Why are there many "Allow" rules at first time WinFirewall usage? How to reset to initial rule set?

Discussion in 'Windows Security' started by pstein, Oct 14, 2016.

  1. pstein

    pstein Honorable Member

    Mar 20, 2010
    Likes Received:
    After having used for some years another firewall I considered now to switch to MS built in Windows Firewall (in Win 7 Pro).

    So I deinstalled the old FW and enabled the MS WF.

    When I go now to wf.msc e.g into "Inbound rules" section then there are much to my surprise many "Allow" rules for external, non-microsoft prgms which I never entered. They must be added (in the past) somehow automatically.

    How can this be?

    How can I reset the rule set to the initial state just as if I would have installed Win 7 just a few minutes ago?

    Moreover I searched for a 3rd party program which is currently not listed in the WinFW ruleset e.g. a shareware or other program ABC. Ok, now I started this program and did some actions which triggered an Internet connection from this program.
    Unfortunately It worked.

    I expected a WinFW popup informing me that prorgam ABC wants to connect outside....but nothing happened.
    The program was able to do this WITHOUT prompt.

    Yes, I enabled "notifications when prgms blocked"

    So what?

    Why is WinFW not doing its job?

    #1 pstein, Oct 14, 2016
    Last edited: Oct 14, 2016
  2. Neemobeer

    Neemobeer Honorable Member

    Jul 4, 2015
    Likes Received:
    The Windows firewall is doing it's job. The firewall will follow the rules it has, it does not enforce rules additions or deletions. UAC does that. The issue is that it's pretty easy for a program to automatically add a rule either by adding a registry entry or through API calls. Firewall rules are stored in the following locations


    Rules can be added by adding a registry entry, through netsh, powershell on newer Windows versions 8.1+ or through API calls

Share This Page