How to Customize Windows Firewall with Windows Firewall Control
Although it does not come with Microsoft's operating system, Windows Firewall Control (WFC for short) can still be part of it. That's because WFC is not a standalone firewall solution. Instead, it exposes the functionality of the Windows firewall through an easily accessible interface.
So let's see how you can use WFC to control the Windows firewall and anything that connects to and from your PC.
How to Download and Install WFC
To get started, visit the official WFC website and look out for the download links on the sidebar to the right. Choose the link you like, download the app and install it.
The article recommends leaving the default settings as they are. In addition to the installation path, there are 3 additional options:
- Create shortcuts for programs in the Start Menu and on the Desktop.
- Set up WFC to run automatically when a user logs in.
- Create some suggested rules.
How to control security level with profile
With WFC installed, set up and running, you're all set. You don't need to think too much about your firewall during normal daily office computer use. Predefined default rules help with that.
Do you want to increase or decrease your security level quickly? WFC allows you to do that instantly by switching profiles. First, look for the WFC icon on the Windows system tray.
Right click on it and from the pop-up menu select your desired security level from Profiles.
Configure Windows Firewall Control
If you want more control over how your PC communicates with other devices, you should check out WFC's main control panel. A click on the WFC's system tray icon will open its main window on the desktop.
Scroll to Profiles and select the profile you want to set as default.
It's safer to create rules for the software than to temporarily switch to a lower filtering mode. However, if you prefer this approach, you should enable Automatically set PROFILE after X minutes . Then customize the "profile" and "x" fields to complete that sentence as you like.
This way, when you switch to a less secure profile to test a piece of software, WFC will revert to its default, more secure profile after a specified period of time.
WFC doesn't show any messages by default because they can quickly become annoying. If you don't mind that, go to Notifications , the notification will be set to Disabled. Choose Display notifications instead.
You can turn on WFC's Learning mode from the same location. In this mode, WFC automatically displays messages for unsigned programs but automatically generates outbound permission rules with any digitally signed programs.
You can enable this mode and then test your favorite applications, like Word, Photoshop, Krita, GIMP, etc.WFC will automatically create rules for them, in the easiest way to control. correction. Remember to turn off Learning mode afterwards.
Di chuyển đến Options để kích hoạt Shell Integration của WFC, để thêm các shortcut tạo quy tắc dễ dàng trên menu ngữ cảnh chuột phải. Sau đó, bạn sẽ có thể nhấp chuột phải vào bất kỳ file thực thi nào và chọn xem bạn có muốn cấp quyền truy cập mạng cho file đó hay không.
Bạn cũng có thể thay đổi ngôn ngữ giao diện người dùng của WFC hoặc xác định các hotkey để truy cập tức thì vào các bảng điều khiển khác nhau của nó.
Bài viết sẽ bỏ qua cả Rules và Security vì có một cách nhanh chóng và dễ dàng hơn để tạo các quy tắc cơ bản cho bất kỳ ứng dụng nào sẽ được xem xét sau. Bạn không nên thử nghiệm với các tùy chọn trừ khi bạn biết rõ mình đang làm gì.
Cách kiểm soát ứng dụng dễ dàng thông qua Connections Log
With Windows Firewall Control, you don't have to manually create detailed rules for all of your applications. You can take the following much simpler approach instead.
First, set the filter level to the recommended Medium . This only allows trusted software to access the network, prohibiting anything else from connecting anywhere.
With this extent, many applications or games may not be able to connect to the Internet, not be able to access local shares, etc. This is a positive thing, as it means WFC working, your network you're safe and no untrusted apps have network access, if you don't want to. But what if you want a software to access the network?
Right-click the WFC system tray icon and select Connections Log. You should see an almost empty table appear on the screen.
Press F5 on your keyboard or choose Refresh list from the Actions panel on the right side of the window. After a while, the WFC Connections Log panel will display a list of all software that have attempted to communicate over network connections.
Want to quickly create a permanent rule to allow or deny access to anything on that list? Right-click an entry and select Allow this program or Block this program depending on whether you want the program to have access.
Customize and create allows you to manually edit and create such rules, providing more control, such as which ports the application can connect through, etc.
The rest of the options help find more details about the selected executable, the network nodes the file is trying to communicate with, and find and manage related rules.
Absolute control with custom rules
Many books have been written about network management, firewalls, and configuring how software connects "through" them. That is why the article decided not to consider such topics in detail this time. However, if you want to try manually creating such rules for your software using WFC, the generalized version of the procedure would look like this:
To create a rule from scratch, right click on the WFC icon, go to the Rules Panel and click Blank rule under Create new rule , from the options on the right.
Also, as said in the previous section, choose to customize and create rules for any software on the WFC Connections Log . Similarly, to edit an existing rule, right-click it from the WFC's Rules Panel and select Properties.
Select the application for which you are creating the rule from Program (if not selected correctly). You can also define its Name, Group and Description .
Check the options in Protocol and ports to determine the correct network protocol, local port, and remote port that the application will be allowed (or not allowed) to use.
From the options column on the right, you can state the local and remote addresses to which the selected software should be allowed or denied access. You should set both of those options to Any in most cases.
In Direction , you can define whether the rule will be about Inbound or Outbound connections.
From the Action , you choose whether or not to allow the application to do what you described in the rule.
Finally, you can also choose whether the rule will apply to all or specific types of interfaces. For example, you might have different rules for communicating over the Ethernet cable connection you normally use at home and the WiFi you rely on when out.
With one click on Apply , you're done creating a network rule!
As you've seen, staying safe with Windows Firewall Control is simple. If you want, you can dive into its settings and customize everything. However, for most users, WFC's predefined configurations are more than enough, with frequent near-automatic rule generation.
You should read it
- What is a firewall? General knowledge about Firewall
- 3 ways to turn off the Windows 11 firewall, steps to turn off the firewall on windows 11
- How to turn on / off Windows Firewall in Windows 7, 8 / 8.1 and Windows 10
- 3 ways to turn off the Windows 10 firewall, steps to turn off the firewall on Windows 10
- How to turn firewall (Firewall) on Win 7
- Instructions to reset Windows Firewall Rules to the initial default state
- Instructions allow applications to communicate with each other via Windows Firewall
- How to use a firewall in Windows 10
- Learn about firewalls, Windows Firewall on Windows Server 2012
- Instructions for handling and troubleshooting firewall problems in Windows 10
- How to export or back up Windows Firewall rules
- 10 free firewall software is most worthwhile