Solved

Windows Advanced Firewall - how to overrule all other rules?

Posted on 2015-01-29
5
104 Views
Last Modified: 2015-02-02
I have a Windows 7 machine where I configured the firewall so that certain applications will ONLY be able to connect out to the Internet *if* the VPN is active.

I followed this guide:
http://www.nerdjargon.com/2013/10/how-to-force-windows-application-to-use.html

Basically, the NIC connection via VPN is labeled as "PUBLIC", and then various OUTBOUND firewall rules block specific applications from connecting out through PRIVATE and DOMAIN connections.  

I also created similar inbound rules.


The problem I'm facing, is that the application I'm using has auto-updaters/agents, and although I initially modified or created firewall rules as described above, I've found that the application is automatically adding new firewall rules (where it's opening up the application on any connection)

I don't know if it does this when it sees it can't connect out, or when the application is auto-updated or what... but this is bypassing the rules I set up to block the application if the VPN isn't active.


So my question is what can I do about this?

I didn't find this option, but is there a way to "order" the rules to they get processed in a particular order (where I can put my block rules first for example)

Or what other actions can I take to prevent this app from adding firewall exceptions?


Thanks
0
Comment
Question by:Vas
5 Comments
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Most of the applications are windows firewall aware and they make appropriate exceptions in firewall during installation only
In that case applications add exceptions automatically as necessary so that they can open appropriate ports in firewall because applications installation runs under administrator privileges

If its not that way, Windows will prompt error message that application is getting blocked by windows firewall and do you want to exempt it, if yes, an exception will be created in firewall.
0
 
LVL 24

Expert Comment

by:lionelmm
Comment Utility
What program are you trying to limit--to me this program is the problem and not your firewall--if it is making changes to your firewall setting and auto adding it own firewall exceptions then that is a problem because only you should be allowed to make firewall changes--most reputable software asks for permission before making changes to your firewall.
0
 
LVL 1

Author Comment

by:Vas
Comment Utility
It's the Battle.net game client, and I found this thread on reddit that also confirms this:

http://www.reddit.com/r/wow/comments/2j4rgc/itd_be_nice_if_battlenet_didnt_do_this/


I probably have UAC disabled, so that could explain why I don't get notified each time...

Now, the firewall exceptions that get added are 'Program'  (path based),  would it help if I set up port-based firewalls rule instead, and just block all the relevant ports listed here:

https://us.battle.net/support/en/article/firewall-proxy-router-and-port-configuration
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
Comment Utility
Either use port based rules, or add a 3rd party firewall like Comodo. Apps can't make rules automatically in 3rd party firewall apps
0
 
LVL 24

Expert Comment

by:lionelmm
Comment Utility
I agree and can you turn off the auto update feature on the game and check manually instead?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now