Firewall problem with Windows Firewall

Hi,

I use my Windows Firewall in this way: I configured it to block all INBOUND/OUTBOUND traffic. After that I added my own exception rules using Windows Firewall Advanced Settings interface. The problem is that last week I realized 2 other rules that I had not added to my exception list were presented in the Windows Firewall rules. I removed that rules and scaned my computer with antivirus and it found and removed a virus.

I am very sure that virus added that exception rule. I know there is a Windows Firewall app that allows apps to add exceptions but it's unveliveable how easy it was to a virus add this exception. It is possible to disable Windows Firewall changes, allowing it only to be done manually? Is it possible to disable Windows Firewall API to prevent apps to add exceptions to Windows Firewall?

January 13th, 2015 6:48pm


Hello dado000,

Do you mean that you want to block the Windows API to prevent apps to add exceptions to Windows Firewall?

It is by design, and we cant block it.

Windows Firewall with Advanced Security helps to protect computers from unsolicited network traffic. The Windows Firewall with Advanced Security APIs make it possible to programmatically manage the features of Windows Firewall with Advanced Security by allowing applications to create, enable, and disable firewall exceptions.

The Windows Firewall with Advanced Security API is intended for situations in which a software application or setup program must operate with adjustments to the configuration of the networking environment in which it runs. For example, a service that needs to receive unsolicited traffic can use this API to create exceptions that allow the unsolicited traffic.

If we disable the API, other applications or programs will not be able to create the exception rule, and then they cant run normally.


Best regards,
Fangzhou CHEN

Free Windows Admin Tool Kit Click here and download it now
January 14th, 2015 11:12am

Thank you Fangzhou  and I agree with you in everything you said. But there is a HUGE flaw on it: if Windows Firewall allows apps to add firewall exceptions without prompting the user it is a BIG problem. Let's suppose I have a virus in my pc because I dont have a good antivirus. It's already really bad but look "Hey, I have a firewall at least it will not allow this virus to leak my password and data".  BUT for some reason Microsoft allows viruses to add Firewall rules and exceptions. So what the f is Windows Firewall doing? Giving me a false sensation of security (which is everything Micro$oft has been doing for years)?

Correct me if I am wrong, but WHAT is the reason of a firewall that allows apps to add exceptions??? Kaspersky Firewall and Comodo Firewall have a protection system that dont allow ANY app to add exception without user allowing directly.

Thank you for helping me.

January 15th, 2015 5:19am

Is there any support person here? I paid for this shit of windows and the f** firewall is more a threat than anything else.
Free Windows Admin Tool Kit Click here and download it now
January 19th, 2015 3:20am

Use group policy. I believe there are settings in there that can do what you're after

January 19th, 2015 4:05am

Thanks Chris. I tried group policy but I dont see any group policy to configure firewall. Do you it?
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2015 2:53am

Hello dado000,

I apologize for the delay.

To defend the virus, it is recommended to use Windows Defender for other Antivirus software.

The Windows firewall is designed to use the firewall rule to limit he computer to send traffic to, or receive traffic from, programs, system services, computers, or users.

We could keep the computer up to date, run antivirus software scan like Microsoft Security Essentials.
For more information about how to make your network more secure, please take a look at the following article.
http://windows.microsoft.com/en-hk/windows/making-network-more-secure#1TC=windows-7

Thanks for your understanding.

Best regards,
Fangzhou CHEN

January 22nd, 2015 10:44am

See

'Windows Firewall: Allow local program exceptions" in Computer Config/Admin templates/Network/Network connections/<Choose your profile>

Read the description on that, might do what you're after

Free Windows Admin Tool Kit Click here and download it now
February 1st, 2015 7:56pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics