Windows Client TechCenter >
Windows 7 Forums
>
Windows 7 Security
>
Windows 7 Firewall Outgoing Configuration
Windows 7 Firewall Outgoing Configuration
- The Vista firewall does a good job but most people sadly miss an easy
way to configure which programs are allowed for outgoing connections.
This is a standard feature since years in other firewalls (e.g. ZoneAlarm).
I know it is possible to get this feature via the third party extension
"Vista Firewall Control " but I do not want to install a third party
extension for this (risk is to high that things get confound,
e.g. a windows update makes the extension incompatible).
Now my question:
Will Windows 7 users finally get this feature? Thank you!
All Replies
Hi,
Actually, we can configure which programs are allowed for outgoing connections in Windows Vista and Windows 7.
1. Click Start, type WF.msc, and press Enter.
2. Click Outbound Rules, then choose Action->new Rule.
Hope it helps.
- I've been running my firewall in 7 with the outgoing connections set to Block (default is to allow the connection), and adding rules to allow programs I decide are ok. The only drawback with this process is it is fairly "clunky" in that it is a completely manual process to go into the Firewall's Advanced Configuration pages and add that new rule. It sure would be nice if the Firewall could incorporate better prompting for program access like ZoneAlarm does, or like the old Sygate Personal Firewall does under XP (I still use that even though support is long gone for it, just because I REALLY like the way it works).
As it is, I rarely see any automatic prompting for network access by programs from the Firewall. I've started the habit of adding a new Rule to the Firewall when something isn't working right, before trying anything else! Worse yet, in one case I had to completely disable the firewall in order to get a program to work, simply because whatever EXE was doing the access was NOT the main one, and I could not figure out how to find what the correct EXE was to allow! BTW, that was the game Far Cry 2, trying to get the game activated on first run. I had the main Far Cry 2 exe set to have unrestricted access to the network, both inbound and outbound, but it failed to activate itself until I shut down the firewall.
If the Firewall had been able to prompt me for the access, I could have fixed this in seconds and NOT had to shut off the firewall completely. Nice thing is it only needed it for the initial activation. After it was activated, I re-enabled the firewall and it still works fine. I've been running my firewall in 7 with the outgoing connections set to Block (default is to allow the connection), and adding rules to allow programs I decide are ok. The only drawback with this process is it is fairly "clunky" in that it is a completely manual process to go into the Firewall's Advanced Configuration pages and add that new rule. It sure would be nice if the Firewall could incorporate better prompting for program access like ZoneAlarm does, or like the old Sygate Personal Firewall does under XP (I still use that even though support is long gone for it, just because I REALLY like the way it works).
As it is, I rarely see any automatic prompting for network access by programs from the Firewall. I've started the habit of adding a new Rule to the Firewall when something isn't working right, before trying anything else! Worse yet, in one case I had to completely disable the firewall in order to get a program to work, simply because whatever EXE was doing the access was NOT the main one, and I could not figure out how to find what the correct EXE was to allow! BTW, that was the game Far Cry 2, trying to get the game activated on first run. I had the main Far Cry 2 exe set to have unrestricted access to the network, both inbound and outbound, but it failed to activate itself until I shut down the firewall.
If the Firewall had been able to prompt me for the access, I could have fixed this in seconds and NOT had to shut off the firewall completely. Nice thing is it only needed it for the initial activation. After it was activated, I re-enabled the firewall and it still works fine.
You can try to view Windows Firewall log to check it.
It should be found %windir%\system32\logfiles\firewall\firewall.log
Thanks.The Vista firewall does a good job but most people sadly miss an easy
way to configure which programs are allowed for outgoing connections.
This is a standard feature since years in other firewalls (e.g. ZoneAlarm).
I know it is possible to get this feature via the third party extension
"Vista Firewall Control " but I do not want to install a third party
extension for this (risk is to high that things get confound,
e.g. a windows update makes the extension incompatible).
Now my question:
Will Windows 7 users finally get this feature? Thank you!
I have been using Vista Firewall Controller on Win 7 RC with absolutely no probelms. It is far easier than trying to edit the Windows Firewall program as suggested above. It would be great if MS included this feature, but if not, the Firewall Controller is the way to go, IMHO.
Windows 7 beta dual booting with VISTA Home Premium 2 GB memory 160 HD Gateway Laptop HP Officejet 6310 All-in One inkjet printer Verizon FIOS Internet Connection- Yeah I know that it is possible to configure this manually.
But you cannot expect from a 0815 user to do this
per hand, checking the log file etc.
It cannot be that difficult to integrate this standard
"feature" that nearly every other firewall offers.
Just a dialog that pops up and asks...
"Allow this application? [...]"
...would do the trick for me maybe with some
details about the *.exe location and vendor.
Yeah I don't see a reason not to include this feature
I have been using Vista Firewall Controller on Win 7 RC with absolutely no probelms. It is far easier than trying to edit the Windows Firewall program as suggested above. It would be great if MS included this feature, but if not, the Firewall Controller is the way to go, IMHO.
because it would increase the security AND operability.
And everyone who don't want it should be able to
just disable this feature in the Security Center.Yeah I know that it is possible to configure this manually.
But you cannot expect from a 0815 user to do this
per hand, checking the log file etc.
It cannot be that difficult to integrate this standard
"feature" that nearly every other firewall offers.
Just a dialog that pops up and asks...
"Allow this application? [...]"
...would do the trick for me maybe with some
details about the *.exe location and vendor.
Technically, we should receive similar warning window when a program try to access Internet and Windows 7 cannot verify it.
Also, you can simply configure it by Control Panel->All Control Panel Items->Windows Firewall->All a program or feature though Windows Firewall.
Thanks.
- All I can say about the Windows Firewall is - Nice idea, poorly executed. It does have all the technical abilities of most other firewalls, and is more granular than some, but is completely unusable in practice. I've always disabled it and got something more appropriate to do the job, and I see no reason to change now.
I also use sygate on XP as it still does more than most other Firewalls (network activity & block graphing for instance) but I also use ZoneAlarm as it is by far the easiest to configure (and I am someone who is happy scripting rules at a command line) - a list of applications with simple options to block outgoing or serving, locally & externally - do you really need much else? I usually find that I have to manually create rules to do these things with other firewalls (Including Sygate)! I know having the ability to block specific ports is nice, but I just don't need it (I think you can do it with advanced ZA rules anyway) - I block ALL services from the Internet, job done.
It's a shame that ZA doesn't run on W7 yet which is why I'm using Comodo. It, again, is more complicated to configure until you work out the shortcuts (And realise that 'Network Security Policy' = Application control!). You can try to view Windows Firewall log to check it.
Last time I looked at that log file, it only told me the IP addresses and ports. Nothing at all in there about what programs are doing it. :-(
It should be found %windir%\system32\logfiles\firewall\firewall.log
Thanks.
I'd prefer to set up a rule based on the program rather than a port or IP address. That way whatever ports it needs are only open while that program is running, not all the time like a rule for a port or IP address would be.I have been using Vista Firewall Controller on Win 7 RC with absolutely no probelms. It is far easier than trying to edit the Windows Firewall program as suggested above. It would be great if MS included this feature, but if not, the Firewall Controller is the way to go, IMHO.
Hmm, I think I'll check out this app. Sounds like it might do some of what I want at least.- one thing i think that all firewalls should have and of course including windows firewall which i find the best firewall atm (simply because its native), is to limit the traffic,like to have control of the traffic flow so lets say,on dns rule you could set limits on the udp tab so that would prevent lots of overflow type of attacks such as ping of death and other ddos's SH**,i know you can do it via registry which i had to do but still better from firewal even because some people dont know how to do that in win registry, aint that possible to create for future MS plans?
for me it sounds so easy and i dont really know how and why we still dont have this feature,each rule could be linked to specific parts of the registry assigned for its tasks,like DNS,TCPIP and other...anyways thats a suggestion that i find very useful for users and administrators...
RR - Just for Info, Zonealarm is now available for W7. It's a Beta (so is free) but it does include AV - Works for me!
It doesn't yet quite integrate properly into the Security Centre so you have to manually 'ignore' firewall problems, but this is a small price to pay (and presumably only short term).
Look at:
https://www.zonealarm.com/security/en-us/beta-center-details.htm?ifrom=betahome&betaSku=ZAAV-BETA-60day-1user&betaCode=ZAAV-BETA-60day-1user - However, the Vista and Win 7 firewall control software, installs its own firewall and does not really use the standard win 7 firewall.
Their FAQ clearly states:- Windows 7 Firewall Control and the Built-in Firewall
- Windows7FirewallControl is completely based on Windows Filtering Platform (WFP), the security core introduced in Windows Vista and does not install any third party kernel drivers. The Built-in Firewall is based on the same WFP as well. The both products work entirely independently. Windows7FirewallControl uses the Built-in Firewall only once, at the first start to grab the initial settings. Due to complete product independence you can switch the Built-in Firewall ON or OFF at your option.
- Why do you want to restrict outbound traffic? It provides very little security, if a piece of malware is on your machine and able to attempt outbound connections you're already hosed. If you allowed the malware to install itself with admin privileges the malware can reconfigure the firewall and go to town. If you were smart and running with limited privileges when the malware installed itself it can scan the firewall rules to see what is allowed, and piggy back on one of those applications. For example, you'd want to allow your browser to open outbound connections, right? Its not very hard to write malware that will use the default webb browser to upload stuff.
I am not saying that outbound filtering provides zero security, only that its provides very little. In my opinion its not worth the hassle, you would be better off investing the effort in customizing outbound rules into more effective countermeasures like figuring out how to get all of your programs to run without admin privileges, installing patches, or updating antivirus and antispam software.
Kurt Dillard http://www.kurtdillard.com - I have been playing with the Win 7 Firewall also and have all outbound connections blocked, except for the rules to allow. I also have all notifications turned on.
So far I have not gotten any type of notifications about a program being blocked. It just doesn't work. If I look at the log, it is blank and I might get an access denied message.
It also appears the firewall will not give all the options necessary for a program to get through the firewall. For example, to update Open Office you need to allow soffice.bin through the firewall, but it is not listed as an option. I might assume that the Firewall control utility mentioned would also not be able to allow this utility since it is not listed. I did type it in manually when adding a new rule and it does work now.
I guess I do not understand that if options were given to turn on or off notifications, that none were be forthcoming!! - Taking the same hook i might as well ask something..
on outgoing setting ,when i set allow only secure connections and then there's the option to choose which computers i should allow..i set in all my secured connections to only allow interactive computers ,and the question is:
which one is the best option,allow only INTERACTIVE or AUTHENTICATED ?
thanks in advance,
RR - I am running Norton Internet Security 2010 with Win 7 Professional RTM now. Apparently, Norton makes up it's own rules as an application is installed and sets the firewall permissions accordingly. There is no need for user intervention. When NIS 2010 is installed it also scans the existing applications and creates the appropriate rules for them.
If a malware attempts to go out to the internet, it should be blocked as there is no rule for it. However, this should not happen if all is working because the anti-virus component should catch this coming in.
The nice thing about Norton is - no prompts and (so far, and I have been using their programs for years) 100% safety.
Note - I do not work for Symantec and have been quick to bad mouth them in the past. They really seem to have gotten their act together now, at least in my experience.
Why Windows (or at least MS Security Essentials in conjunction with the Windows Firewall) cannot work in the same way is beyond me. Sounds like there is still some work to be done on Microsoft's part.
Windows 7 Professional RTM 2 GB memory 160 HD Networked (wired and wireless)Gateway Laptop HP Officejet 6310 All-in One inkjet printer Verizon FIOS Internet Connection
