ProgCop is a straightforward application firewall for Windows
ProgCop is a free open source program for Microsoft Windows devices to block certain programs from accessing the Internet. The program uses an approach to allow all connections by default; the administrator needs to select processes manually to block access to the Internet.
Firewall applications such as Windows Firewall Control, SimpleWall, or TinyWall may be configured to block all outgoing connections by default. ProgCop is not needed if one of these applications is used on the system.
ProgCop's main advantage is its simplicity. Select any process you want to block in the application interface and click on block, to block it from establishing outgoing connections.
ProgCop can be run right away without installation. The application lists all processes with outbound connections in the interface; the listing is updated in realtime. Each process is listed with its name, local and remote address, ports, and states.
Right-click on any process and select the "add" option from the context menu to add it to the list of blocked processes. The program is blocked from establishing outbound connections from that moment on. You may use the context menu to open the location on the local system next to that.
Blocked processes are listed at the top. ProgCop lists the full application path, process name, and status there. Applications can be removed from the block list using toolbar icons, the menu bar, or with a right-click. While you may remove processes from the listing, you may also allow them right there. Just select the process that you want to allow and select the unblock option from the toolbar or the menu bar.
Programs that are not listed in the interface may also be added. Select Rules > Add Application and pick an executable file on the local system to block it from establishing outbound connections; useful to prevent connections for new programs that you have not started yet.
ProgCop uses the Windows Firewall API to control outbound connections of processes on the system. Administrators may block processes using Windows Firewall directly as well but the steps are more complicated.
The developer of the application, Niko Rosvall, notes that his application is designed to work with the built-in firewall of the Windows operating system.
Closing Words
ProgCop is a simple program to better manage program connections on Windows machines. Its usefulness is limited, especially since it does not feature an option to block all connections by default.
Still, if you are looking for an easy to use program to block certain programs from connecting to the Internet and don't want to use more advanced firewall applications for that or configure Windows Firewall, this is a program you may want to take for a test drive.
Now You: Which firewall application do you use, and why?
Been using comodo firewall (since forever) set on custom policy which alerts me whenever any app, service or process wants network access. I can make access permissions permanent or at each access request. Logs all connections, allowed or blocked. Allows me to create rules, I use a portable browser only to access router and create a LAN constrained rule. That portable browser is never exposed to the wild. This firewall keeps me informed and is proactive. I can shut down all access with 2 clicks. All networking is transparent and somewhat easier to manage for me using comodo firewall.
On-device firewalls are meant to control Application based traffic local to that host. Hardware or network firewalls are meant to protect the entire interior network from itself and the WAN (Internet). It’s not possible for a hardware firewall to block traffic from Spotify (or w/e) on a PC in the network while allowing traffic from Chrome to egress from that same host. An on-device firewall can however do exactly that, hence they have a very valid use case and can dramatically harden a computer’s own security when configured competently.
I personally use Simplewall on my Windows machines, it’s the only option that is able to afford granular enough control as to keep Win10 in check reliably. I use a pfSense SG-3100 Firewall to secure the whole network and route traffic for WAN access. I run the Snort IPS/IDS package on pfSense to monitor our only Wireless interface for that extra guarantee againts anything nasty coming in via Smartphone/TV/IoT devices.
@Anonymous: “On-device firewalls are meant to control Application based traffic local to that host.”
Absolutely true, and as I mentioned in my comment I use an on-device firewall for this exact reason.
However, I don’t trust them. If the firewall is on-device, then it can be more easily subverted. I wouldn’t trust an on-device firewall all by itself for that reason. You should always have a standalone firewall as well.
“Which firewall application do you use, and why?”
I don’t trust firewalls that run on the same machine that you want to protect, so I use an external, dedicated firewall instead (and run a VPN so that when I’m using a portable device out and about, I’m still funneling all of my traffic through my dedicated firewall).
On my rooted Android phone, I also use AFWall+ despite saying I don’t trust firewalls running on the same machine I want to protect. I do this because AFWall lets me easily set firewall rules on a per-app basis, and everything will get funneled through my dedicated firewall in the end anyway — so I still have some protection even if something subverts my on-device firewall.
By the way,
– ProgCop requires .Net Framework 4.7.2 when ‘Firewall App Blocker (FAB) doesn’t
– Progcrop creates Windows Firewall outbound rules only when FAB creates both in/outbound (user may set either/both).
Can it block Windows processes too?
Windows Firewall; it’s so simple to use.
My AV has one too but why muddy the waters?
I have tried accesing nrosvall (progcop) there landing page but there security is not up to scratch.
I ask this because personly I am always a bit worried when landing pages of security releated subjets, are working with outdated certificates?
Do you think its save to access https://www.nrosvall.name/progcop/
Not seeing anything that you’re talking about.
https://www.ssllabs.com/ssltest/analyze.html?d=nrosvall.name&hideResults=on
There is nothing wrong with the certificate or server settings. The problem is in your connection.
What’s the error message?
I’ve been using Sordum’s Firewall App Blocker for a few years now. It’s a simple portable frontend for Window’s Firewall, it works great for me.
And I just realized that sounded like I’m advertising it.
Not an issue — I’d just note that it’s free and ghacks has highlighted Sordum’s programs in the past.
Here on Windows 7 (x64) besides Windows’ native Firewall I have two utilities for blocking application connections :
1- Firewall App Blocker (FAB) from https://www.sordum.org/8125/firewall-app-blocker-fab-v1-6/
May include any .exe file.
2- Folder Firewall Blocker from https://www.softpedia.com/get/Security/Security-Related/Folder-Firewall-Blocker.shtml
May include any/all files within a given folder.
I use the first only at this time. ProgCop seems definitely far more complete. I’ll have a look at it.
Maybe is this article the opportunity to share what appears to me as an oddity :
If I do block several applications from connecting to the Web with the FAB tool mentioned above (which registers correctly my choices as Windows Firewall rules) I notice that some of those “blocked” applications nevertheless connect to the Web. Example :
EditPad Lite — I block all .exe files from this application and nevertheless notice that whenever I access this app there is a connection established with news.jgsoft.com
To circumvent this I’ve had to add news.jgsoft.com to my list of blocked sites (via HOSTS or as far as i’m concerned via the ‘Acrylic DNS Proxy’ blocklist.
How can an application specifically blocked with Windows Firewall still connect to the Web?!
@Tom
>”EditPad Lite connecting”…
It could be a dll connecting to the inet, not an exe. Or, it could be a file EditPad copied to another dir. Run procexp and add the network send/rcv cols and sort by them. That will give you the name of the image connecting.
>”How can an application specifically blocked with Windows Firewall still connect to the Web?!”
If it’s an MS app, MS Firewall has a built in whitelist that ignores all user wishes.
@Steve#99, should it be a dll connecting to the Web it wouldn’t be one in EditPad’s folder which has none.
Now that you mention it I’m running Nirsoft’s SimpleProgramDebugger and I’ve attached it to EditPadLite7.exe which is running of course. SimplePrgramDebugger shows that indeed EditPadLite7.exe loads several DLLs (62!) of which SYSTEM32\ntdll.dll
No idea, above my skills, but if I understand you correctly this would mean that a program could bypass a Windows Firefox rule given it loads specific system dlls ….
And this applies to a few other apps here, blocked with the Firewall and nevertheless connecting to the Web, for which I’ve had to block their url calls as I have with EditPadLite byrefusing connection to news.jgsoft.com.
I remain stunned.
I find FAB the most useful, as mentioned the only thing lacking is block all by default, it does however have a whitelist mode which blocks all Processes by default. If you goto File menu you will notice Block; Application, Folder contents and Process. You can also export your lists, a nice convenience. Not sure but editpad may install a process, I’m curious as to how its circumventing as well.
Glasswire… why ? I had a great price via Ghackx.net !
Ghacks.net … of course !
Hello Martin.
Love your site,imo best place for news and useful programs.
Especially for firefox users ;)
Thanks,next app for download.