACA100
PSU
ATX, details unknown
Case
Everest 551B
Cooling
details unknown
Keyboard
Mechanical Gaming Hydra R7 - Rampage
Mouse
Logitech G703
Internet Speed
Down: 28Mbps / Up: 19Mbps
Browser
Microsoft Edge
Antivirus
Microsoft Defender Antivirus
Other Info
Bluetooth: TP Link 5.0 Nano USB adapter UB500
WLAN: D-Link 150 Pico USB adapter, N standard
Web camera: Logitech C270 HD 720p @30fps
Microphone: Trust MICO, model 23790
TairikuOkami said:
Yes, but Windows works in mysterious ways and it presumes that user is always wrong, like accidentally blocking an app.
Click to expand...

Yes, this seems to be what I am finding. With iCUE, on two other PC's the block in the firewall seems to work, but not on the third. I can't for the life of me find out why.

This is what I find annoying about Firewall, there seems to be a depth of function that is just not accessible to the end user.
 

My Computer My Computer

At a glance

Win 111270032gb3070ti
OS
Win 11
Computer type
PC/Desktop
CPU
12700
Memory
32gb
Graphics Card(s)
3070ti
Sound Card
-
Screen Resolution
3840x1600, 2560x1080
Pocah said:
Yes, this seems to be what I am finding.
Click to expand...
You can try to block it per name, if you do not use it, like:
Code: 
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "iCUE.exe" /f
zebal said:
in an app is updated then block rule might no longer be valid due to path or file name change
Click to expand...
Indeed, WFC solved that issue by providing a "secret" wildcard (due to malware) based on the file name or path (in capital letters).
capture_12202023_185516.jpg
 

My Computer My Computer

At a glance

Home26H2CanAMD Ryzen 5 8600G (07/24)2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200...ASROCK Radeon RX 6600 Challenger D 8G @48FPS ...
OS
Home26H2Can
Computer type
PC/Desktop
CPU
AMD Ryzen 5 8600G (07/24)
Motherboard
ASROCK B650M-HDV/M.2 (07/24) BIOS 4.21 AGESA ComboAM5 1.3.0.1 (04/26)
Memory
2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200 CL36 (07/24)
Graphics Card(s)
ASROCK Radeon RX 6600 Challenger D 8G @48FPS (08/24)
Sound Card
Creative Sound BlasterX AE-5 Plus (05/24)
Monitor(s) Displays
24" Philips 24M1N3200ZS/00 (05/24)
Screen Resolution
1920×1080@165Hz via DP1.4
Hard Drives
Kingston KC3000 NVMe 2TB (05/24)
ADATA XPG GAMMIX S11 Pro 512GB (07/19)
PSU
Seasonic Core GM 550 Gold (04/24)
Case
Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
Cooling
Noctua NH-U12S with Noctua NF-P12 (04/24)
Keyboard
HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
Mouse
Logitech M330 Silent Plus (01/26)
Internet Speed
500/100 Mbps via RouterOS (05/21) & TCP Optimizer
Browser
Edge, Brave for YouTube, LibreWolf for FB
Antivirus
NextDNS blocking 1/3 Traffic
Other Info
Phone: Motorola Moto G86 (02/26)
Backup: Hasleo Backup Suite (PreOS)
Headphones: Sennheiser RS170 (09/10)
Chair: Huzaro Force 4.4 Grey Mesh (05/24)
Notifier: Xiaomi Mi Band 9 Milanese (10/24)
FlexCore USB-C 3.2 Gen 1 (M) to LAN (F) (08/25)
TairikuOkami said:
Indeed, WFC solved that issue by providing a "secret" wildcard based on the file name or path (in capital letters).
Click to expand...
I'm curious what would happen if malware is renamed to a name which the WFC allows as wildcard?
I assume it would allow malware out the same way it allows legitimate program?
 

My Computer My Computer

At a glance

Windows 11 Pro 23H2Intel i3 8100 @3.6Ghz1 x 16GB DDR4 @2400 MHzNvidia GeForce GT 1030 2GB SDDR4
OS
Windows 11 Pro 23H2
Computer type
PC/Desktop
Manufacturer/Model
MSI / MS-7B29
CPU
Intel i3 8100 @3.6Ghz
Motherboard
H310M PRO-VDH (MS-7B29)
Memory
1 x 16GB DDR4 @2400 MHz
Graphics Card(s)
Nvidia GeForce GT 1030 2GB SDDR4
Sound Card
Realtek VEN_10EC&DEV_0887 / NVIDIA VEN_10DE&DEV_0081
Monitor(s) Displays
Acer V226HQL
Screen Resolution
1920 x 1080
Hard Drives
SSD 500 GB Crucial MX500 / HDD 1 TB TOSHIBA DT01ACA100
PSU
ATX, details unknown
Case
Everest 551B
Cooling
details unknown
Keyboard
Mechanical Gaming Hydra R7 - Rampage
Mouse
Logitech G703
Internet Speed
Down: 28Mbps / Up: 19Mbps
Browser
Microsoft Edge
Antivirus
Microsoft Defender Antivirus
Other Info
Bluetooth: TP Link 5.0 Nano USB adapter UB500
WLAN: D-Link 150 Pico USB adapter, N standard
Web camera: Logitech C270 HD 720p @30fps
Microphone: Trust MICO, model 23790
zebal said:
I assume it would allow malware out the same way it allows legitimate program?
Click to expand...
Yes, thus the reason, it is preferable to allow only based on a "protected" path and not allow something like Temp folder. Then again, unless someone would be in a targeted attack, it does not really matter. Most people give away their PC for mere asking (phishing).
 

My Computer My Computer

At a glance

Home26H2CanAMD Ryzen 5 8600G (07/24)2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200...ASROCK Radeon RX 6600 Challenger D 8G @48FPS ...
OS
Home26H2Can
Computer type
PC/Desktop
CPU
AMD Ryzen 5 8600G (07/24)
Motherboard
ASROCK B650M-HDV/M.2 (07/24) BIOS 4.21 AGESA ComboAM5 1.3.0.1 (04/26)
Memory
2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200 CL36 (07/24)
Graphics Card(s)
ASROCK Radeon RX 6600 Challenger D 8G @48FPS (08/24)
Sound Card
Creative Sound BlasterX AE-5 Plus (05/24)
Monitor(s) Displays
24" Philips 24M1N3200ZS/00 (05/24)
Screen Resolution
1920×1080@165Hz via DP1.4
Hard Drives
Kingston KC3000 NVMe 2TB (05/24)
ADATA XPG GAMMIX S11 Pro 512GB (07/19)
PSU
Seasonic Core GM 550 Gold (04/24)
Case
Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
Cooling
Noctua NH-U12S with Noctua NF-P12 (04/24)
Keyboard
HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
Mouse
Logitech M330 Silent Plus (01/26)
Internet Speed
500/100 Mbps via RouterOS (05/21) & TCP Optimizer
Browser
Edge, Brave for YouTube, LibreWolf for FB
Antivirus
NextDNS blocking 1/3 Traffic
Other Info
Phone: Motorola Moto G86 (02/26)
Backup: Hasleo Backup Suite (PreOS)
Headphones: Sennheiser RS170 (09/10)
Chair: Huzaro Force 4.4 Grey Mesh (05/24)
Notifier: Xiaomi Mi Band 9 Milanese (10/24)
FlexCore USB-C 3.2 Gen 1 (M) to LAN (F) (08/25)
@Pocah
If you want to do it in Windows firewall see tutorial below on how to block a program in Windows firewall.
www.enterprisestorageforum.com

How to Block a Program in a Firewall in 6 Steps (Easy Tutorial)

Blocking a program in a firewall can vary in difficulty. Learn the steps of how to block programs in the most common firewalls.
www.enterprisestorageforum.com www.enterprisestorageforum.com

When you get to step where a program needs to be chosen specify full path to program you want to block, ex. iCUE path and executable.
You need to update this block rule every time the program in question is updated.
 

My Computer My Computer

At a glance

Windows 11 Pro 23H2Intel i3 8100 @3.6Ghz1 x 16GB DDR4 @2400 MHzNvidia GeForce GT 1030 2GB SDDR4
OS
Windows 11 Pro 23H2
Computer type
PC/Desktop
Manufacturer/Model
MSI / MS-7B29
CPU
Intel i3 8100 @3.6Ghz
Motherboard
H310M PRO-VDH (MS-7B29)
Memory
1 x 16GB DDR4 @2400 MHz
Graphics Card(s)
Nvidia GeForce GT 1030 2GB SDDR4
Sound Card
Realtek VEN_10EC&DEV_0887 / NVIDIA VEN_10DE&DEV_0081
Monitor(s) Displays
Acer V226HQL
Screen Resolution
1920 x 1080
Hard Drives
SSD 500 GB Crucial MX500 / HDD 1 TB TOSHIBA DT01ACA100
PSU
ATX, details unknown
Case
Everest 551B
Cooling
details unknown
Keyboard
Mechanical Gaming Hydra R7 - Rampage
Mouse
Logitech G703
Internet Speed
Down: 28Mbps / Up: 19Mbps
Browser
Microsoft Edge
Antivirus
Microsoft Defender Antivirus
Other Info
Bluetooth: TP Link 5.0 Nano USB adapter UB500
WLAN: D-Link 150 Pico USB adapter, N standard
Web camera: Logitech C270 HD 720p @30fps
Microphone: Trust MICO, model 23790
You must log in or register to reply here.

Similar threads

Windows 11 Firewall Issue
Replies
2
Views
3K
HoPC
H
Solved When did the Windows Firewall start blocking incoming pings?
Replies
6
Views
3K
Techie007
Techie007
  • Article Article
Microsoft: Configuring firewall and proxies for smooth Windows updates
Replies
1
Views
356
OAT
OAT
[Windows Firewall] "Your Internet access is blocked" :-/
Replies
11
Views
1K
Winfried
W
Windows Task Scheduler & Intune/Defender issues after recent updates
Replies
3
Views
2K
hader
hader

Latest Support Threads

Latest Tutorials

Back
Top Bottom