How to block all programs in a given location using Windows Firewall?

TheMystic

Well-known member
Member
Local time
7:24 AM
Posts
215
By default, I would like to block internet access to apps and programs I install, and only allow selective access if a program needs it for core functionality.

While this is to some extent possible, I see that some programs easily make a hole in the firewall and give themselves internet access without consent. They do so by running a background service. The user may not be able to disable/ uninstall the service component alone and yet keep the app functional.

I found a batch file on the internet that will automatically create firewall rules for every executable file (.exe, .DLL, etc.) in a specified location. The problem with this method is the number of rules that get created for each program. If I remember correctly, it creates about 300 entries in Windows Firewall for the VLC video player alone.

This is not a good way about setting up the firewall because it has a direct impact on performance. For every internet connection request, the firewall now has to go through hundreds or thousands of entries before allowing/ denying the request. This will definitely slow down the system as more and more apps are installed.

In this respect, here are some questions:

1. After a clean Windows installation, I would like to block all (future/ prospective) inbound AND outbound connections by default, whilst allowing (whitelisting) the existing connections. This way, no new program I install will be able to connect to internet without me explicitly creating a rule for it in Windows Firewall.

How to accomplish this?

2. How do I block any program from making any changes to Windows Firewall?

3. How do I block all connections from a particular location (path on the internal drive). For example, I may create a folder in the C drive in which I will install new programs. None of the programs installed in this folder should be able to connect to the internet. A single firewall rule should be sufficient if we can block programs based on their installed path. This will also be very efficient as Windows Firewall need to only do one check (location of the program trying to connect to internet).

How to accomplish this?

4. How to control Microsoft Store apps using Windows Firewall?

Thanks.
 
Windows Build/Version
Windows 11 21H2 Build 22000.282

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    250 GB Samsung Evo 860 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender

rezpower

Member
Local time
2:54 AM
Posts
26
Simply go here Windows Firewall Control and get the windows firewall control app (this was bought by malwarebytes).
You can set it to ask you for each program that wants to access the net and you can choose to allow or block it.
You can make personal rules (block a folder or a file) and all this is simply done by making rules in the windows own firewall.
You simply control windows firewall in an easy way :)

High Filtering - All outbound and inbound connections are blocked. This profile blocks all attempts to connect to and from your computer.
Medium Filtering - Outbound connections that do not match a rule are blocked. Only the programs that you allow can initiate outbound connections.
Low Filtering - Outbound connections that do not match a rule are allowed. The user can block the programs he doesn't want to allow initiating outbound connections.
No Filtering - Windows Firewall is turned off. Avoid using this setting unless you have another firewall running on your computer.

Windows Firewall Control doesn't do any packet filtering and does not block or allow any connection.
This is done by Windows Firewall itself based on the existing firewall rules.


Program Features​


√ Notifications of outbound blocked connections.
√ Learning mode that automatically allows digitally signed programs.
√ Create temporary rules which are automatically deleted when they expire or on program restart.
√ Intuitive user interface which is easy accessible through a system tray icon.
√ Full support with standard user accounts. Elevated privileges are required only at installation.
√ Disable the ability of other programs to tamper Windows Firewall rules and state.
√ Integrated support of creating, modifying and deleting Window Firewall rules.
√ Multiple and easier ways of creating new rules in Windows Firewall.
√ Lock feature which can disable the access to the settings of the program and Windows Firewall.
√ Shell integration into the right click context menu of the executable files.
√ Automatically display invalid rules for programs that do not exist any more.
√ Possibility to find and display duplicate firewall rules.
√ Merge multiple similar rules or duplicate existing ones.
√ View recently allowed and blocked connections and create new rules from the Security log.
√ Import and export of partial sets of rules.
√ Protection to unauthorized uninstallation.
√ Possibility to restore previous settings at uninstallation.
√ Global hot keys are supported and various shortcut keys are available.
√ Integrated multi language support in 29 languages.
√ And many, many more. Just try it out.
 

My Computer

System One

  • Operating System
    Windows 11 PRO
    Computer type
    Laptop
    Manufacturer/Model
    Hp Elitebook 8770w
    CPU
    Intel Core i7-3630QM 2.40GHz
    Memory
    8.00GB
    Graphics Card(s)
    NVIDIA Quadro K3000M
    Hard Drives
    Samsung SSD 840 EVO 500GB
    Browser
    Firefox
    Antivirus
    Bitdefender + Malwarebytes

Ghot

Well-known member
Power User
VIP
Local time
8:54 PM
Posts
1,597
Location
PA, USA
@TheMystic


I use Bitdefender Interenet Security
It's firewall can be set to block everything. Then it's a simple matter of only allowing things you want... through the firewall.

The "block everything" rule is what you need to find in any firewall. Then you just make exceptions as needed.



In the case of Bitdefender, there's a section in the firewall, that lists (with file path), anything that "wants" to get through the firewall.
If I want to allow it, I can just Add an exception for that program or file or service, etc, in the firewall.



Zonealarm (free) used to do this as well. I don't know if it still does, these days.


I believe the free firewall: Tinywall does this as well, But I've not tried it myself.

 

My Computers

System One System Two

  • Operating System
    Win 10 Home 10.0.22000.348 (x64)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    (onboard) Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    LG GH22LS30 CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    COOLER MASTER ATCS 840 Full Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    100/100
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security 2020
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot®
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    100/100
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

    http://www.xtremesystems.org/forums/showthread.php?183088-5000-B-E-on-M2N32-SLI-Dlx-Overclocked&p=2891724#post2891724

rezpower

Member
Local time
2:54 AM
Posts
26
@TheMystic


I use Bitdefender Interenet Security
It's firewall can be set to block everything. Then it's a simple matter of only allowing things you want... through the firewall.

The "block everything" rule is what you need to find in any firewall. Then you just make exceptions as needed.



In the case of Bitdefender, there's a section in the firewall, that lists (with file path), anything that "wants" to get through the firewall.
If I want to allow it, I can just Add an exception for that program or file or service, etc, in the firewall.



Zonealarm (free) used to do this as well. I don't know if it still does, these days.


I believe the free firewall: Tinywall does this as well, But I've not tried it myself.



These are all good but heavy antivirus programs. I used bitdefender for years and the reason I changed was the known bug the firewall rules would reset or have double rules (rules allow all added to the block rule).
The malwarebytes firewall control is a light program giving you full control of your windows powerful firewall. (seriously try it out) :)
And Its FREE :)
 

My Computer

System One

  • Operating System
    Windows 11 PRO
    Computer type
    Laptop
    Manufacturer/Model
    Hp Elitebook 8770w
    CPU
    Intel Core i7-3630QM 2.40GHz
    Memory
    8.00GB
    Graphics Card(s)
    NVIDIA Quadro K3000M
    Hard Drives
    Samsung SSD 840 EVO 500GB
    Browser
    Firefox
    Antivirus
    Bitdefender + Malwarebytes

TheMystic

Well-known member
Member
Thread Starter
Local time
7:24 AM
Posts
215
@TheMystic


I use Bitdefender Interenet Security
It's firewall can be set to block everything. Then it's a simple matter of only allowing things you want... through the firewall.

The "block everything" rule is what you need to find in any firewall. Then you just make exceptions as needed.



In the case of Bitdefender, there's a section in the firewall, that lists (with file path), anything that "wants" to get through the firewall.
If I want to allow it, I can just Add an exception for that program or file or service, etc, in the firewall.



Zonealarm (free) used to do this as well. I don't know if it still does, these days.


I believe the free firewall: Tinywall does this as well, But I've not tried it myself.


These are all good but heavy antivirus programs. I used bitdefender for years and the reason I changed was the known bug the firewall rules would reset or have double rules (rules allow all added to the block rule).
The malwarebytes firewall control is a light program giving you full control of your windows powerful firewall. (seriously try it out) :)
And Its FREE :)
I stopped using 3rd party security solutions for about 3 years now. I was using Kaspersky, Norton and BitDefender for long before I stopped using any altogether. At the time, I had over 2 years of license left, yet I decided to let go of it.

Not that they slowed down my system, but I thought they were unnecessary for how I use my system. Since Windows Defender comes pre-installed, I thought that was enough for my use.

More than antivirus feature, firewall is more important for my use. I am still trying to avoid 3rd party solutions. That's because I prefer a very lightweight system.

For now, I have blocked internet connection by default for all apps, except those that need them for core functionality. Yet, a couple of apps that I have blocked automatically whitelist themselves when I use them. So I disable WiFi when I use those apps, and once my work is done, I disable the apps and related services, before turning the WiFi back on.

This is not a great solution, but it is manageable given my usage. So thought if there is something that can be done to achieve this requirement, keeping everything as close to stock as possible.
 

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    250 GB Samsung Evo 860 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender

CaptCrypts

New member
Local time
5:54 PM
Posts
5
By default, I would like to block internet access to apps and programs I install, and only allow selective access if a program needs it for core functionality.

While this is to some extent possible, I see that some programs easily make a hole in the firewall and give themselves internet access without consent. They do so by running a background service. The user may not be able to disable/ uninstall the service component alone and yet keep the app functional.
I found a batch file on the internet that will automatically create firewall rules for every executable file (.exe, .DLL, etc.) in a specified location. The problem with this method is the number of rules that get created for each program. If I remember correctly, it creates about 300 entries in Windows Firewall for the VLC video player alone.

This is not a good way about setting up the firewall because it has a direct impact on performance. For every internet connection request, the firewall now has to go through hundreds or thousands of entries before allowing/ denying the request. This will definitely slow down the system as more and more apps are installed.

In this respect, here are some questions:

1. After a clean Windows installation, I would like to block all (future/ prospective) inbound AND outbound connections by default, whilst allowing (whitelisting) the existing connections. This way, no new program I install will be able to connect to internet without me explicitly creating a rule for it in Windows Firewall.

How to accomplish this?

2. How do I block any program from making any changes to Windows Firewall?

3. How do I block all connections from a particular location (path on the internal drive). For example, I may create a folder in the C drive in which I will install new programs. None of the programs installed in this folder should be able to connect to the internet. A single firewall rule should be sufficient if we can block programs based on their installed path. This will also be very efficient as Windows Firewall need to only do one check (location of the program trying to connect to internet).

How to accomplish this?

4. How to control Microsoft Store apps using Windows Firewall?

Thanks.

Hi, I think you may find this useful...

tweaking_com_(right_click)_allowblock_or_remove_windows_firewall
 

My Computer

System One

  • Operating System
    11

Ghot

Well-known member
Power User
VIP
Local time
8:54 PM
Posts
1,597
Location
PA, USA
Yet, a couple of apps that I have blocked automatically whitelist themselves when I use them.


This is exactly why I switched to a 3rd party firewall.
 

My Computers

System One System Two

  • Operating System
    Win 10 Home 10.0.22000.348 (x64)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    (onboard) Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    LG GH22LS30 CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    COOLER MASTER ATCS 840 Full Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    100/100
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security 2020
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot®
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    100/100
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

    http://www.xtremesystems.org/forums/showthread.php?183088-5000-B-E-on-M2N32-SLI-Dlx-Overclocked&p=2891724#post2891724

TheMystic

Well-known member
Member
Thread Starter
Local time
7:24 AM
Posts
215
The last two para, especially the last one makes it impractical. It has the exact same problem quoted in the OP: number of firewall rules! The batch file does this exact thing and does it automatically. This is a manual affair, making it even more impractical.

All this assuming I understood the program details mentioned on the website properly.
 

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    250 GB Samsung Evo 860 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender

TheMystic

Well-known member
Member
Thread Starter
Local time
7:24 AM
Posts
215

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    250 GB Samsung Evo 860 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender
Top Bottom