Windows 7 Firewall Outbound Protection
This post will answer the following four questions(all related to each other):
- What Is Firewall Outbound Protection?
- How To Enable Firewall Outbound Protection?
- Why Enable Firewall Outbound Protection?
- How To Create Rules For Applications To Access Internet?
What Is Firewall Outbound Protection?
Firewall Outbound Protection is a feature of Windows 7 firewall that allows filtering of outbound connections. But this feature is half baked because once this feature is enabled, it will block all outgoing connections. The only way to allow application access to outbound connection is to create rules for them, more about this later. Lets see how we can enable this feature first.
How To Enable Firewall Outbound Protection?
Click the Start orb, type Firewall in Start Search, and select Windows Firewall with Advanced Security. Another quick way is to type wf.msc and hit Enter.
Now from the Windows Firewall with Advanced Security window, navigate to Actions > Properties. A properties dialog will open from where you can block the Outbound Connection.
Note for novice users: Do not change the Inbound connection, it is disabled by default so that you can manually select which apps can connect to the internet. I repeat again, do NOT touch the Inbound connections settings or your system will be vulnerable to external threats.
Now once Outbound connection is disabled, hit OK and close the Windows Firewall with Advanced Settings Window.
Why Enable Firewall Outbound Protection?
The answer is relatively simple, to prevent malwares and viruses from sending confidential information. When backdoor worms attack your computer, they steal the information and then connect to an external server(hacker’s server) to send the data.
Enabling Firewall Outbound Connection will prevent any outbound connection except for the applications you define. Thus, keeping your system more secure.
How To Create Rules For Applications To Access Internet?
Windows Firewall is great, but as I mentioned before it is also half-baked and this can be quite frustrating. Every 3rd party firewall tools will prompt you when a program tries to establish an outgoing connection. You could then easily accept or reject this outbound connection, sadly Windows Firewall has no such notifications. A huge bummer, if you ask me.
In Windows Firewall you have to manually create rules for every applications one by one, otherwise the outbound connection will be blocked for all programs. Sounds like a tiresome job, right?
Lucky for you, we have found an awesome tool that can in fact show you notification for all incoming and outgoing connections. It can also help in managing all settings for installed applications. In short, it means you don’t need to create tiresome rules manually.
No, it is not another firewall tool, but is a simple security app that works in conjunction with Windows Firewall. The app in question is Windows 7 Firewall Control.
Every change made in this app will also be made in Windows Firewall. In other words, you could say that it synchronizes everything, including port forwarding.
The great thing about this app is that it fully supports Windows 7 taskbar integration and allows users to add programs in specific zones. There are both free and pro versions of this app, but the free version is enough for most users since it includes every functionality that we need here.
Download Windows 7 Firewall Control
A portable version is also available. There are two installers given, one for 32-bit OS and other for 64-bit. Apart from Windows 7, it can also work on Vista. Enjoy!
It depends, DaveUK. Let’s assume there is a script kiddie or a less experiencied hacker using some framework in order to attack computers, exploiting vulnerable services and running a reverse-tcp payload. Well, Firewall outbound is really useful there unless it’s a complex payload. Nevertheless I don’t think it’s the case most of time. Yet, typical payloads, the most common, are going to use its small size in order to estabilish a reverse connection only.
In the end, many measures cannot be useful to foil experienced hackers, but few measures can have strong effects on foiling script kiddies.
The only instance where Dave is right is if the virus has that functionality built in. Meaning you are making more work for the attacker.
Just because it has little effect doesn’t mean it is worthless.
Just my 2 cents.
This will help 😉 https://www.addictivetips.com/windows-tips/organ…
Thanks for your insightful opinion Dave. I do tend to agree with you here.
What is that google icon on the taskbar ?
This is an interesting article, thank you. One thing though…you say the following:”Why Enable Firewall Outbound Protection? The answer is relatively simple, to prevent malwares and viruses from sending confidential information.”A lot of people believe outbound filtering to be next to useless in the situation you have described because once your computer is infected with malware/viruses, those evil applications usually have access to your system with administrator permissions and will be able to disable (or reconfigure) your firewall regardless of what you set your outbound filtering policy to. If you think that outbound filtering will keep you safe from malware/viruses…think again!That's not to say that outbound filtering isn't useful – it can be, but just not for the scenario you have described. It's useful for an admin to prevent certain types of outbound communication on the network, or for a local administrator to prevent certain apps from accessing the internet to get updates etc. Primarily though, i think people like outbound filtering because they like to see pop-up's telling them when application X is trying to connect to the Internet. They like to see this information and to know what that application is trying to do. This isn't really a justification for outbound filtering, it's more of a justification for better monitoring/logging so that users can see what their firewall is doing. Just my 2c.
This will help 😉 https://www.addictivetips.com/windows-tips/organ…
Thanks for your insightful opinion Dave. I do tend to agree with you here.
What is that google icon on the taskbar ?
This is an interesting article, thank you. One thing though…you say the following:”Why Enable Firewall Outbound Protection? The answer is relatively simple, to prevent malwares and viruses from sending confidential information.”A lot of people believe outbound filtering to be next to useless in the situation you have described because once your computer is infected with malware/viruses, those evil applications usually have access to your system with administrator permissions and will be able to disable (or reconfigure) your firewall regardless of what you set your outbound filtering policy to. If you think that outbound filtering will keep you safe from malware/viruses…think again!That's not to say that outbound filtering isn't useful – it can be, but just not for the scenario you have described. It's useful for an admin to prevent certain types of outbound communication on the network, or for a local administrator to prevent certain apps from accessing the internet to get updates etc. Primarily though, i think people like outbound filtering because they like to see pop-up's telling them when application X is trying to connect to the Internet. They like to see this information and to know what that application is trying to do. This isn't really a justification for outbound filtering, it's more of a justification for better monitoring/logging so that users can see what their firewall is doing. Just my 2c.
What is that google icon on the taskbar ?
This will help 😉 https://www.addictivetips.com/windows-tips/organ…
This is an interesting article, thank you. One thing though…you say the following:”Why Enable Firewall Outbound Protection? The answer is relatively simple, to prevent malwares and viruses from sending confidential information.”A lot of people believe outbound filtering to be next to useless in the situation you have described because once your computer is infected with malware/viruses, those evil applications usually have access to your system with administrator permissions and will be able to disable (or reconfigure) your firewall regardless of what you set your outbound filtering policy to. If you think that outbound filtering will keep you safe from malware/viruses…think again!That's not to say that outbound filtering isn't useful – it can be, but just not for the scenario you have described. It's useful for an admin to prevent certain types of outbound communication on the network, or for a local administrator to prevent certain apps from accessing the internet to get updates etc. Primarily though, i think people like outbound filtering because they like to see pop-up's telling them when application X is trying to connect to the Internet. They like to see this information and to know what that application is trying to do. This isn't really a justification for outbound filtering, it's more of a justification for better monitoring/logging so that users can see what their firewall is doing. Just my 2c.
Thanks for your insightful opinion Dave. I do tend to agree with you here.