Easy guide to make Windows Firewall better in Windows Vista
First published—20 January 2007.
Updated—07 January 2008.
Windows Vista Firewall — Enable Outbound Filtering
I have already reviewed the dangerous Windows Vista firewall default status, that is Windows Firewall has its much touted outbound filtering in off state. That means you are not protected in case an application wants to send data over the internet from your computer, or, what is even worse, it could be a Trojan horse, secretly sending out your poems.
One solution could be 3rd party firewall. But why invest more? Let’s use what we already have.
In this article I will try to show how to engage Windows Firewall outbound filtering and make your information more secure in Windows Vista.
Default settings overview
First of all, let’s get familiar with the Windows Firewall default settings. Follow the path: Control Panel -> System and Maintenance -> Administrative Tools -> Windows Firewall with Advanced Security.
In the Windows Firewall with Advanced Security application [screenshot] notice the left panel.
![[screenshot]](img/winfirewall2/firewall_main.png){kind=link}
It contains three sections: Inbound Rules, Outbound Rules, Connection Security Rules, and Monitoring.
Outbound Rules list all the predefined and new (created) rule. The rule is basically an instruction of which connection is allowed/disallowed for particular service/program. Predefined rules serve for system/core media communication purposes, allowing specific connections like Network Discovery, Remote Assistance, Windows Media Player Network Sharing Service, etc.
If you doubleclick the rule, you will see what exactly it defines..
Monitoring section shows all the rules which are currently active. Let’s go back to the main screen’s central section “Overview”.
Here you can see the situation for the three main profiles: Domain, Private, and Public. Profile depends on where the computer is connected. Generally, for a home user Public profile should be active where internet connection is concerned, because it the most restrictive profile.
Notice here the following green tick (I would make it red, as it is inconsistent with the fact it is bad!): “Outbound connections that do not match a rule are allowed.”
Nice, isn’t it? It makes the predefined list of outbound rules pretty much useless at this stage. So, let’s stop this flooding right now.
Cut outbound flood
In the central section Overview find the blue link “Windows Firewall Properties” and click it. Then select tab “Public Profile”. (In some cases you have to do the following for all 3 profiles, not only Public).
For the Firewall State select “Block” in the Outbound connection.
Click “OK” Make sure new Public Profile looks like this:
As of now, no applications (except system services) can communicate via internet. Check you IE7. If it is not the case and IE7 can connect, than you have to block outbound connection for other Profiles accordingly.
So we have cut outbound connection. Let’s restore that selectively.
Create outbound connection.
As you may notice, for inbound connections there is a “learning” mode, i.e. when a program requests the connection, you will see the dialog window, asking for your permission. Contrary to that there is no “learning” mode for outbound. If it is cut, it is cut unless you do something.
So, let’s restore Internet Explorer connection. Click to Outbound Rules section. In the right panel click “New Rule”. You will activate new rule wizard. The following screen shows what you have to do to create new outbound rule for IE7.
[screenshot 1]
[screenshot 2]
[screenshot 3]
[screenshot 4]
[screenshot 5]
![[screenshot 1]](img/winfirewall2/rulewizard_1.png){kind=link}
![[screenshot 2]](img/winfirewall2/rulewizard_2.png){kind=link}
![[screenshot 3]](img/winfirewall2/rulewizard_3.png){kind=link}
![[screenshot 4]](img/winfirewall2/rulewizard_4.png){kind=link}
![[screenshot 5]](img/winfirewall2/rulewizard_5.png){kind=link}
Check IE7 again, it should be able to connect now.
Conclusion
It is very weird in my case, because I could not make IE7 connect to the internet. I’ve done this before, and IE7 definitely was OK, but not this time. Very strange. [Update 14 April 2007] I've found the problem! My mistake. As I used Avast! antivirus during the test I completely forgot that Avast! was using Web Shield "provider" which works as a local proxy server. Therefore, if you also run Avast, the solution here is to create another outbound connection rule for application avast! Web Scanner [ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe ], otherwise your web connection is disrupted.
Anyway, that is how it is supposed to work. No wonder this manual setting process is not very convenient (if you consider that you have to create rules for ALL your programs you want to have internet connection), I think that was the idea to make OneCare firewall more attractive in this regard.
It is better than nothing and cost you nothing, but on the other hand some thinking and putting effort is required, which probably means outbound manual setup in Windows Vista Firewall will not be very popular.
Popular Searches
Windows Vista Firewall Outbound Protection