Jump to content

Reseting Windows Defender Firewall Prompts / Authorizations

I finally uninstalled the family Norton subscription from my Windows 10 Pro machine (I know I’m late, but I wasn’t paying for it).

I am currently trying to assert actual control over the network via the Windows Security Suite.

My Goal is to revoke the network authorizations for all application / programs / services and have Windows Defender Firewall prompt for approval every time a new program attempts to access the network (Both Outgoing and Incoming).

My problem is that “unchecking” all apps from the allowed list doesn’t seem to actually block anything.

There is a box to notify for blocked apps but it doesn’t help when Microsoft decides to unilaterally allow something new through. I do also want to audit existing traffic this way.

I took a basic Windows in enterprise class that covered firewall configs I know how to make new rules through the Control Panel and could cobble together a PowerShell script if necessary. I might have forgotten something or they may have “improved” the option away, but it seems like there should be an easier way to do this through the GUI options though.

This is the only repeat question I’ve found so far and in the typical fashion of Microsoft’s “Independent Advisors” they didn’t read the question and instead gave a stock answer to a related but different and more common question.

https://answers.microsoft.com/en-us/windows/forum/all/how-to-turn-on-every-windows-firewall-notification/462f3157-2565-4da0-b4da-792e86943792

Any thoughts of the merits of third-party standalone firewalls like GlassWire would not be out of place either. I’m just trying to get to a place of intuitive functionality.

 

Any help is much appreciated.

Related rants about Windows Security will be tolerated for the increased post activity and general therapeutic value.

 

Link to post
Share on other sites

to my knowledge this isn't a thing, windows doesn't let any apps that are unchecked "through" and windows doesn't just allow apps through *without* asking first... [*]

 

so if you don't want the popup everytime you need to allow it, or indeed uncheck it in the firewall. 

 

i would recommend to entirely reset windows defender and simply use the default settings while following the above instructions, unless i misunderstood the problem,  but windows defender is the most easy to use and least intrusive AV i could think of (now excuse me while i allow this "hacktool-harmless-visual-hack-mod-not-a-virus-007248a!-thing" thing for the gazillionth time... >_>)

 

 

40 minutes ago, DraconisMaximus said:

Any help is much appreciated.

 

Related rants about Windows Security will be tolerated for the increased post activity and general therapeutic value.

i am sorry ~

 

 

40 minutes ago, DraconisMaximus said:

I’m just trying to get to a place of intuitive functionality

i recommend windows defender. 

 

 

Spoiler

[*] akshually, there are exceptions like certain programs downloading updates or similar, the firewall is often not asking for permission in such instances... but i think defender would still scan that data regularly... 

 

is it a security risk? well technically yeah, depends how much you trust those programs i guess. its similar to linux were you constantly download random stuff from a guy called "sudo" you just gotta trust him or not use the os.

 

 

ps: also to answer the question, it's really quite simple apparently: 

 

https://www.tenforums.com/tutorials/70749-restore-default-windows-defender-firewall-settings-windows-10-a.html

The direction tells you... the direction

-Scott Manley, 2021

 

Softwares used:

Corsair Link (Anime Edition) 

MSI Afterburner 

OpenRGB

Lively Wallpaper 

OBS Studio

Shutter Encoder

Avidemux

FSResizer

Audacity 

VLC

WMP

GIMP

HWiNFO64

Paint

3D Paint

GitHub Desktop 

Superposition 

Prime95

Aida64

GPUZ

CPUZ

Generic Logviewer

 

 

 

Link to post
Share on other sites

11 hours ago, Mark Kaine said:

to my knowledge this isn't a thing, windows doesn't let any apps that are unchecked "through" and windows doesn't just allow apps through *without* asking first... [*]

 

so if you don't want the popup everytime you need to allow it, or indeed uncheck it in the firewall. 

 

I did just do a full Windows Security reset to ensure a clean slate.

The goal is to receive notifications if any app or service I have not personally approved attempts to access the network. For example, if I have never received a Windows Firewall Notification that Google Chrome is trying to access the internet and clicked allow then Chrome should not be able to function as a web browser.

A few simple tests with Firefox and Chrome confirmed that unchecking apps from the allow apps list does not block them from accessing the internet. It only overrides a default decision by Windows to block access.

I have not received any firewall notifications since resetting.

12 hours ago, Mark Kaine said:

ps: also to answer the question, it's really quite simple apparently: 

 

https://www.tenforums.com/tutorials/70749-restore-default-windows-defender-firewall-settings-windows-10-a.html

That only stops incoming traffic, not traffic initiated locally.

 

12 hours ago, Mark Kaine said:
  Hide contents

[*] akshually, there are exceptions like certain programs downloading updates or similar, the firewall is often not asking for permission in such instances... but i think defender would still scan that data regularly... 

 

is it a security risk? well technically yeah, depends how much you trust those programs i guess. its similar to linux were you constantly download random stuff from a guy called "sudo" you just gotta trust him or not use the os.

Yeah I forgot that installers can generate their own firewall rules. That said, shouldn't resetting the firewall remove those?

 

I did end up writing a PS1 script to quickly generate block rules for all of the Exes that didn't seem to have a reason to access the internet and will have to check the list regularly.

 

I have been considering a clean Windows install anyways, so I may just bite the bullet and do that.

Link to post
Share on other sites

20 minutes ago, DraconisMaximus said:

I did just do a full Windows Security reset to ensure a clean slate.

 

The goal is to receive notifications if any app or service I have not personally approved attempts to access the network. For example, if I have never received a Windows Firewall Notification that Google Chrome is trying to access the internet and clicked allow then Chrome should not be able to function as a web browser.

 

A few simple tests with Firefox and Chrome confirmed that unchecking apps from the allow apps list does not block them from accessing the internet. It only overrides a default decision by Windows to block access.

 

I have not received any firewall notifications since resetting.

 

That only stops incoming traffic, not traffic initiated locally.

 

 

Yeah I forgot that installers can generate their own firewall rules. That said, shouldn't resetting the firewall remove those?

 

I did end up writing a PS1 script to quickly generate block rules for all of the Exes that didn't seem to have a reason to access the internet and will have to check the list regularly.

 

I have been considering a clean Windows install anyways, so I may just bite the bullet and do that.

yes, well that's the thing why i put the [*] note, typically all programs ask for permission  - but not all, as said something like chrome, edge, a lot of emulators, etc, basically any number of programs... in a way most programs "ask you for permission" although in a weird way (like "do you want to download the update...") but not all, some just start downloading stuff without telling you anything lol... basically yes, as soon you click install program you kinda tell windows you trust this program,  which as i said indeed seems like a security risk.

 

but im pretty sure you could still put rules in firewall to not allow this... not sure... but generally its not a bug, its just how windows / sudo, and probably any OS works lol, that's why you have a real time AV, that hopefully catches stuff... 

 

 

ps: Windows itself does the same thing! constantly downloading and sending stuff in the background... but its mostly 1 process,  "waasmedic"... you can kill him. 😉

 

 

The direction tells you... the direction

-Scott Manley, 2021

 

Softwares used:

Corsair Link (Anime Edition) 

MSI Afterburner 

OpenRGB

Lively Wallpaper 

OBS Studio

Shutter Encoder

Avidemux

FSResizer

Audacity 

VLC

WMP

GIMP

HWiNFO64

Paint

3D Paint

GitHub Desktop 

Superposition 

Prime95

Aida64

GPUZ

CPUZ

Generic Logviewer

 

 

 

Link to post
Share on other sites

32 minutes ago, Mark Kaine said:

ps: Windows itself does the same thing! constantly downloading and sending stuff in the background... but its mostly 1 process,  "waasmedic"... you can kill him. 😉

Yeah out of over 300 rules I generated, over 200 of them were to block official Microsoft executables.

That is why I always use the "Pro" versions of Windows. I have used Group Policy to Windows Update locked in the closet since 2016. He gets supervised yard time a couple times a month. It also works as a garlic to the vampire of Windows 11.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×