Solved

Windows Advanced Firewall - how to overrule all other rules?

Posted on 2015-01-29
5
108 Views
Last Modified: 2015-02-02
I have a Windows 7 machine where I configured the firewall so that certain applications will ONLY be able to connect out to the Internet *if* the VPN is active.

I followed this guide:
http://www.nerdjargon.com/2013/10/how-to-force-windows-application-to-use.html

Basically, the NIC connection via VPN is labeled as "PUBLIC", and then various OUTBOUND firewall rules block specific applications from connecting out through PRIVATE and DOMAIN connections.  

I also created similar inbound rules.


The problem I'm facing, is that the application I'm using has auto-updaters/agents, and although I initially modified or created firewall rules as described above, I've found that the application is automatically adding new firewall rules (where it's opening up the application on any connection)

I don't know if it does this when it sees it can't connect out, or when the application is auto-updated or what... but this is bypassing the rules I set up to block the application if the VPN isn't active.


So my question is what can I do about this?

I didn't find this option, but is there a way to "order" the rules to they get processed in a particular order (where I can put my block rules first for example)

Or what other actions can I take to prevent this app from adding firewall exceptions?


Thanks
0
Comment
Question by:Vas
5 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 40579131
Most of the applications are windows firewall aware and they make appropriate exceptions in firewall during installation only
In that case applications add exceptions automatically as necessary so that they can open appropriate ports in firewall because applications installation runs under administrator privileges

If its not that way, Windows will prompt error message that application is getting blocked by windows firewall and do you want to exempt it, if yes, an exception will be created in firewall.
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 40579619
What program are you trying to limit--to me this program is the problem and not your firewall--if it is making changes to your firewall setting and auto adding it own firewall exceptions then that is a problem because only you should be allowed to make firewall changes--most reputable software asks for permission before making changes to your firewall.
0
 
LVL 1

Author Comment

by:Vas
ID: 40579683
It's the Battle.net game client, and I found this thread on reddit that also confirms this:

http://www.reddit.com/r/wow/comments/2j4rgc/itd_be_nice_if_battlenet_didnt_do_this/


I probably have UAC disabled, so that could explain why I don't get notified each time...

Now, the firewall exceptions that get added are 'Program'  (path based),  would it help if I set up port-based firewalls rule instead, and just block all the relevant ports listed here:

https://us.battle.net/support/en/article/firewall-proxy-router-and-port-configuration
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40580080
Either use port based rules, or add a 3rd party firewall like Comodo. Apps can't make rules automatically in 3rd party firewall apps
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 40580147
I agree and can you turn off the auto update feature on the game and check manually instead?
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
website went down 6 35
KMS and XenDesktop 7.5 15 29
Windows 7s template 4 33
Difference bet. 3G v 4G RAM on Win7 32-bit 5 45
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now