Updated: 04/23/2021 11:05:38
Expert: Boris Evgenievich Levitin
A firewall is designed to protect your computer from unauthorized access by filtering incoming and outgoing traffic. By default it is always on, and works with basic presets. In most cases, the firewall does not require user intervention and runs in the background. In this material, our experts tell you what settings are available for the Windows 10 firewall.
What is a firewall
A firewall or firewall is a system utility (firewall) for controlling and filtering incoming/outgoing traffic.
The firewall has become an integral part of Windows operating systems since XP SP2. Earlier systems used the Internet Connection Firewall, which was disabled by default. This led to global worm attacks such as Blaster and Sasser, which together infected more than 350 thousand computers worldwide in 2003 and 2004. The firewall can be for an individual computer or for the entire local network. In general, a firewall performs the following functions:
- Protecting the system from external attacks. The list of such threats includes port scanning, IP spoofing, DDoS attacks, and password guessing.
- Blocking leaks. If malware has entered your computer via USB or CD, then the firewall, with appropriate settings, will prevent further spread over the network.
- Application control. The firewall allows you to configure network access for each individual application.
- Zonal defense. Providing various levels of access within the local network.
- Logging and warning. The firewall not only collects statistics, but also alerts users about various activities.
Firewalls aren't just found in operating systems. Router software also includes a built-in firewall, which is usually configured through a web interface.
The firewall is capable of analyzing absolutely all outgoing and incoming traffic, as well as dynamically opening ports for specific applications. What specific traffic a firewall will block depends on user settings, as well as an internal database that allows you to identify potentially unwanted content.
Filters operate at several layers of the OSI model. For example, a firewall can perform packet filtering (network layer) and control gateways (session and application layers). Each level uses its own flexible filter. For example, at the network level, a firewall analyzes the IP packet header: recipient and source addresses, protocol and application information, port numbers. The collected information is compared with the rules table, after which a decision is made whether to pass or reject the packet.
OSI model | ||
Data type | Level | Functions |
Data | 7. Applied | Access to network services |
6. Executive | Data representation and encryption | |
5. Session | Session management | |
Segments | 4. Transport | Direct communication between endpoints |
Packages | 3. Network | Route determination and logical addressing |
Personnel | 2. Channel | Physical addressing |
Bits | 1. Physical | Working with media and binary data |
For example, the famous WannaCry virus attacked TCP port 445, which was open on most computers.
What firewalls are there?
Firewalls can be either software or hardware, and chances are you're protected on both sides.
The router (sometimes called a modem) that carries the Internet connection from your Internet service provider to your home or office is usually a hardware firewall. And your computer, wherever it is Windows macOS, is likely running a software firewall.
What a firewall protects against and what it won’t help with
A firewall is your computer's first line of defense and can effectively deal with the following types of threats:
- Computer worms and some viruses. Worms have their own code, so they do not need specific files to infect. From this point of view, such threats are more dangerous.
- Hacking using remote desktop. If your firewall is disabled, attackers can gain access to your files and even take over control.
- Various spy software. Some programs send information about the system or the user's actions to third parties without your knowledge. A firewall can prevent data leakage by restricting outgoing traffic.
- Access through backdoors. Hackers often exploit various software vulnerabilities, including open ports. The firewall blocks any unauthorized traffic, reducing the chance of such vulnerabilities being exploited.
- DDoS attacks. The algorithms used effectively detect such attacks by analyzing repeated requests from certain IP addresses.
A firewall cannot provide complete protection for your computer. There are a number of threats that he cannot cope with. The first is viruses and worms that have already entered the computer. The firewall only scans network traffic and does not directly analyze the file system. That is why computers must have a full-fledged antivirus that detects and removes existing viruses.
A firewall cannot protect you from malicious links that you receive through spam emails. Also, a computer can become infected with malware not through the network - USB drives, optical drives, memory cards, and so on. The firewall does not control reading and copying files from these media in any way.
Many antiviruses are also capable of analyzing network traffic, but usually this function is not the main one.
What types of attacks does a firewall protect against?
- Phishing. Cybercriminals distribute links to phishing sites that are exactly like your online banking, social network, or well-known brand. On such sites you are asked to leave personal information - with it, criminals can withdraw all the money from your bank account or blackmail you with intimate photos. The firewall will prevent connections to such resources.
- Access through backdoors. This is the name for vulnerabilities that are sometimes left - intentionally or not - in operating systems and other software. This allows cybercriminals or intelligence agencies to send data to and receive traffic from a network-connected device, such as personal information, passwords, and so on. A firewall can protect against such leaks.
- Hacking using a remote desktop. Attacks of this format allow you to gain access to a computer over the Network and control it. The firewall will notice suspicious traffic and block its transmission.
- Packet forwarding. Sometimes scammers change the route of traffic on the Internet to trick the system into believing that the data comes from a trusted source. The firewall will detect this and block the traffic channel.
- DDoS attacks. If the firewall detects too many packets coming from a relatively small list of IP addresses, it will try to filter them. By the way, if they try to use your computer for DDoS attacks, the firewall will also block outgoing traffic.
What types of attacks will a firewall not protect against?
For a firewall to analyze data, it must recognize it correctly. As a rule, firewalls operate at several levels of the OSI model (The Open Systems Interconnection model): network, channel, transport, application and others. Each of them uses its own filters. And if, for example, on the channel (higher) traffic complies with the rules, and on the application (lower) it is encrypted, then the firewall will allow such data to pass through. And this could potentially lead to problems in the system.
Firewalls also cannot cope with tunneled traffic - that which is transmitted through VPN and other similar programs. In this case, a secure tunnel is created between two network points; some network protocols are packaged into others (usually at a lower level). The firewall cannot interpret such packets. And if he works according to the principle “everything that is not prohibited is permitted,” then he lets them through.
Finally, if a virus has managed to get onto your computer, then the firewall will do nothing about the destruction it can cause. For example, if malware encrypts or deletes files or stores your personal data in order to transmit it through an encrypted messenger or other secure channel, a firewall is unlikely to prevent this.
Of course, firewalls are getting smarter: they use intelligent algorithms and heuristics that can detect problems even without pre-prepared rules and patterns. In addition, in conjunction with anti-virus software, the firewall blocks a significant portion of attacks. On the other hand, cybercriminals are also not sitting idly by and are inventing new ways to bypass protection.
Pros and cons of using a firewall
The main advantage of use is increased security. In the corporate sector, this is a mandatory protection that will prevent external intrusions, limit Internet access for employees and make file transfers via FTP and other protocols safe. For ordinary users, a firewall will reduce the chance of infection by worms and also limit the activity of “suspicious” programs.
There are several disadvantages to using a firewall in your operating system:
- Decrease in productivity. A running firewall consumes CPU and RAM resources, and due to constant traffic scanning, users may experience a slight drop in Internet access speed.
- False positives. The firewall algorithms are not perfect, so it can interfere with the operation of an antivirus, torrent and other trusted programs.
- Difficulty setting up. If you want to achieve the maximum level of protection, then the rules for incoming and outgoing connections will have to be configured manually.
If there are many programs on the computer, then users will have to add dozens of different rules, but this will eliminate false positives and completely take control of the traffic.
Firewall for Windows 10
When the first version of Windows XP appeared, it did not have a defender program and the creators did not see the need for it. Simultaneously with the use of the OS, the Internet began to actively develop. As a result, computers were at risk of being infected with viruses. Therefore, firewalls were developed for all subsequent versions of Windows, and they were necessarily included in the operating system.
For Windows 10, the official defender program is Defender. It is free for users, does not require large system resources and promptly notifies about blocked content. It's a good tool, but it doesn't outperform other firewalls in terms of malware detection rates.
What to do if the firewall does not open
There are times when the tool does not start immediately. Nothing to worry about. You can solve this problem yourself.
If the firewall does not want to open, it is recommended to do the following:
- disable all third-party anti-virus programs running on the computer (program conflicts are possible);
- check your device for viruses (malware may block the utility from working);
- just restart your computer;
- copy the error code (in the notification), go to support.microsoft, find recommendations;
- starting services associated with the tool, without which it will not be able to work;
Find a solution to a similar problem on answers.microsoft.com/en-ru.
How to access Windows 10 firewall settings
Press “Win+X”, select “Options”.
Next, as in the screenshot:
Select “Status” (on the left), look for “Firewall” in the right panel.
How to open Windows 10 Firewall settings - another way
Click “Start” - “Run” and then write “firewall.cpl”.
Inclusion
We have opened the firewall settings. Next, click the “Enable” link.
ABOUT.
Now the status will change. Status information appears.
If the firewall does not turn on
The reason is a disabled system service. To fix this, press “Win + R”, then write “services.msc”.
Find the “Firewall” item and double-click on it with the left mouse button.
Next, as in the screenshot:
When the service starts, enable the firewall as described above.
How to setup
It turns out that the firewall does not always work as users want it to. For example, it refuses to work when installing a program. To fix the error, add the desired application to the exclusion list:
- Open the firewall;
- Go to the "Interaction" page;
- Allow or block the applications you want.
Specify exceptions - software for which work is permitted:
- Go to the firewall;
- Click Browse. Select an application, click “Add”;
- The program will appear in the list.
How to change settings
Let's open the firewall in enhanced security mode. To do this, open it and click on “Advanced”. Let's move on to the settings.
Works with profiles: public, domain, private. For example, when connecting to Wi-Fi in a public place, the shared one is used. The houses are private.
Create a new rule
Select the appropriate item.
A wizard will open, divided into the following types:
For example, let's create a rule for the Chrome browser. After selecting “Program Path”, click “Browse” and specify the path to the executable file.
The next step is to specify an action.
In the penultimate paragraph of the settings, specify which profiles to use this rule for.
If everything is configured correctly, indicate what to do next.
Reset
Go to the firewall and select the appropriate option.
Standard rules will be restored.
After resetting the settings, you will have to reconfigure applications that request access through the firewall.
How to check settings
Follow these steps:
View connected networks. There are two types of them displayed: guest and private.
Look at them:
- firewall status;
- incoming connections;
- notifications;
- active networks.
Profile transfer
A firewall profile configured on one computer can be exported for use on another.
Go to the section for managing additional firewall settings. Select the “Monitor” item on the left side of the MMC console. On the right side, in the action area, items appear, indicated by a two in the screenshot.
To save the settings made, select “Export”. In the Explorer dialog box, specify the destination directory and specify the file name. We complete the operation by clicking the “Save” button.
When you select “Import” from the action menu, a system warning will appear. Windows reminds you that the firewall settings will be replaced with new ones without saving the current values. Click “Yes”, confirming the decision to transfer settings from another PC.
In the Explorer dialog box, specify the location of the policy file with the WFW extension. Select it with the mouse and click “Open” to apply the parameters.
Manually managing Windows 10 Firewall permissions
The built-in firewall sometimes gets disabled when you use additional programs to protect your computer. This is done to eliminate the risk of failures due to application incompatibility. Moreover, it’s easy to turn standard protection back on with just a couple of clicks in the same window where the shutdown occurred.
Peculiarities:
- Most programs are added to exceptions automatically. They are included in the list of applications that are allowed to access the Internet by default. If you need to disconnect them from the network, this can only be done by manually unchecking the corresponding checkboxes in the “Allow interaction with an application or component in Windows Defender Firewall” item.
- It is advisable to disable unfamiliar applications. If necessary, it is better to re-create the rule and open access to the Internet rather than risk transferring personal data to attackers. To do this, it is recommended to periodically review the list of tolerances and adjust it (for example, remove uninstalled programs).
- Setting up a firewall allows you to save traffic if the user works on a tariff with a limitation on the amount of data transferred. The situation is typical for mobile networks, where unlimited access is provided only for social networks, and other resources are considered “paid”, including Microsoft servers.
When you connect your computer to the Internet for the first time, you are asked for the type of connection - public or private. If the user periodically changes the connection method (for example, wired to Wi-Fi), different network settings will be active from time to time. And when adding to the list of exceptions, you need to take into account the possibility of an error when, after switching to another network, the game starts to crash (corrected by manually checking the boxes in both columns).
Low-level settings are available to experienced users. They are available in the Windows Defender Firewall Monitor with Advanced Security utility. Here the rules for incoming and outgoing connections are changed separately - protocol, local and remote port, address, owner, allowed computers. It is not recommended to get into such settings without administration skills; if an error occurs, you will have to save the computer by resetting the settings.
Blocking users
Firewall rules do not have to apply to all users on a computer. The firewall can be configured to prevent certain programs from connecting to the Internet only on specified user accounts.
Open the Windows Defender , click the Advanced settings link and the Inbound Rules group. Double-click the program and go to the Local Security Principals tab.
Select Allow connections only from those users , click Add. Enter usernames with access rights and click OK. Other computer users will not be able to connect to the network using the selected program.
What problems can a firewall cause?
Every protection has its price.
Decreased computer performance
The firewall filters traffic in real time. This requires resources: both processor power and RAM. As a result, the software may slow down your computer. And if its performance is low, you will feel it especially acutely.
Reduced traffic speed
The firewall takes time to analyze traffic. And if there are many filters, then the delays can be significant. This is not so critical for browsing websites, but in online games it can cause defeat.
False positives
Firewalls often mistake legitimate traffic for a potential threat and reject such packets. They also create alerts - with a sharp sound so that you definitely pay attention. As a result, you cannot work calmly and do not get access to the necessary Internet resources.
You can reduce the number of false positives if you configure your firewall correctly. For example, enable it only in unsecured networks (public Wi‑Fi) or for certain applications (browser, instant messengers).
Option to fix Windows 10 firewall problems
If restoring the settings does not help, the user is left with two options - reinstalling the operating system from scratch or selecting another solution to correct the situation. The choice of method depends on the external signs of the problem, the messages displayed, and the results of the antivirus scan. Sometimes, due to glitches in the Windows 10 distribution, some “masters” cut out the firewall from it, and the computer is initially left without protection.
Solutions:
- Manually enable the service. Right-click on the “My Computer” icon, find the “Manage” line in the drop-down menu and click on it. Go to the “Services and Applications – Services” section, find the firewall service and set the startup type to automatic.
- Cure your computer from viruses. Manually check the drives with installed software or the CureIt utility from Dr. Web. It is recommended to scan all types of files, directories and system. After treating (removing) the detected threats, you must return to the first step, after restarting the computer.
- Check the disk for errors. The procedure will eliminate problems due to damage to system files of the operating system. The check is activated with the CHKDSK /f /r command, which will automatically correct detected failures, including reassigning bad sectors.
The listed “treatment” methods work in most cases, because computer problems are usually associated either with an attack by virus programs or with disk failure due to technical malfunctions. Services disabled by default are found in systems installed from pirated disks, when the “creators” process the original Windows image with tweakers (to speed up installation or work on weak computers).
Adding a program to the exclusion list
In some situations, the Defender service blocks ports required for installed programs to operate. Despite the fact that the activities of ordinary applications do not pose a security threat to the PC, their network activity may be incorrectly identified as potentially dangerous. Because of this, failures occur when programs try to connect to the Internet and other disruptions in their functioning. Online games and utilities for downloading files (for example, torrent trackers) are often blocked.
It is recommended to include such software in the exclusion set. To do this, use the second link in the left menu. Click "Change Settings" to enable administrator privileges. When working through a user account that is not a member of the administrators group, you will need to select an administrative account and enter a password for it. Then find the application whose functionality is blocked, and in the columns with network types (“Private” and “Public”), check the boxes. Save the new settings by clicking OK.
Important! Before blocking, a window is often displayed asking you to allow the program’s Internet activity. If you confirm that the application is trusted, it will be added to the whitelist, and you will not have to change settings to disable filtering.
Disable Windows 10 Firewall in Windows 10 Security Settings
Probably the easiest way for a novice user to disable the Windows 10 firewall is to use the appropriate options in the Windows 10 Security Center:
- Open Windows Security settings by double-clicking the shield icon in the notification area or via Start - Settings - Windows Security.
- Click on the “Firewall and network security” item, and then select the network profile for which you want to disable the firewall: usually it is enough to disable only the active profile, but if you wish, you can repeat this for all items.
- Place the switch in the Off position to disable the firewall for this network profile.
At this point, the firewall will be disabled, and you will also see a notification asking you to turn it on again; see the instructions below on how to remove this notification.
Also, despite disabling the firewall, the corresponding Windows 10 service will continue to run. You can also read about disabling it in the corresponding section of the instructions.
Why and why do you need a firewall?
Many people ask: why is it needed? It is required, first of all, to protect against unauthorized access to the software installed on your personal computer.
However, some software may not work when the firewall is enabled. He simply blocks them. To prevent it from doing this, you should add them to the exception. Then the firewall will not interfere with their performance.
To do this you need:
- open firewall workspace
- in the “add exceptions” tab, select from the installed programs the one that it prevents from functioning normally
Moreover, if you want to install some software that is suspicious for the firewall, the firewall will contact you. It will ask whether you allow the software to be installed on your computer or not? And only after your permission, the program will be able to install.
As you have already seen, there is nothing complicated in the firewall settings for Windows 10. Anyone who needs to do this can do it alone. And now you know perfectly well how to set up a firewall in Windows 10 and what to consider.
We hope that this article helped solve your problems and answer all your questions.
How to disable or enable the firewall is shown in the video.
How to completely disable the firewall using the command line
If you know how to run Command Prompt as an administrator, this method for disabling the Windows 10 firewall will be even easier and faster:
- Run Command Prompt as an administrator - to do this, you can use the search in the taskbar, and then right-click on the result found and select Run as administrator.
- Enter the command netsh advfirewall set allprofiles state off
- Press Enter.
As a result, you will see a laconic “Ok” in the command line, and in the notification center you will see a message that “Windows Firewall is disabled” with a suggestion to turn it on again. If you need to re-enable it, use the command netsh advfirewall set allprofiles state on in the same way
Practice
We have examined the main functions of a firewall, now let's move on to the practical part, in which we will learn how to create rules, open ports and work with exceptions.
Creating rules for programs
As we already know, there are incoming and outgoing rules. With the help of the former, the conditions for receiving traffic from programs are configured, and the latter determine whether they will be able to transmit data to the network.
- In the “Monitor” window (“Advanced settings”), click on the “Rules for incoming connections” item and select “Create a rule” in the right block.
- Leave the switch in the “For program” position and click “Next”.
- Switch to “Program Path” and click the “Browse” button.
Using Explorer, look for the executable file of the target application, click on it and click Open.Let's move on.
- In the next window we see options for action. Here you can allow or deny the connection, as well as provide access via IPSec. Let's choose the third point.
- We determine for which profiles our new rule will work. We will make sure that the program cannot connect only to public networks (directly to the Internet), but will work normally in a home environment.
- We give the rule a name under which it will be displayed in the list, and, if desired, create a description. After clicking the "Finish" button, the rule will be created and applied immediately.
Outgoing rules are created similarly on the corresponding tab.
Working with Exceptions
Adding a program to firewall exceptions allows you to quickly create an allowing rule. You can also configure some parameters in this list - enable or disable the position and select the type of network in which it operates.
Read more: Adding a program to exceptions in the Windows 10 firewall
Port rules
Such rules are created in the same way as incoming and outgoing positions for programs, with the only difference being that at the stage of determining the type, the “For port” item is selected.
The most common use case is interaction with game servers, email clients and instant messengers.
Read more: How to open ports in Windows 10 Firewall
Conclusion
Today we were introduced to the Windows Firewall and learned how to use its basic functions. When configuring, you should remember that changes to existing (default) rules can lead to a decrease in the level of system security, and unnecessary restrictions can lead to malfunctions of some applications and components that do not function without access to the network. We are glad that we were able to help you solve the problem. Describe what didn't work for you. Our specialists will try to answer as quickly as possible.
Did this article help you?
September 14th, 2022 Nikita Fartov
The Windows Firewall (aka firewall) is responsible for the security of the operating system and protects it from external malicious attacks. To effectively protect their computer, every user must know how to work with a firewall and what alternatives can be used.
Disable Windows Defender Firewall with Advanced Security in the Monitor
If you start typing “firewall monitor” in the taskbar search, you can open a separate control panel for its settings, which, among other things, provides the ability to disable:
- Click on "Windows Defender Firewall Properties".
- On the Public Profile, Private Profile and Domain Profile tabs, set the top field to “Disable” and apply the settings.
Just as in previous cases, the built-in Windows 10 firewall will be disabled.
OS Settings
In the new Windows 10 Firewall settings interface, only notification settings are available. The remaining hyperlinks take the user to the classic control panel. The one in the screenshot below shows the firewall activity message management area. In the block marked “2” the user can disable notifications from unused sections.
How to disable Windows Defender Firewall service in Windows 10
Even after disabling the Windows 10 firewall using the methods described above, the corresponding service will continue to work, and you cannot disable it in services.msc. However, disabling is possible:
- Press the Win+R keys on your keyboard, type regedit and press Enter.
- In the Registry Editor that opens, go to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesmpssvc
- Double-click on the parameter named Start in the right panel and set its value to 4.
- Apply the settings and restart your computer.
As a result, the service will be disabled.
Restore default settings
By default, Windows Firewall blocks all connections from applications that are not in the "allowed" list. This list is customized by the system developers and contains mainly programs from the Windows Store and system services.
By default, when the Firewall blocks data transmission from any application, a corresponding message appears on the device screen. This configuration can be changed. To cancel changes, open the Firewall and network protection and click the Restore default settings link.
How to remove the notification that the firewall is disabled
After you turn off your firewall, Windows 10 Defender Security Center will start showing notifications that it's disabled and asking you to turn it back on.
To remove such a notification, in the Registry Editor, in the section
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender Security CenterNotifications
Create a DWORD value named DisableNotifications with a value of 1. For more information on how to do this, see How to disable Windows 10 security notifications.
Simple port manipulation
Programs that use Internet connections usually have a standard set of ports through which communication is carried out. This makes it easier to control application security. Often these ports are changed or blocked, especially since standard communication is allowed on any port.
- Open the Windows Defender , click the Advanced settings link and the Yes button. Select the Inbox Rules and double-click the program you want to configure.
- Go to the Protocols and Ports tab, expand the list in the Local Port section and set it to Specific Ports . In the field below, enter the port numbers through which communication can occur. Separate numbers with commas.
- You can also completely block a selected port. Then no program can use it. This blocking is often used against p2p applications. Select the New Rule in the Actions panel. Check the Port box and proceed further.
- Select TCP or UDP , select the Specified local ports check box, and enter the number, numbers, or range of ports you want to block. Select Block connection and click Next in the two subsequent windows.
- Give the rule a name and enter a description in the field below. Save the setting by clicking Finish.