Scenario. A popular Antivirus program installs a transparent HTTP proxy that is used by browsers and any other application making connections via HTTP. Communication between processes is via localhost: process - 127.0.0.1:any ---> Proxy - 127.0.0.1:12080 The problem is, this proxy opens a hole that allows any application using HTTP, to make outbound connections, even when the application has been explicitly denied. I have the firewall set to 'Outbound connections that do not match a rule are blocked' but with this proxy, applications don't even need a rule, they just connect. How can I better control these connections? Thanks.

So, is there anyway to control/block localhost connections on a per process basis?

Windows Firewall doesn't block the loopback communication. I dont see any other way to block the loopback traffic from Windows firewall. Even 2 local ips on the same hosts are treated as loopback and are not blocked.-CrDev Blogs: http://blogs.msdn.com/b/satyem

Windows Firewall doesn't block the loopback communication. I dont see any other way to block the loopback traffic from Windows firewall. Even 2 local ips on the same hosts are treated as loopback and are not blocked.-CrDev Blogs: http://blogs.msdn.com/b/satyem

That would appear to be a sever limitation and in this case a bit of a security hole.

why do you think the communication between two process on the same host not blocked by firewall is a security hole?-CrDev Blogs: http://blogs.msdn.com/b/satyem

why do you think the communication between two process on the same host not blocked by firewall is a security hole? -CrDev Blogs: http://blogs.msdn.com/b/satyem In this case, any application can make outbound connections over HTTP, even when they are explicitly blocked or even when they have no rule at all. If I'm unable to control which applications are allow to make connections, there's not much point to the firewall.

Hi, 127.0.0.1 is an IANA reserved loopback IP address, commonly known as localhost, or the local computer. It generally cannot be used by normal users. It is sometimes used by developers or administrators to do local tasks such as mass uploading of text or to test server software. For reference: http://en.wikipedia.org/wiki/LoopbackPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, 127.0.0.1 is an IANA reserved loopback IP address, commonly known as localhost, or the local computer. It generally cannot be used by normal users. It is sometimes used by developers or administrators to do local tasks such as mass uploading of text or to test server software. For reference: http://en.wikipedia.org/wiki/LoopbackPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, 127.0.0.1 is an IANA reserved loopback IP address, commonly known as localhost, or the local computer. It generally cannot be used by normal users. It is sometimes used by developers or administrators to do local tasks such as mass uploading of text or to test server software. For reference: http://en.wikipedia.org/wiki/Loopback Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks for the reply, unfortunately it doesn't provide anything useful by way of an answer.