Best way to prevent network access to specific applications

xenon20

xenon20

xenon20

Associate
Joined
28 Aug 2013
Posts
62
Hi All,

I recently created a firewall rule in windows to block a specific application (I use malwarebytes firewall control app (WFC) which is an interface to the windows firewall) but after looking at the connections log, I can see that the specific .exe that I created a block rule for has been allowed to communicate outwards. I can only assume that the software is being allowed to communicate through another file or process that was installed along with it.

So my two questions are,
1) Is there any way to block network access to a whole folder? so rather than just creating a block rule for the main .exe, I block the whole installation directory?
2) Is windows firewall a good / reliable way to do this, or should I be considering something like a better hardware firewall (something like DD-WRT / pfSense / Ubiquity etc etc) for blocking applications that I don't want to have internet access?

Thanks for any help.
X20
 
Did you create an inbound rule rather than an outbound rule? Windows firewall is perfectly fine and it works if configured correctly.
 
xenon20 said:
1) Is there any way to block network access to a whole folder? so rather than just creating a block rule for the main .exe, I block the whole installation directory?
Click to expand...
In windows 11 there is a "Controlled folder access" section under settings > Privacy and security > Virus and threat protection > Virus and threat protection settings > Controlled Folder Access.

I have not tested this so unsure if it will work for what you want but worth a try
 
ChrisD. said:
Did you create an inbound rule rather than an outbound rule? Windows firewall is perfectly fine and it works if configured correctly.
Click to expand...
I configured both an inbound and outbound block rule for the .exe of the software in the rules panel, but in the connections log there are lines that show that the .exe is listed many times with the action "allow". This concerns me and has got me wondering if I should change to a better firewall that blocks everything I ask it to.

ED209 said:
In windows 11 there is a "Controlled folder access" section under settings > Privacy and security > Virus and threat protection > Virus and threat protection settings > Controlled Folder Access.
Click to expand...
Thanks, I will look into what this does
 
xenon20 said:
I configured both an inbound and outbound block rule for the .exe of the software in the rules panel, but in the connections log there are lines that show that the .exe is listed many times with the action "allow". This concerns me and has got me wondering if I should change to a better firewall that blocks everything I ask it to.
Click to expand...
On which firewall profile did you set it on and which one is active? Windows firewall will do exactly what you tell it to, if the application is still allowed it's because the firewall hasn't been configured correctly.
 
You must log in or register to reply here.
Back
Top Bottom