Block all outbound traffic in Windows Firewall
Windows Firewall is the default software firewall of the Windows operating system. It is enabled automatically after installation unless another firewall has been installed already and taken over.
The firewall is configured for convenience and not maximum protection by default. Microsoft configured the firewall to block all incoming connections and allow all outgoing connections except for those for which rules exist by default.
Any program for which no outbound rule exists may send data from the local computer to hosts on the Internet.
Programs with phone home functionality, regardless of whether it is designed to check for updates or other purposes, is allowed to do so by default.
Windows users may also want to be aware of what is happening in the background on their system in regards to outbound connections, as it may reveal useful information about programs and their behavior.
Blocking outbound traffic in Windows Firewall
To open the Windows Firewall configuration applet, do the following:
- Tap on the Windows-key on your keyboard.
- Type Windows Firewall with Advanced Security. Note: you may not need to type the full name for the result to show up.
- Select the entry from the results.
If that does not work, use the following method instead:
- Use the keyboard shortcut Windows-Pause to open the classic Control Panel.
- Select All Control Panel Items when the new window opens.
- Select Windows Firewall on the next page.
- Select Advanced Settings located on the left sidebar to open the advanced firewall configuration window.
Windows Firewall Configuration
Note: While it makes sense to block outbound connections by default and create rules for processes that you want them to make, blocking outbound connections may have the effect that programs or program functionality may not work properly anymore.
Windows Firewall in addition does not notify you when processes try to establish outbound connections. This means that you will have to check logs to find out about it, or use third-party software like Windows Firewall Control for that.
Getting Started
Windows Firewall may use different rules for the three profiles it supports:
- Domain Profile for domain joined computers.
- Private Profile for connections to private networks.
- Public Profile for connections to public networks.
All three profiles share the same configuration by default that blocks inbound connections and allows outbound connections for which rules do not exist.
Select Windows Firewall Properties on the window to change the default behavior.
Switch the outbound connections setting from Allow (default) to Block on all profile tabs. Additionally, click on the customize button on each tab next to Logging, and enable logging for successful connections.
The changes block all outbound connections of processes unless a rule exist that allows the process to make outbound connections.
Once you are done, you may want to check out the existing outbound rules to make sure only programs that you want outbound connections to establish are listed there.
This is done with a click on Outbound Rules on the left sidebar of the Windows Firewall with Advanced Security window.
There you find listed rules that ship with the Windows operating system but also rules that programs have added during installation or use.
Rules may be very broad (allow outbound connections to any remote address), very specific (only allow outbound connections to a specific address using a specific protocol and port), or something in between.
You can create new outbound rules with a click on the "new rule" link under actions. This may be necessary once you notice that programs stop working correctly.
You will find all programs with update functionality in the blocked outbound connections log as they cannot contact remote servers anymore to check for updates.
You may also notice that file uploads to the Internet won't work anymore unless you allow programs like web browsers to make outbound connections, and that web browsers may not load sites anymore.
Core Windows services and tools will function properly as outbound rules ship with the operating system by default. Still, some Windows features or tools may not work properly as well after you start to block all outgoing connections.
That's where a program like Windows Firewall Control comes into play. The program supports several options to add rules to allow programs to make outbound connections, but only one is available to free users
Click on the "select program window" button and then on the window of the program that you want to allow to make outbound connections.
The registered version, available for a one-time payment of $10, adds notifications to the app which display prompts that make this process a lot easier.
Closing Words
It is certainly inconvenient to block outbound connections by default, and that is likely the main reason why Microsoft set outbound connections to allow by default.
While it takes time to configure the firewall properly, doing so gives you better control over your system and the programs running on it.
tiny wall would be AWESOME if it didn’t muck with the WF rules
all programs pretty much write WF rules and with tiny wall it’s impossible to use such programs
There is very easy solution (One click) , just use a Portable freeware “Firewall App Blocker (Fab) v1.5” and tick the white list mode here is the link
http://www.sordum.org/8125/firewall-app-blocker-fab-v1-5/
I’m sure, as with every other debate that I’ve come across, there are probably as meny answers or solutions as there are people involved in said debate. I don’t find pop-up warnings from my Firewall anymore annoying than a text message on my phone: if I want to respond then and there I do, if not it can wait until I want to respond. I like that the Firewall that I use (http://privacyware.com/personal_firewall.html) lets me know what’s going on without having to remember to review a log. The most important thing is that it works the way that you’re happy with and that it does it’s job. One way to test your FW is by using Steve Gibson’s LeakTest (https://www.grc.com/lt/leaktest.htm). I’m sure that regular reader of ghacks.net will already have some suggestions about testing, but I’ve not seen anything in this thread, hence my inclusion, which is aimed at anyone that finds it of use, but more to inexperienced users looking for good and reliable links (humm. maybe this will spark a new debate about SG, who knows…).
I’m new to ghacks, but it’s just occurred to me, links… I like to include links, as I’ve done here. Good or Bad? I notice that other peeps don’t post links. What’s the etiquette please?
Excellent site btw :}
Welcome to Ghacks. Links are fine if they add to the article or discussion.
Blocking outbound connections makes it really hard to, for example, play an online game… I use, instead of the program above, I use Windows Firewall Notifier. it sets the Windows firewall automatically to block outbound connections and also can be programmed to show a notiication about some program that is trying to access the internet, as well as it shows options to allow, deny or skip that file trying to access the internet. It’s a program that’s just install and forget, in this case, it’s a portable, no installable version available.
Windows 7 Firewall Control by Sphinx Software which is now Windows 10 Firewall Control.
This in my opinion is the BEST Third Party Firewall available on the market.
Ability to Block All unwanted Outgoing and Incoming Traffic and will also Notify the user when a Program attempts to connect they the firewall with options to Allow or Block!
It’s not free but it does way more than any other Third Firewall that I have tried!
Been using for more than Four years and the investment has more than paid for itself!
Glasswire is good. You can see at a glance what is making a connection and block it on fire icon if you want, or unblock it if you change your mind. It also tells you how much data you have used by day, week or month. On Linux, download gfuw, graphical frontend for ufw (universal firewall). In the first instance, go to preferences, and set it to easy configuration developer has set up. Gives time to learn more advanced features. On install of Linux, check that firewall is enabled. (Glasswire doesn’t work on Vista).
It wasn’t ideal, but I looked at the Windows Firewall logs via an admin command prompt. But the logs don’t seem to indicate which application made each connection (or was denied the connection). Without that information, the logs are much less useful.
Is there a way to see what application is actually making (or trying to make) each connection?
Go the the same menu as Martin described, then choose “public profile” and there is an icon of a note pad named “logging” beside it click on “customize” then a new tab will appear, activate then both dropped traffic log also successful traffic.
You can load the log file directly from the monitoring component of Windows Firewall. The information don’t include the process that tried to make the connection
Thanks Martin.
Without including the process that made (or tried to make) the connection, the logs have limited meaning. You know *something* made (or tried to make) a connection, but you don’t know what.
Nice article, Martin. I’m glad you covered WFC, it is a good front-end to the built-in Windows firewall . I’ve been a user of WFC for well over a year and am very happy with the program – it works, is unobtrusive and consumes little resources. The developer, Alexandru is very very responsive to his users and happily implements suggestions made by his clients and users if they make sense and improve the program. WFC is frequently updated and revised; any bugs are very promptly stamped out! You can voice your opinions, suggestions and bug reports on a moderated, public forum frequented by good people – I’ve never read any flame wars or condescending remarks there.
And as Chef-Koch said, “what’s wrong with people these days?” The $10.00 lifetime contribution is ridiculously cheap for the quality of the software and the service you get.
I turned on the logs. By default, it puts the logs in %systemroot%\system32\LogFiles\Firewall\pfirewall.log
When I try to access %systemroot%\system32\LogFiles\Firewall\, Windows gives a dialog box saying that I don’t have access to that folder, but if I want permanent access to it? What are the consequences of hitting “Yes”?
If you do give permanent access to the folder, the log files are still not readable. How do you make them readable?
It’s quite easy, you can copy paste the same to some other folder in some other drive and read it.
Also you can open the notepad as admin and open the file using open file.
TinyWall is a free, lightweight and non-intrusive firewall: tinywall.pados.hu
You get an lifetime license and this is more to keep up the fantastic developer work. Just because you possible need to pay (for advance features) not makes the product bad.
I think much hours are spent to develop and improve it, it’s definitely worth to give him a coffee .. I mean 10 dollars for an product which you use daily. Come on. What’s wrong with people these days …
They would rather buy a Frappucino and a Krispy Kream donut with the $10.
The moaners like Sebby, who do not want to pay for protection enhancing software, deserve to be infested with viruses, trojans, zero days, etc.
I bet they do not stint on buying the latest game consoles and software so that they can play Grand Theft Auto or some other mind numbing game.
Well, I’m afraid your odds aren’t looking up. I use OS X, primarily, but this among other reasons is why Windows is such a bitter pill to swallow: “The market” is the only remedy for the completely lacklustre security of the Windows OS. You need to replace half of it, just so you can use your computer safely. I’m incredulous that so many people can accept such mediocrity without question.
So I stand by my assertion that paying to use an existing subsystem is not good value. Maybe it’s a good app, and I have nothing whatsoever against people making money from hard work (I pay for apps I use on Mac OS all the time), but it shouldn’t be chargeable. If it’d included its own filtering code, I’d say it would, but this looks like a front-end that MS should have provided.
Thanks for the TinyWall recommendation. I’ll be looking into that one.
No.
*Pay*, for control of an existing Windows subsystem?
Never! There must be another way.
WFC is well worth the 10 bucks or so the developer asks. Great app.
TinyWall is best, and completely free.
WFC is better :p