Windows 7: Windows Firewall with Advanced Security

Topic

New Reply

I have my 3rd party firewall solution but I would like to try this Windows 7 build-in firewall once again and here are my main questions:

1. Do you know any good / detailed guide for this firewall which could help me?

2. Do I need to install any specific Windows Updates to get the most out of this firewall (or to fix some bugs in it)?

3. Is there a possibility to set this firewall in learning/training mode? Every time any program will try to send/receive data to/from some new place (or the “known” place but by new port) I would like to be notified and asked for permissions with some options (like: “allow/block the connection this one time”, “set the new rule/group of rules”, “add the app to the existing rule/group of rules”).

4. Is there a possibility to set up a desktop icon for this firewall? I’d like to be able to access this firewall’s options by clicking the icon on the desktop.

5. What’s the best way to backup/restore all of this firewall data/rules?

Reply | Quote

Replies

I use a free 3-party firewall alongside the W7 one (currently from http://www.evorim.com but there are at least two others), there are a few that allow/encourage this – others are strictly ‘replacement’ only (yet some don’t fully replace it and auto-block silently, requiring multiple switching to allow), disabling the default firewall doesn’t allow it to offer a choice of networks!

1 user thanked author for this post.

Microfix

Reply | Quote

1. Try searching online and post here to share with others.(see Link A below)
2. You should be patched up to date and ready to go (ESU or 0Patched) otherwise I’d stick to your 3rd party F/W.
3. Correct me if wrong but, I don’t think that is possible using Windows firewall.
4. No need, use ‘administrative tools’ as a shortcut to the Win7 start menu, therein gives direct access to the firewall. (see link B below)
5. To Export and Import rulesets is within the firewall file menu that is more than likely not to work with your existing 3rd party firewall.

Link A

Link B

Windows - commercial by definition and now function...

Reply | Quote

Ad 3. I was not sure about this and that’s why I asked my question.

Ad 5. I was going to try it on new system installation, without any other firewall.

Reply | Quote

Your “big” question is no. 3 and the simple answer is that the Windows Firewall (WF) does not allow this. It does have an interface where a user can set-up rules, but you need to know what rules to set-up beforehand.

To improve on this you need to use one of the 3rd party WF “enhancer” type programs such as the (relatively) well know Windows Firewall Control (WFC) or the less well known Windows Firewall Notifier (WFN) (and there may be others?). These provide a more sophisticated user interface and also provide notifications (in the lower right corner of the display) when unknown programs attempt outgoing access and allow a new rule to be set-up. (By default WF blocks all incoming accesses unless there is an explicity rule allowing access, but allows all outgoing accesses.)

I have used WFN for 5 or 6 years in both Windows 7 (W7) and W8.1, but found this less useful on my brief, now abandoned attempts to use W10 (too many interacting W10 processes making it diffcult to set sensible rules – Microsoft seem to want most processes to make accesses, so probably are not too concerned by such limitations/confusions). WFN was originally a “hobby project” and does not appear have been develped much in recent years, but because the W7 WF is a stable thing there probably isn’t much need to develop it further.

I had used the last “stable” version 1.9 (?) for several years, but it stopped working following a .NET update a couple of years ago (I forget when exactly). (I think it needs .NET for its user interface?) I changed to the latest “beta” version “WFNV20BETA3_NODB.zip” and this has been completely stable for me since then. It does work with the latest .NET stuff.

The similar WFC was also originally a one-man development, but is now owned and developed by Malwarebytes (MB) the company behind the well-known Malwarebytes Antimalware (MBAM) product. WFC it is still a separate thing, not absobed into MBAM. WFC is a more polished product than WFN, but it seems to have a limitation (to me) in that the WF rules set up by the WFC user interface cannot be modified later. For example if I setup a rule for particular ports or protocols from the WFC notification interface (bottom corner of display) I cannot expand it to other ports or protocols later via the WF interface. I can do this sort of thing with WFN and do this to keep things tidy and clear (sometimes renaming rules).

Wrt Q1 I remember that there were some WF guides on the “how to geek” site a few years ago, but I don’t have links.

Wrt Q2 I’m not aware of any windows OS or .NET updates needed for the basic WF, but as mentioned above you may need to have the correct .NET update and correct enhancer version if using one of the WF enhancer programs. FWIW I have the inbuilt .NET 3.5 and the installed by me 4.8 (although I needed 4.8 for something else, not for WFC – the WFC may be more specific what it needs).

Wrt Q4, for the basic WF settings you probably want an icon to the “windows firewall with advanced security” thing to get easy access to these settings. In W8.1 with Open-Shell this is listed under “administrative tools” (not sure were it is in W7), so right-click to create shortcut on desktop and then drag this shortcut to taskbar if you want. For WFN you can do something similar for the file “WFN.exe” in the WFN folder – WFN is a portable thing. From memory WFC put an icon in the notification area, but I haven’t looked at this for some time.

Wrt Q5 the “windows firewall with advanced security > advanced settings” windows include options to export (and import) rules to (or from) a .wfw file. Under both the inbound and outbound rules pages on the right hand side are options to “export list” which translates the rules into a text file (.txt) format which can be useful if you want to compare different versions of rule files (using something like WinMerge to compare the .txt files).

HTH. Garbo.

 

1 user thanked author for this post.

Cybertooth

Reply | Quote

Garbo continues for completeness …

(At least) a couple of typo’s above! For example I meant to write “WFN was originally a hobby project …” in the 3rd paragraph and “From memory WFC put an icon …” in the 2nd last “Wrt Q4 …” paragraph. Apologies!

I became aware of WFN from articles by Martin Brinkman at gHacks – see https://www.ghacks.net/2011/07/28/windows-firewall-notifier/  and https://www.ghacks.net/2015/06/15/a-first-look-at-windows-firewall-notifier-2/  .

WFN is now on Github – see https://github.com/wokhansoft/WFN . I think it was originally somewhere else. This indicates that WFN needs at least .NET 4.5.2 (and I have run it with both 4.7.x and now 4.8). I have no experience of any of the recent Map related stuff, but just use the basic “…_NODB” version as described above.

BTW: In the next main comment below “Alex5723” might be thinking of the Windows XP firewall which from memory (it has been a few years) was a more limited, one way thing allowing control of inbound connections only. According to Martin at the 1st link above, Microsoft added control of outbound connections in Windows Vista (which I never used). This functionality carried on with W7 and W8.1 (and W10 based on my limited trips down the W10 rabbit hole).

I occasionally need to “export” my WF settings, restore the default settings (controlled inbound allowing, all outbound allowing) for a short time, before “import”-ing my WF settings back afterwards, so I have practical experience of this. An example is if installing something and the installer sets up something in a temporary folder with a “magic number” in its path and this thing needs to make an outgoing access. It is impossible to predict the “magic number” beforehand to setup an allow rule beforehand. The installer may timeout before a new temporary rule has been setup using the WFN (or WFC?) interface  and the “magic number” may change on the next run of the installer so a temporary rule setup late using the previous “magic number” is no longer of any use. Annoying!

Garbo.

Reply | Quote

Lex wrote:

I would like to try this Windows 7 build-in firewall once again

In short, don’t bother. Windows 7 FW is a poor 1 way Firewall checking only outbound connections and doesn’t check inbound connections.

Reply | Quote

That’s in complete contrast to what’s given by the Anon above you – would you care to share an MS link stating those details with us?

anonymous wrote:

(By default WF blocks all incoming accesses unless there is an explicity rule allowing access, but allows all outgoing accesses.)

1 user thanked author for this post.

Microfix

Reply | Quote