Windows Firewall Blocked Predefined Rules Show as Exceptions

Masao

New Member
Hello. Can anyone inform me on how windows firewall handles predefined firewall rules. I created all the predefined rules and set them to block in the inbound and outbound rule set. However they show up as enabled exceptions in the allowed programs to communicate through windows firewall. I have a local security policy to disable exceptions. However when I set it to enable and deselect the programs allowed to communicate through windows firewall, the rules are disabled in the inbound and outbound rule set.

Inbound Predefined Rules.png allowed Programs.png
 

Neemobeer

Cloud Security Engineer
Staff member
If you create a rule to block, lets say AllJoyn Router, and also have AllJoyn Router allowed as an application it will be blocked. Blocking rules take priority over allow rules.

Also each entry of the Application list simply corresponds to an inbound or outbound rule. By unchecking an application it simply disables the rule.
 

Masao

New Member
Thanks for the response. My firewall is set to block all connections for inbound and block for outbound. So the block rules are redundant, unless it would also block solicited inbound traffic; which would be a positive in testing my security. The entries in the application list appear to only be for the predefined rules, none of my custom rules appear; and disabling a predefined rule in the list will disable the block rule for both inbound and outbound. I seem to be missing something for a block rule to be labeled as an exception.
 

Masao

New Member
Thanks. I scoured the information, but didn't find anything covering how the interface handles exceptions.

If you have the time, could you confirm that if you set a predefined block rule in your inbound firewall rule set that it shows up in your exception list; and if its enabled or disenabled?
 

Neemobeer

Cloud Security Engineer
Staff member
By exception list are you referring to the app and feature list? This only pertains to inbound rules that get created when you add an application to the list.

The real exception lists are within each rule, you can create an exception based on local principles, remote users or computers
 

Masao

New Member
Thanks for that clarification. I had to go back and check my settings. Looks like you can't set any rule exceptions unless its "Allow only secure connections".

I'm referring to the app and feature list. It just doesn't make any sense to me that a rule set to block would show up as enabled on the allowed programs and features list.
 
Last edited:

Neemobeer

Cloud Security Engineer
Staff member
The Allow apps and features is meant to be a quicker way to allow traffic in for a specific application. It does always create the rules as Allow but there is nothing from preventing you from changing it to a block rule
 

BIGBEARJEDI

Fantastic Member
Premium Supporter
You could also use your Router admin utility to block inbound or outbound traffic by type, such as TCP or UDP packets. Setting up rules this way or by using a good software firewall such as provided with most Internet Security software suites such as Norton, McAfee, or Avast though most of those are app-centered rules. Businesses typically use router-based packet-filtering instead of relying on app-based packet filtering which is unexact. Additionally, they will install Packet-Filtering appliances costing thousands of dollars such as Cisco-PIX or RADIUS boxes on the TDC of their Intranet or Extranet (especially if they are running Web-hosting servers) to manage the high volumes of traffic and ensuing packet traffic going in/out of their network. Packet-filtering then is a much finer tool, like a surgeon using a fiber-optic camera to repair arteries in the heart or brain as opposed to a hacksaw. Over-exaggerating a bit, but you get the point. You are attempting to do your packet-filtering with a hacksaw instead of a micro-tool/camera.:headache: I suggest you look at the packet-filtering capabilities of your router (download your owner's manual). If you are not using a router, but have your computer directly connected to your ISP-provided Cable Modem or DSL Modem; most of the ISPs don't let you have access to their boxes, since they are premises leased equipment which you don't own, and they are responsible for. If this is your situation, I might suggest you purchase a quality router (Cisco/Linksys or Netgear) and use the built-in packet-filtering capabilities to filter your packet traffic the way you want it, not the way Microsoft wants you to do it using their app-based filtering.:up:

Expect this to take some time, as this type of packet-filtering at the router (or security appliance) requires expert networking skills which are not acquired overnight. It takes years to understand how all of this works, but if you're willing to delve into it you can achieve a much more precise control of what comes into your computer and what goes out of it (upload). If this isn't your cup of tea, there are softwares that can help you to do this, and personally these app-bases rules you are using doesn't keep out many modern viruses/malware as the hackers have studied this information and know how to bypass it rather easily. (there are viruses now which can switch off your app-bases rules, and worse yet completely remove your AV from your computer!:eek: ). You would be better served to look at other protection techniques so as replacing your Hosts file with an alias file. Don't know if that's your primary reason for using traffic rules or not, but that's what most users use them for.

My 2 cents.

Best of luck,:encouragement:
<<<BIGBEARJEDI>>>
 

Masao

New Member
Thanks for that. I do use a Linksys router and it has an spi firewall. Though it has limited internet filtering: anonymous internet requests, multicast, internet nat redirection, and ident port 113. I don't have any IPV6 enabled on my computer for added tunnel security.
 
Last edited:
Top