Completely disable internet connection except for browser and bittorrent
I need a simple software that ideally needs minimal configuration that will completely block all incoming and outgoing internet connections on my computer, with the exception of a browser (Firefox) and uTorrent. I have tried a few different firewall software (AVG, Norton, Outpost firewall), but they all need configuration for each and every application that needs blockage, and most times those applications in some way can get around the firewall. Instead of using a blacklist based firewall, couldn't i use one that only allows connections from white-listed software? I would still be using my AVG software to remove viruses, remove Trojans, etc. so this software would need to be non interfering with my AVG firewall, and vice versa.
I am running windows 7 professional 64 bit, on 62KB/s Shaw cable.
windows-7 networking firewall bittorrent
edited Apr 30 '13 at 2:03
Brad Patton
9,161123366
asked Apr 30 '13 at 1:42
Ben FranchukBen Franchuk
1,02971534
add a comment |
I need a simple software that ideally needs minimal configuration that will completely block all incoming and outgoing internet connections on my computer, with the exception of a browser (Firefox) and uTorrent. I have tried a few different firewall software (AVG, Norton, Outpost firewall), but they all need configuration for each and every application that needs blockage, and most times those applications in some way can get around the firewall. Instead of using a blacklist based firewall, couldn't i use one that only allows connections from white-listed software? I would still be using my AVG software to remove viruses, remove Trojans, etc. so this software would need to be non interfering with my AVG firewall, and vice versa.
I am running windows 7 professional 64 bit, on 62KB/s Shaw cable.
windows-7 networking firewall bittorrent
edited Apr 30 '13 at 2:03
Brad Patton
9,161123366
asked Apr 30 '13 at 1:42
Ben FranchukBen Franchuk
1,02971534
add a comment |
I need a simple software that ideally needs minimal configuration that will completely block all incoming and outgoing internet connections on my computer, with the exception of a browser (Firefox) and uTorrent. I have tried a few different firewall software (AVG, Norton, Outpost firewall), but they all need configuration for each and every application that needs blockage, and most times those applications in some way can get around the firewall. Instead of using a blacklist based firewall, couldn't i use one that only allows connections from white-listed software? I would still be using my AVG software to remove viruses, remove Trojans, etc. so this software would need to be non interfering with my AVG firewall, and vice versa.
I am running windows 7 professional 64 bit, on 62KB/s Shaw cable.
windows-7 networking firewall bittorrent
edited Apr 30 '13 at 2:03
Brad Patton
9,161123366
asked Apr 30 '13 at 1:42
Ben FranchukBen Franchuk
1,02971534
I need a simple software that ideally needs minimal configuration that will completely block all incoming and outgoing internet connections on my computer, with the exception of a browser (Firefox) and uTorrent. I have tried a few different firewall software (AVG, Norton, Outpost firewall), but they all need configuration for each and every application that needs blockage, and most times those applications in some way can get around the firewall. Instead of using a blacklist based firewall, couldn't i use one that only allows connections from white-listed software? I would still be using my AVG software to remove viruses, remove Trojans, etc. so this software would need to be non interfering with my AVG firewall, and vice versa.
I am running windows 7 professional 64 bit, on 62KB/s Shaw cable.
windows-7 networking firewall bittorrent
windows-7 networking firewall bittorrent
edited Apr 30 '13 at 2:03
Brad Patton
9,161123366
asked Apr 30 '13 at 1:42
Ben FranchukBen Franchuk
1,02971534
edited Apr 30 '13 at 2:03
Brad Patton
9,161123366
asked Apr 30 '13 at 1:42
Ben FranchukBen Franchuk
1,02971534
edited Apr 30 '13 at 2:03
Brad Patton
9,161123366
edited Apr 30 '13 at 2:03
Brad Patton
9,161123366
edited Apr 30 '13 at 2:03
Brad Patton
9,161123366
9,161123366
asked Apr 30 '13 at 1:42
Ben FranchukBen Franchuk
1,02971534
asked Apr 30 '13 at 1:42
Ben FranchukBen Franchuk
1,02971534
asked Apr 30 '13 at 1:42
Ben FranchukBen Franchuk
1,02971534
1,02971534
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
Windows itself can do this. Just set the default rule for outbound connections to Block instead of Allow in Windows Firewall with Advanced Security (When you open the menu, right click and go to Action->Properties on the dropdown menu).
Once you have set it to block just remove/disable all of the outbound and inbound rules. Then make program rules for the only programs you want to be set to Allow. After that all programs will be blocked except what the one or two programs you want.
(P.S. You are going to want to allow AVG to update it's virus definitions too or else you will quickly become vulnerable to viruses and whatnot (same for windows update))
answered Apr 30 '13 at 2:18
Scott ChamberlainScott Chamberlain
27.9k582100
3
Is there an easy way to turn this on and off, I would like to be able to use this while using mobile hotspot to limit data usage.
– Hugoagogo
Aug 17 '15 at 0:52
2
@Hugoagogo Yes, you can easily make a powershell script to do it then make a shortcut to run the script on your desktop.
– Scott Chamberlain
Aug 17 '15 at 1:24
This doesn't seem to work for me. When I place the Block option, and then try to use google chrome to access the internet, I am able to access the internet. Is this normal? Did I misunderstand what the Outbound connections being blocked does?
– Webeng
Apr 17 '17 at 4:35
1
@Webeng note there is similar rule on each "domain profile", "private profile" and "public profile" tab. You might want to check them all.
– eis
Aug 14 '17 at 8:50
add a comment |
Continuing where the other answer left off,
first of all, "Windows Firewall with Advanced Security" is a management console snap-in, so it can be started with running "mmc" and adding that snap-in. Also, when disabling the firewall note that there is similar rule in all "Domain profile", "Private profile" and "Public profile" tabs. Check them all.
I experienced that setting up outbound rules might not be that trivial. When setting the rule (though right-hand side "Actions" -> "New rule..."), it might not be that clear what executable your software is using when connecting. By default Windows Firewall does not tell you which software it has blocked so you'd know and could enable it if you'd want to.
One option is to enable firewall logs. However, that will only tell you connection information like this:
2017-08-14 11:48:09 DROP UDP 192.168.0.103 224.0.0.251 5353 5353 0 - - - - - - - SEND
To get information on which application was it, you need to enable audit logs for filtering platform:
- open cmd.exe as administrator
- run
auditpol.exe /get /subcategory:"{0CCE9225-69AE-11D9-BED3-505054503030}"orauditpol.exe /get /category:*to get your localized name for the category you wish to set - enable audit logs for blocked packets:
auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:enable. subcategory name might be localized, hence the command above. - set the firewall to block the connections and start application you have trouble with
- disable audit logs:
auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:disable - find your software from event viewer -> Windows logs -> Security using Find
- make a firewall rule for it
Audit logs look something like this, and Find can be used for any word in it:
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 10672
Application Name: deviceharddiskvolume2program files (x86)googlechromeapplicationchrome.exe
Network Information:
Direction: Outbound
Source Address: 192.168.126.1
Source Port: 53939
Destination Address: 239.255.255.250
Destination Port: 1900
Protocol: 17
Filter Information:
Filter Run-Time ID: 699893
Layer Name: Connect
Layer Run-Time ID: 48
answered Aug 14 '17 at 9:06
eiseis
1,61611734
add a comment |
This is a very frequently asked question, and the complete answer is following steps
1- Open "Windows Defender Firewall with Advanced Security" , To open just type Windows Firewall in Search or control panel. 
2- Now in the Left Pane the Top Option says - "Windows Defender Firewall with Advanced Security on Local Computer" Right click on that and go to Properties.
3- Now in Properties "Block Outbound Connections" for Each Profile - Domain Profile, Public Profile, Private Profile or if any other you have, Click Apply/OK.
4- Now go To Inbound Rules and Outbound Rules Both one by one, click on any rule and now Press CTRL+A to select All rules, from the extreme right Pane somewhere in the lower section click Disable Rule. This will Disable all rules.
5- Add a rule in Outbound Rules, Create New Rule from Right Pane, Select a Program, which will be your browser
In many case you can also block it in inbound to stop a program to connect itself ( usually used for patches /activators)
6- Now your computer is almost blocking every connection which means even chrome cannot connect at this point because even networking services are blocked.
7- So in final step, again right click on Outbound rules and Inbound Rule one by one both, in Left Pane, and Select "Filter by Group" --> "Filter by Core Networking"
8- Now in Right Pane for both rule type Filters, Enable All the Rules like step 3, select all and from right pane enable rule.
DONE - Now only program of you choice can communicate, even the chrome cannot update itself as inbound for chrome is disabled.
TWEAK the RULES accordingly.
answered Jan 10 at 15:09
Abhinav KumarAbhinav Kumar
172
(1) The question is specifically about Windows 7 Professional 64-bit. I’m running Windows 7 Professional 64-bit on my system, and I can’t reproduce your first image on my system. If you’re using screenshots from a different version for general illustration, that’s OK, but you should say so. (2) This looks like a very detailed answer. I would expect such a detailed answer to mention constraints like “you must be logged in as an administrator to do this. … (Cont’d)
– Scott
Jan 10 at 16:04
(Cont’d) … (3) Screenshots and other illustrations are a great accompaniment to text — not a great substitute for it. Your step 5 has four images in a row with no intervening text. (Note that image titles are normally not displayed.)
– Scott
Jan 10 at 16:04
The same steps are on Windows 7 also, in Start menu -->Search Box-->Windows Firewall with Advanced Security. Sorry for any inconvenience, this requires admin access
– Abhinav Kumar
Jan 10 at 16:57
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f589443%2fcompletely-disable-internet-connection-except-for-browser-and-bittorrent%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Windows itself can do this. Just set the default rule for outbound connections to Block instead of Allow in Windows Firewall with Advanced Security (When you open the menu, right click and go to Action->Properties on the dropdown menu).
Once you have set it to block just remove/disable all of the outbound and inbound rules. Then make program rules for the only programs you want to be set to Allow. After that all programs will be blocked except what the one or two programs you want.
(P.S. You are going to want to allow AVG to update it's virus definitions too or else you will quickly become vulnerable to viruses and whatnot (same for windows update))
answered Apr 30 '13 at 2:18
Scott ChamberlainScott Chamberlain
27.9k582100
3
Is there an easy way to turn this on and off, I would like to be able to use this while using mobile hotspot to limit data usage.
– Hugoagogo
Aug 17 '15 at 0:52
2
@Hugoagogo Yes, you can easily make a powershell script to do it then make a shortcut to run the script on your desktop.
– Scott Chamberlain
Aug 17 '15 at 1:24
This doesn't seem to work for me. When I place the Block option, and then try to use google chrome to access the internet, I am able to access the internet. Is this normal? Did I misunderstand what the Outbound connections being blocked does?
– Webeng
Apr 17 '17 at 4:35
1
@Webeng note there is similar rule on each "domain profile", "private profile" and "public profile" tab. You might want to check them all.
– eis
Aug 14 '17 at 8:50
add a comment |
Windows itself can do this. Just set the default rule for outbound connections to Block instead of Allow in Windows Firewall with Advanced Security (When you open the menu, right click and go to Action->Properties on the dropdown menu).
Once you have set it to block just remove/disable all of the outbound and inbound rules. Then make program rules for the only programs you want to be set to Allow. After that all programs will be blocked except what the one or two programs you want.
(P.S. You are going to want to allow AVG to update it's virus definitions too or else you will quickly become vulnerable to viruses and whatnot (same for windows update))
answered Apr 30 '13 at 2:18
Scott ChamberlainScott Chamberlain
27.9k582100
3
Is there an easy way to turn this on and off, I would like to be able to use this while using mobile hotspot to limit data usage.
– Hugoagogo
Aug 17 '15 at 0:52
2
@Hugoagogo Yes, you can easily make a powershell script to do it then make a shortcut to run the script on your desktop.
– Scott Chamberlain
Aug 17 '15 at 1:24
This doesn't seem to work for me. When I place the Block option, and then try to use google chrome to access the internet, I am able to access the internet. Is this normal? Did I misunderstand what the Outbound connections being blocked does?
– Webeng
Apr 17 '17 at 4:35
1
@Webeng note there is similar rule on each "domain profile", "private profile" and "public profile" tab. You might want to check them all.
– eis
Aug 14 '17 at 8:50
add a comment |
Windows itself can do this. Just set the default rule for outbound connections to Block instead of Allow in Windows Firewall with Advanced Security (When you open the menu, right click and go to Action->Properties on the dropdown menu).
Once you have set it to block just remove/disable all of the outbound and inbound rules. Then make program rules for the only programs you want to be set to Allow. After that all programs will be blocked except what the one or two programs you want.
(P.S. You are going to want to allow AVG to update it's virus definitions too or else you will quickly become vulnerable to viruses and whatnot (same for windows update))
answered Apr 30 '13 at 2:18
Scott ChamberlainScott Chamberlain
27.9k582100
Windows itself can do this. Just set the default rule for outbound connections to Block instead of Allow in Windows Firewall with Advanced Security (When you open the menu, right click and go to Action->Properties on the dropdown menu).
Once you have set it to block just remove/disable all of the outbound and inbound rules. Then make program rules for the only programs you want to be set to Allow. After that all programs will be blocked except what the one or two programs you want.
(P.S. You are going to want to allow AVG to update it's virus definitions too or else you will quickly become vulnerable to viruses and whatnot (same for windows update))
answered Apr 30 '13 at 2:18
Scott ChamberlainScott Chamberlain
27.9k582100
edited Aug 14 '17 at 14:42
answered Apr 30 '13 at 2:18
Scott ChamberlainScott Chamberlain
27.9k582100
answered Apr 30 '13 at 2:18
Scott ChamberlainScott Chamberlain
27.9k582100
answered Apr 30 '13 at 2:18
Scott ChamberlainScott Chamberlain
27.9k582100
27.9k582100
3
Is there an easy way to turn this on and off, I would like to be able to use this while using mobile hotspot to limit data usage.
– Hugoagogo
Aug 17 '15 at 0:52
2
@Hugoagogo Yes, you can easily make a powershell script to do it then make a shortcut to run the script on your desktop.
– Scott Chamberlain
Aug 17 '15 at 1:24
This doesn't seem to work for me. When I place the Block option, and then try to use google chrome to access the internet, I am able to access the internet. Is this normal? Did I misunderstand what the Outbound connections being blocked does?
– Webeng
Apr 17 '17 at 4:35
1
@Webeng note there is similar rule on each "domain profile", "private profile" and "public profile" tab. You might want to check them all.
– eis
Aug 14 '17 at 8:50
add a comment |
3
Is there an easy way to turn this on and off, I would like to be able to use this while using mobile hotspot to limit data usage.
– Hugoagogo
Aug 17 '15 at 0:52
2
@Hugoagogo Yes, you can easily make a powershell script to do it then make a shortcut to run the script on your desktop.
– Scott Chamberlain
Aug 17 '15 at 1:24
This doesn't seem to work for me. When I place the Block option, and then try to use google chrome to access the internet, I am able to access the internet. Is this normal? Did I misunderstand what the Outbound connections being blocked does?
– Webeng
Apr 17 '17 at 4:35
1
@Webeng note there is similar rule on each "domain profile", "private profile" and "public profile" tab. You might want to check them all.
– eis
Aug 14 '17 at 8:50
3
3
Is there an easy way to turn this on and off, I would like to be able to use this while using mobile hotspot to limit data usage.
– Hugoagogo
Aug 17 '15 at 0:52
Is there an easy way to turn this on and off, I would like to be able to use this while using mobile hotspot to limit data usage.
– Hugoagogo
Aug 17 '15 at 0:52
2
2
@Hugoagogo Yes, you can easily make a powershell script to do it then make a shortcut to run the script on your desktop.
– Scott Chamberlain
Aug 17 '15 at 1:24
@Hugoagogo Yes, you can easily make a powershell script to do it then make a shortcut to run the script on your desktop.
– Scott Chamberlain
Aug 17 '15 at 1:24
This doesn't seem to work for me. When I place the Block option, and then try to use google chrome to access the internet, I am able to access the internet. Is this normal? Did I misunderstand what the Outbound connections being blocked does?
– Webeng
Apr 17 '17 at 4:35
This doesn't seem to work for me. When I place the Block option, and then try to use google chrome to access the internet, I am able to access the internet. Is this normal? Did I misunderstand what the Outbound connections being blocked does?
– Webeng
Apr 17 '17 at 4:35
1
1
@Webeng note there is similar rule on each "domain profile", "private profile" and "public profile" tab. You might want to check them all.
– eis
Aug 14 '17 at 8:50
@Webeng note there is similar rule on each "domain profile", "private profile" and "public profile" tab. You might want to check them all.
– eis
Aug 14 '17 at 8:50
add a comment |
Continuing where the other answer left off,
first of all, "Windows Firewall with Advanced Security" is a management console snap-in, so it can be started with running "mmc" and adding that snap-in. Also, when disabling the firewall note that there is similar rule in all "Domain profile", "Private profile" and "Public profile" tabs. Check them all.
I experienced that setting up outbound rules might not be that trivial. When setting the rule (though right-hand side "Actions" -> "New rule..."), it might not be that clear what executable your software is using when connecting. By default Windows Firewall does not tell you which software it has blocked so you'd know and could enable it if you'd want to.
One option is to enable firewall logs. However, that will only tell you connection information like this:
2017-08-14 11:48:09 DROP UDP 192.168.0.103 224.0.0.251 5353 5353 0 - - - - - - - SEND
To get information on which application was it, you need to enable audit logs for filtering platform:
- open cmd.exe as administrator
- run
auditpol.exe /get /subcategory:"{0CCE9225-69AE-11D9-BED3-505054503030}"orauditpol.exe /get /category:*to get your localized name for the category you wish to set - enable audit logs for blocked packets:
auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:enable. subcategory name might be localized, hence the command above. - set the firewall to block the connections and start application you have trouble with
- disable audit logs:
auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:disable - find your software from event viewer -> Windows logs -> Security using Find
- make a firewall rule for it
Audit logs look something like this, and Find can be used for any word in it:
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 10672
Application Name: deviceharddiskvolume2program files (x86)googlechromeapplicationchrome.exe
Network Information:
Direction: Outbound
Source Address: 192.168.126.1
Source Port: 53939
Destination Address: 239.255.255.250
Destination Port: 1900
Protocol: 17
Filter Information:
Filter Run-Time ID: 699893
Layer Name: Connect
Layer Run-Time ID: 48
answered Aug 14 '17 at 9:06
eiseis
1,61611734
add a comment |
Continuing where the other answer left off,
first of all, "Windows Firewall with Advanced Security" is a management console snap-in, so it can be started with running "mmc" and adding that snap-in. Also, when disabling the firewall note that there is similar rule in all "Domain profile", "Private profile" and "Public profile" tabs. Check them all.
I experienced that setting up outbound rules might not be that trivial. When setting the rule (though right-hand side "Actions" -> "New rule..."), it might not be that clear what executable your software is using when connecting. By default Windows Firewall does not tell you which software it has blocked so you'd know and could enable it if you'd want to.
One option is to enable firewall logs. However, that will only tell you connection information like this:
2017-08-14 11:48:09 DROP UDP 192.168.0.103 224.0.0.251 5353 5353 0 - - - - - - - SEND
To get information on which application was it, you need to enable audit logs for filtering platform:
- open cmd.exe as administrator
- run
auditpol.exe /get /subcategory:"{0CCE9225-69AE-11D9-BED3-505054503030}"orauditpol.exe /get /category:*to get your localized name for the category you wish to set - enable audit logs for blocked packets:
auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:enable. subcategory name might be localized, hence the command above. - set the firewall to block the connections and start application you have trouble with
- disable audit logs:
auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:disable - find your software from event viewer -> Windows logs -> Security using Find
- make a firewall rule for it
Audit logs look something like this, and Find can be used for any word in it:
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 10672
Application Name: deviceharddiskvolume2program files (x86)googlechromeapplicationchrome.exe
Network Information:
Direction: Outbound
Source Address: 192.168.126.1
Source Port: 53939
Destination Address: 239.255.255.250
Destination Port: 1900
Protocol: 17
Filter Information:
Filter Run-Time ID: 699893
Layer Name: Connect
Layer Run-Time ID: 48
answered Aug 14 '17 at 9:06
eiseis
1,61611734
add a comment |
Continuing where the other answer left off,
first of all, "Windows Firewall with Advanced Security" is a management console snap-in, so it can be started with running "mmc" and adding that snap-in. Also, when disabling the firewall note that there is similar rule in all "Domain profile", "Private profile" and "Public profile" tabs. Check them all.
I experienced that setting up outbound rules might not be that trivial. When setting the rule (though right-hand side "Actions" -> "New rule..."), it might not be that clear what executable your software is using when connecting. By default Windows Firewall does not tell you which software it has blocked so you'd know and could enable it if you'd want to.
One option is to enable firewall logs. However, that will only tell you connection information like this:
2017-08-14 11:48:09 DROP UDP 192.168.0.103 224.0.0.251 5353 5353 0 - - - - - - - SEND
To get information on which application was it, you need to enable audit logs for filtering platform:
- open cmd.exe as administrator
- run
auditpol.exe /get /subcategory:"{0CCE9225-69AE-11D9-BED3-505054503030}"orauditpol.exe /get /category:*to get your localized name for the category you wish to set - enable audit logs for blocked packets:
auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:enable. subcategory name might be localized, hence the command above. - set the firewall to block the connections and start application you have trouble with
- disable audit logs:
auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:disable - find your software from event viewer -> Windows logs -> Security using Find
- make a firewall rule for it
Audit logs look something like this, and Find can be used for any word in it:
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 10672
Application Name: deviceharddiskvolume2program files (x86)googlechromeapplicationchrome.exe
Network Information:
Direction: Outbound
Source Address: 192.168.126.1
Source Port: 53939
Destination Address: 239.255.255.250
Destination Port: 1900
Protocol: 17
Filter Information:
Filter Run-Time ID: 699893
Layer Name: Connect
Layer Run-Time ID: 48
answered Aug 14 '17 at 9:06
eiseis
1,61611734
Continuing where the other answer left off,
first of all, "Windows Firewall with Advanced Security" is a management console snap-in, so it can be started with running "mmc" and adding that snap-in. Also, when disabling the firewall note that there is similar rule in all "Domain profile", "Private profile" and "Public profile" tabs. Check them all.
I experienced that setting up outbound rules might not be that trivial. When setting the rule (though right-hand side "Actions" -> "New rule..."), it might not be that clear what executable your software is using when connecting. By default Windows Firewall does not tell you which software it has blocked so you'd know and could enable it if you'd want to.
One option is to enable firewall logs. However, that will only tell you connection information like this:
2017-08-14 11:48:09 DROP UDP 192.168.0.103 224.0.0.251 5353 5353 0 - - - - - - - SEND
To get information on which application was it, you need to enable audit logs for filtering platform:
- open cmd.exe as administrator
- run
auditpol.exe /get /subcategory:"{0CCE9225-69AE-11D9-BED3-505054503030}"orauditpol.exe /get /category:*to get your localized name for the category you wish to set - enable audit logs for blocked packets:
auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:enable. subcategory name might be localized, hence the command above. - set the firewall to block the connections and start application you have trouble with
- disable audit logs:
auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:disable - find your software from event viewer -> Windows logs -> Security using Find
- make a firewall rule for it
Audit logs look something like this, and Find can be used for any word in it:
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 10672
Application Name: deviceharddiskvolume2program files (x86)googlechromeapplicationchrome.exe
Network Information:
Direction: Outbound
Source Address: 192.168.126.1
Source Port: 53939
Destination Address: 239.255.255.250
Destination Port: 1900
Protocol: 17
Filter Information:
Filter Run-Time ID: 699893
Layer Name: Connect
Layer Run-Time ID: 48
answered Aug 14 '17 at 9:06
eiseis
1,61611734
edited Aug 14 '17 at 9:18
answered Aug 14 '17 at 9:06
eiseis
1,61611734
answered Aug 14 '17 at 9:06
eiseis
1,61611734
answered Aug 14 '17 at 9:06
eiseis
1,61611734
1,61611734
add a comment |
add a comment |
This is a very frequently asked question, and the complete answer is following steps
1- Open "Windows Defender Firewall with Advanced Security" , To open just type Windows Firewall in Search or control panel.
2- Now in the Left Pane the Top Option says - "Windows Defender Firewall with Advanced Security on Local Computer" Right click on that and go to Properties.
3- Now in Properties "Block Outbound Connections" for Each Profile - Domain Profile, Public Profile, Private Profile or if any other you have, Click Apply/OK.
4- Now go To Inbound Rules and Outbound Rules Both one by one, click on any rule and now Press CTRL+A to select All rules, from the extreme right Pane somewhere in the lower section click Disable Rule. This will Disable all rules.
5- Add a rule in Outbound Rules, Create New Rule from Right Pane, Select a Program, which will be your browser
In many case you can also block it in inbound to stop a program to connect itself ( usually used for patches /activators)
6- Now your computer is almost blocking every connection which means even chrome cannot connect at this point because even networking services are blocked.
7- So in final step, again right click on Outbound rules and Inbound Rule one by one both, in Left Pane, and Select "Filter by Group" --> "Filter by Core Networking"
8- Now in Right Pane for both rule type Filters, Enable All the Rules like step 3, select all and from right pane enable rule.
DONE - Now only program of you choice can communicate, even the chrome cannot update itself as inbound for chrome is disabled.
TWEAK the RULES accordingly.
answered Jan 10 at 15:09
Abhinav KumarAbhinav Kumar
172
(1) The question is specifically about Windows 7 Professional 64-bit. I’m running Windows 7 Professional 64-bit on my system, and I can’t reproduce your first image on my system. If you’re using screenshots from a different version for general illustration, that’s OK, but you should say so. (2) This looks like a very detailed answer. I would expect such a detailed answer to mention constraints like “you must be logged in as an administrator to do this. … (Cont’d)
– Scott
Jan 10 at 16:04
(Cont’d) … (3) Screenshots and other illustrations are a great accompaniment to text — not a great substitute for it. Your step 5 has four images in a row with no intervening text. (Note that image titles are normally not displayed.)
– Scott
Jan 10 at 16:04
The same steps are on Windows 7 also, in Start menu -->Search Box-->Windows Firewall with Advanced Security. Sorry for any inconvenience, this requires admin access
– Abhinav Kumar
Jan 10 at 16:57
add a comment |
This is a very frequently asked question, and the complete answer is following steps
1- Open "Windows Defender Firewall with Advanced Security" , To open just type Windows Firewall in Search or control panel.
2- Now in the Left Pane the Top Option says - "Windows Defender Firewall with Advanced Security on Local Computer" Right click on that and go to Properties.
3- Now in Properties "Block Outbound Connections" for Each Profile - Domain Profile, Public Profile, Private Profile or if any other you have, Click Apply/OK.
4- Now go To Inbound Rules and Outbound Rules Both one by one, click on any rule and now Press CTRL+A to select All rules, from the extreme right Pane somewhere in the lower section click Disable Rule. This will Disable all rules.
5- Add a rule in Outbound Rules, Create New Rule from Right Pane, Select a Program, which will be your browser
In many case you can also block it in inbound to stop a program to connect itself ( usually used for patches /activators)
6- Now your computer is almost blocking every connection which means even chrome cannot connect at this point because even networking services are blocked.
7- So in final step, again right click on Outbound rules and Inbound Rule one by one both, in Left Pane, and Select "Filter by Group" --> "Filter by Core Networking"
8- Now in Right Pane for both rule type Filters, Enable All the Rules like step 3, select all and from right pane enable rule.
DONE - Now only program of you choice can communicate, even the chrome cannot update itself as inbound for chrome is disabled.
TWEAK the RULES accordingly.
answered Jan 10 at 15:09
Abhinav KumarAbhinav Kumar
172
(1) The question is specifically about Windows 7 Professional 64-bit. I’m running Windows 7 Professional 64-bit on my system, and I can’t reproduce your first image on my system. If you’re using screenshots from a different version for general illustration, that’s OK, but you should say so. (2) This looks like a very detailed answer. I would expect such a detailed answer to mention constraints like “you must be logged in as an administrator to do this. … (Cont’d)
– Scott
Jan 10 at 16:04
(Cont’d) … (3) Screenshots and other illustrations are a great accompaniment to text — not a great substitute for it. Your step 5 has four images in a row with no intervening text. (Note that image titles are normally not displayed.)
– Scott
Jan 10 at 16:04
The same steps are on Windows 7 also, in Start menu -->Search Box-->Windows Firewall with Advanced Security. Sorry for any inconvenience, this requires admin access
– Abhinav Kumar
Jan 10 at 16:57
add a comment |
This is a very frequently asked question, and the complete answer is following steps
1- Open "Windows Defender Firewall with Advanced Security" , To open just type Windows Firewall in Search or control panel.
2- Now in the Left Pane the Top Option says - "Windows Defender Firewall with Advanced Security on Local Computer" Right click on that and go to Properties.
3- Now in Properties "Block Outbound Connections" for Each Profile - Domain Profile, Public Profile, Private Profile or if any other you have, Click Apply/OK.
4- Now go To Inbound Rules and Outbound Rules Both one by one, click on any rule and now Press CTRL+A to select All rules, from the extreme right Pane somewhere in the lower section click Disable Rule. This will Disable all rules.
5- Add a rule in Outbound Rules, Create New Rule from Right Pane, Select a Program, which will be your browser
In many case you can also block it in inbound to stop a program to connect itself ( usually used for patches /activators)
6- Now your computer is almost blocking every connection which means even chrome cannot connect at this point because even networking services are blocked.
7- So in final step, again right click on Outbound rules and Inbound Rule one by one both, in Left Pane, and Select "Filter by Group" --> "Filter by Core Networking"
8- Now in Right Pane for both rule type Filters, Enable All the Rules like step 3, select all and from right pane enable rule.
DONE - Now only program of you choice can communicate, even the chrome cannot update itself as inbound for chrome is disabled.
TWEAK the RULES accordingly.
answered Jan 10 at 15:09
Abhinav KumarAbhinav Kumar
172
This is a very frequently asked question, and the complete answer is following steps
1- Open "Windows Defender Firewall with Advanced Security" , To open just type Windows Firewall in Search or control panel.
2- Now in the Left Pane the Top Option says - "Windows Defender Firewall with Advanced Security on Local Computer" Right click on that and go to Properties.
3- Now in Properties "Block Outbound Connections" for Each Profile - Domain Profile, Public Profile, Private Profile or if any other you have, Click Apply/OK.
4- Now go To Inbound Rules and Outbound Rules Both one by one, click on any rule and now Press CTRL+A to select All rules, from the extreme right Pane somewhere in the lower section click Disable Rule. This will Disable all rules.
5- Add a rule in Outbound Rules, Create New Rule from Right Pane, Select a Program, which will be your browser
In many case you can also block it in inbound to stop a program to connect itself ( usually used for patches /activators)
6- Now your computer is almost blocking every connection which means even chrome cannot connect at this point because even networking services are blocked.
7- So in final step, again right click on Outbound rules and Inbound Rule one by one both, in Left Pane, and Select "Filter by Group" --> "Filter by Core Networking"
8- Now in Right Pane for both rule type Filters, Enable All the Rules like step 3, select all and from right pane enable rule.
DONE - Now only program of you choice can communicate, even the chrome cannot update itself as inbound for chrome is disabled.
TWEAK the RULES accordingly.
answered Jan 10 at 15:09
Abhinav KumarAbhinav Kumar
172
answered Jan 10 at 15:09
Abhinav KumarAbhinav Kumar
172
answered Jan 10 at 15:09
Abhinav KumarAbhinav Kumar
172
answered Jan 10 at 15:09
Abhinav KumarAbhinav Kumar
172
172
(1) The question is specifically about Windows 7 Professional 64-bit. I’m running Windows 7 Professional 64-bit on my system, and I can’t reproduce your first image on my system. If you’re using screenshots from a different version for general illustration, that’s OK, but you should say so. (2) This looks like a very detailed answer. I would expect such a detailed answer to mention constraints like “you must be logged in as an administrator to do this. … (Cont’d)
– Scott
Jan 10 at 16:04
(Cont’d) … (3) Screenshots and other illustrations are a great accompaniment to text — not a great substitute for it. Your step 5 has four images in a row with no intervening text. (Note that image titles are normally not displayed.)
– Scott
Jan 10 at 16:04
The same steps are on Windows 7 also, in Start menu -->Search Box-->Windows Firewall with Advanced Security. Sorry for any inconvenience, this requires admin access
– Abhinav Kumar
Jan 10 at 16:57
add a comment |
(1) The question is specifically about Windows 7 Professional 64-bit. I’m running Windows 7 Professional 64-bit on my system, and I can’t reproduce your first image on my system. If you’re using screenshots from a different version for general illustration, that’s OK, but you should say so. (2) This looks like a very detailed answer. I would expect such a detailed answer to mention constraints like “you must be logged in as an administrator to do this. … (Cont’d)
– Scott
Jan 10 at 16:04
(Cont’d) … (3) Screenshots and other illustrations are a great accompaniment to text — not a great substitute for it. Your step 5 has four images in a row with no intervening text. (Note that image titles are normally not displayed.)
– Scott
Jan 10 at 16:04
The same steps are on Windows 7 also, in Start menu -->Search Box-->Windows Firewall with Advanced Security. Sorry for any inconvenience, this requires admin access
– Abhinav Kumar
Jan 10 at 16:57
(1) The question is specifically about Windows 7 Professional 64-bit. I’m running Windows 7 Professional 64-bit on my system, and I can’t reproduce your first image on my system. If you’re using screenshots from a different version for general illustration, that’s OK, but you should say so. (2) This looks like a very detailed answer. I would expect such a detailed answer to mention constraints like “you must be logged in as an administrator to do this. … (Cont’d)
– Scott
Jan 10 at 16:04
(1) The question is specifically about Windows 7 Professional 64-bit. I’m running Windows 7 Professional 64-bit on my system, and I can’t reproduce your first image on my system. If you’re using screenshots from a different version for general illustration, that’s OK, but you should say so. (2) This looks like a very detailed answer. I would expect such a detailed answer to mention constraints like “you must be logged in as an administrator to do this. … (Cont’d)
– Scott
Jan 10 at 16:04
(Cont’d) … (3) Screenshots and other illustrations are a great accompaniment to text — not a great substitute for it. Your step 5 has four images in a row with no intervening text. (Note that image titles are normally not displayed.)
– Scott
Jan 10 at 16:04
(Cont’d) … (3) Screenshots and other illustrations are a great accompaniment to text — not a great substitute for it. Your step 5 has four images in a row with no intervening text. (Note that image titles are normally not displayed.)
– Scott
Jan 10 at 16:04
The same steps are on Windows 7 also, in Start menu -->Search Box-->Windows Firewall with Advanced Security. Sorry for any inconvenience, this requires admin access
– Abhinav Kumar
Jan 10 at 16:57
The same steps are on Windows 7 also, in Start menu -->Search Box-->Windows Firewall with Advanced Security. Sorry for any inconvenience, this requires admin access
– Abhinav Kumar
Jan 10 at 16:57
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f589443%2fcompletely-disable-internet-connection-except-for-browser-and-bittorrent%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
