Why are there many "Allow" rules at first time WinFirewall usage? How to reset to initial rule set?

Discussion in 'Windows Security' started by pstein, Oct 14, 2016.

  1. pstein

    pstein Honorable Member

    Joined:
    Mar 20, 2010
    Messages:
    347
    Likes Received:
    0
    After having used for some years another firewall I considered now to switch to MS built in Windows Firewall (in Win 7 Pro).

    So I deinstalled the old FW and enabled the MS WF.

    When I go now to wf.msc e.g into "Inbound rules" section then there are much to my surprise many "Allow" rules for external, non-microsoft prgms which I never entered. They must be added (in the past) somehow automatically.

    How can this be?

    How can I reset the rule set to the initial state just as if I would have installed Win 7 just a few minutes ago?

    Moreover I searched for a 3rd party program which is currently not listed in the WinFW ruleset e.g. a shareware or other program ABC. Ok, now I started this program and did some actions which triggered an Internet connection from this program.
    Unfortunately It worked.

    I expected a WinFW popup informing me that prorgam ABC wants to connect outside....but nothing happened.
    The program was able to do this WITHOUT prompt.

    Yes, I enabled "notifications when prgms blocked"

    So what?

    Why is WinFW not doing its job?

    Peter
     
    #1 pstein, Oct 14, 2016
    Last edited: Oct 14, 2016
  2. Neemobeer

    Neemobeer Windows Forum Team
    Staff Member

    Joined:
    Jul 4, 2015
    Messages:
    2,382
    Likes Received:
    360
    The Windows firewall is doing it's job. The firewall will follow the rules it has, it does not enforce rules additions or deletions. UAC does that. The issue is that it's pretty easy for a program to automatically add a rule either by adding a registry entry or through API calls. Firewall rules are stored in the following locations

    HKLM\Software\Policies\Microsoft\WindowsFirewall
    and
    HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

    Rules can be added by adding a registry entry, through netsh, powershell on newer Windows versions 8.1+ or through API calls
     

Share This Page

Loading...