How to setup Windows 7 firewall to work like a normal personal firewall?
2013-07
Since Windows 7 already comes with its own firewall, I prefer not to install a 3rd party one.
However, when I started trying to set it up, I quickly discovered that it's much less user-friendly than any personal firewall I have ever seen (e.g. Sygate for XP, Comodo for Windows 7, etc.)
Instead of being configured by default to block all Internet inbound and outbound traffic (i.e. not LAN), and then prompt you whenever unauthorized program tries to “call home”, it seems to allow all outbound traffic… (which is a spyware paradise).
I tried to configure it like a “ standard personal firewall” but this task turned to be anything but trivial:
First, I was greeted by having to select one of three profiles:
Domain | Private | Public
:Domain
is n/a because I don’t use a domain controllerPrivate
is me! (yes, I have a tiny LAN)Public
is n/a because my Windows 7 laptop is only connected through my router/firewall
So I proceeded with the following:
Domain :
All blocked (changed outbound from default)Private :
Inbound blocked, outbound allowed (keep defaults)Public :
All blocked (changed outbound from default)
Yet, I keep seeing all sorts of programs “calling home” without Windows firewall ever prompting or even notifying me about it.
Any idea how I can proceed from here? Is it possible at all to use the Windows 7 firewall to effectively control outbound traffic?
By default, Windows Firewall with Advanced Security allows all outbound network traffic.
To block the network traffic for prohibited programs, you must create an outbound rule that blocks traffic with specific criteria from passing through Windows Firewall with Advanced Security.
Alternatively, you can change the default outbound action to block, and then create outbound allow rules to allow required traffic. This technique is demonstrated in this TechNet article.
Windows does not notify you when programs make outbound calls, because it is very costly CPU wise, and even more costly from a software development standpoint.
To control outbound traffic, you'll need to block all outbound traffic then set specific rules.
Try "Windows 7 Firewall Control" This program works with the Windows Firewall and is independent from the Windows Firewall application itself and will ask you what to do like a personal firewall http://www.sphinx-soft.com/Vista/index.html
view all most popular Amazon Coupons
.
Possible Duplicate:
How can I configure the Windows 7 firewall to prompt me on outbound traffic?
In Vista and before, new programs attempting an ingoing or outgoing connection would cause a Windows prompt whether to allow or deny the program as a rule.
In Windows 7 I seem to have to manually enter rules. Is there any way to get Windows 7 to ask me on its own?
Edit : The options MrStatic points to in his answer are already turned on. No prompts, hence my question. See this forum entry for another guy with the same problem
The windows firewall generally sucks horribly. I had trojan just last month that bypassed it and was sucking all my bandwidth sending something.(I think it was actally trying to take everything) the windows firewall really only blocks incoming connections. if something wants to send something windows isn't going to stop it one bit.
I use Comodo firewall now, although honestly it can be set to the most paranoid settings its rediculous. it even can be set to the point of letting you know every time a process starts and when one file is calling another or when a program wants to write to disk. I went through a few before I got to this one and I'm happy with it (i turned off all those rediculous settings, it just tells me about unusual things)
and to answer your question, not really. other than what you have its 90% manual and it doesn't block outgoing(not really)
I don't know if it is possible to do it any other way in Windows 7.
Take a look at Windows 7 Firewall Control. This basically provides more control over the Windows 7 firewall. It will notify you of any application that is blocked. You can then change its permissions. The free version should suffice for your needs.
Control Panel\All Control Panel Items\Windows Firewall\Customize Settings
When you goto the control panel for the windows firewall its on the top left with the first UAC shield.