Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message

Win7 Firewall ~ Details

Windows 7 on ThinkPads
Post Reply
Message
Author
Annecy
Sophomore Member
Posts: 242
Joined: Thu Feb 09, 2017 1:57 pm
Location: California, USA

Win7 Firewall ~ Details

#1 Post by Annecy » Mon Feb 26, 2018 1:17 am

HereToFore/Previously (always on Pre-Win7 "machines") ...
I('ve) always used one 3rdParty (FreeWare) FireWall ... or another ...

This month ...
I (finally) decided to "spend (some) time" ...
to begin familiarizing myself ...
with the "details" of the MS Win7 Firewall :banghead:

I "network" my home LapTops/PCs via (CrossOver) EtherNet ... wires/cables ...
and connect those LapTops to the WWW via WiFi ...

I exempted the "Home/Private" NW EtherNet NICs from the Win7 FireWall ...

I (also) set the Win7 FireWall to BLOCK ALL OUTBOUND connections ...
and then began creating OUTBOUND RULES ...
as (seemingly) necessary ...

The first time I rebooted my Win7 T61 ...
after (re-)configuring my T61 Win7 FireWall
the following appeared :eek: :!: :shock: :!::
Image
I skipped applying that fix :roll: :BAAAD!:

I can only/just WONDER ...
WHATtF ... that is/was :?: :??: :?:
Last edited by Annecy on Thu Apr 19, 2018 9:33 am, edited 2 times in total.
2005: T30 2366-85U (XP)
2015: T43 2686-M7U
2017: T61 14.1"ws
2018: T61p 6457-V9K ¦ T60 2008-4AU & 2613-CTO ¦ T420s 4174-BB4
2017: 2 OtC MS-W7s

(WiP: :help:
~revive T30 XP-install ¦ ~T43 SATA-MOD
~sell T61ws
~Max T61p & T60-2008
~Find Ultimate "ClassicTP"
)

shawross
Junior Member
Junior Member
Posts: 482
Joined: Mon Oct 28, 2013 5:48 am
Location: Perth Aus / Thailand

Re: Win7 Firewall ~ Details

#2 Post by shawross » Tue Feb 27, 2018 7:32 am

It is your machine and you live and learn with hardware and software.

For me I wouldn't block all outbound traffic and only block some installed individual software from phoning home.

This software would not be integral to the machine but just add ons and shouldn't be MS or your antivirus software.

Blocking MS with their own firewall is an interesting tactic though. :)
Active --- Love the X series
X301 SU9400 IDA Mod - W 7 / X201 540M - W 7 / X220 2520 - W7

Nostalgia
X61 T7500 / T41 T42 T43 / A31

Rogue daily driver - Samsung RV511 15.6 " Screen - W 7

Annecy
Sophomore Member
Posts: 242
Joined: Thu Feb 09, 2017 1:57 pm
Location: California, USA

Re: Win7 Firewall ~ Details

#3 Post by Annecy » Sun Mar 18, 2018 10:30 am

shawross wrote:
Tue Feb 27, 2018 7:32 am
"It is your machine and you live and learn with hardware and software.
For me I wouldn't block all outbound traffic and only block some installed individual software from phoning home.
~~~
Blocking MS with their own firewall is an interesting tactic though. :)
"
Here is one webpage that discusses (re-)configuring the MS-Firewall
from ALLOWING ALL outbound connections to BLOCKING ALL outbound connections :banghead:

Here is a webpage that discusses a portable freeware firewall utility ~
which I (have) found quite helpful/useful for identifying outbound connection attempts ~
which I might then allow by creating an outbound exception rule ...


note: aFaIC ... none of the above is "advertising" :roll:

Annecy
Sophomore Member
Posts: 242
Joined: Thu Feb 09, 2017 1:57 pm
Location: California, USA

Re: Win7 Firewall ~ Details

#4 Post by Annecy » Thu Apr 19, 2018 10:50 am

ajkula66 wrote:
Sun Aug 23, 2015 5:33 pm
"If you've chosen to stay away from W10 because of privacy concerns,
you may want to be careful with Windows Updates these days,
specifically one marked KB3068708

From Microsoft themselves:
This update introduces the Diagnostics and Telemetry tracking service to existing devices.
By applying this service, you can add benefits from the latest version of Windows
to systems that have not yet upgraded.

https://support.microsoft.com/en-us/kb/3068708
"
shawross wrote:
Tue Feb 27, 2018 7:32 am
"Blocking MS with their own firewall is an interesting tactic though. :)"
Annecy wrote:
Sun Mar 18, 2018 10:30 am
"Here is one webpage that discusses (re-)configuring the MS-Firewall
from ALLOWING ALL outbound connections to BLOCKING ALL outbound connections :banghead:

Here is a webpage that discusses a portable freeware firewall utility ~
which I (have) found quite helpful/useful for identifying outbound connection attempts ~
which I might then allow by creating an outbound exception rule ...

note: aFaIC ... none of the above is "advertising" :roll:
"
I don't ALWAYS run that above Portable-Freeware Firewall-Utility ...
this morning I (for various reasons) was running that FWutil ...
and the following "popup" appeared:
Image
I do not even have MS Windows (7) Update KB3068708 installed :eek:

ps: I did NOT create an OutBound exception for that MS-Telemetry process/service :roll:

Annecy
Sophomore Member
Posts: 242
Joined: Thu Feb 09, 2017 1:57 pm
Location: California, USA

Re: Win7 Firewall ~ Details

#5 Post by Annecy » Sat Jun 23, 2018 11:57 am

Last month (May2018) ...
I wanted to configure the Win7 FireWall on my new/used T61p :banghead:

I had previously/simultaneously configured the Win7 installs on my T61 14"ws & T43 ...
and had a few dozen customized OutBound FireWall rules ...
and did NOT want to manually/1by1 enter them in/to the T61p Win7 FW :roll:

A StackExchange WWWsearch result revealed that
the Windoze7 FW rules are stored in the following registry key: :arrow:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
So ...
I dumped/exported that key from my T61 14"ws registry,
opened the .reg file in a one of the code/script editors that I use
and then quickly/easily parsed out my custom/ized rules ~
which I had all given the same RuleName Prefix:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0333B005-605C-4039-9C84-679B3242BC2F}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\portpfs\\wwwapps\\updgen\\bin\\sigcheck.exe|Name=1Custom-File version and signature viewer|Desc=WSUS|"
"{0A49A51D-FDD3-4035-9831-9CCF28862166}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\portpfs\\wwwapps\\updgen\\bin\\wget.exe|Name=1Custom-WSUS|Desc=3rdParty WindowsUpdater|"
"{4FD5367C-EDF1-47AE-9293-87787F841EDC}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\program files\\microsoft security client\\msseces.exe|Name=1Custom-Microsoft Security Client User Interface|"
"{1A2BEFCC-7153-48AD-834F-C83E09EBF9B9}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\program files\\java\\jre1.8.0_161\\bin\\jp2launcher.exe|Name=1Custom-Java(TM) Web Launcher|"
"{AFA5CA18-5B94-41C4-BFE8-8919D6E2CD54}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\program files\\common files\\java\\java update\\jucheck.exe|Name=1Custom-Java Update Checker|"
"{4BAF4C24-81F3-41FC-AC08-39D46078B493}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\program files\\java\\jre1.8.0_161\\bin\\javaw.exe|Name=1Custom-Java(TM) Platform SE binary|"
"{600499E4-4714-4FA2-9321-6A88A2A9BFAF}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|RA4=131.232.61.161|RA4=131.232.43.61|RA4=192.168.61.161|RA4=192.168.43.61|App=C:\\windows\\system32\\svchost.exe|Name=1Custom-DNS Client [LANethIP]|"
"{746BB081-52AC-4AAD-8AD7-7058BAFCE44B}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\program files\\microsoft security client\\mpcmdrun.exe|Name=1Custom-Microsoft Malware Protection Command Line Utility|"
"{564ADFB6-7997-44BB-BE3D-F0EC51115C0B}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\program files\\lenovo\\system update\\tvsukernel.exe|Name=1Custom-Lenovo System Update|"
"{BA31E901-D05E-430B-8792-CB84EF79BBD4}"="v2.10|Action=Block|Active=TRUE|Dir=Out|App=C:\\program files\\windows media player\\wmpnetwk.exe|Svc=WMPNetworkSvc|Name=1Custom-Windows Media Player Network Sharing Service|"
"{3208B562-405D-4442-A76B-7A22C027A7E0}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=c:\\PortPFs\\wwwApps\\utorr\\app\\utorrent\\utorrent.exe|Name=1Custom-µTorrent|"
"UDP Query User{2372051D-F3EB-403B-B154-38FA21754E95}C:\\portpfs\\appswww\\utorr\\app\\utorrent\\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\\portpfs\\appswww\\utorr\\app\\utorrent\\utorrent.exe|Name=1Custom-µTorrent|Desc=µTorrent|Edge=TRUE|Defer=App|"
"TCP Query User{90300D43-3C51-4FAD-AF16-FE0DFBF666B1}C:\\portpfs\\appswww\\utorr\\app\\utorrent\\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\\portpfs\\appswww\\utorr\\app\\utorrent\\utorrent.exe|Name=1Custom-µTorrent|Desc=µTorrent|Edge=TRUE|Defer=App|"
"{EE4AC0CF-D036-4E25-827F-6CB03F25B3A7}"="v2.10|Action=Block|Active=TRUE|Dir=Out|App=c:\\PortPFs\\wwwApps\\wfn\\console.exe|Name=1Custom-WFNConsole|"
"{967BFEAA-36E9-46BE-8A2B-B563AA6E9F66}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\program files\\common files\\java\\java update\\jusched.exe|Name=1Custom-Java Update Scheduler|"
"{FFCB94E0-AA5F-46DE-AB05-3F6CB01E4888}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=%ProgramFiles%\\Lenovo\\System Update\\SUService.exe|Name=1Custom-Lenovo TP System Update|Desc=Manually launched Update Checker|"
"{F84BBB67-910F-4D29-8B4C-06C5CFDA85EF}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=c:\\PortPFs\\wwwApps\\MFFp\\App\\Firefox\\FireFox.exe|Name=1Custom-FireFox|Desc=MozillaPortableBrowser|"
"{48A3F1E4-93C0-441D-A01D-81CFF8E6D325}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=c:\\PortPFs\\wwwApps\\Dragon\\Dragon.exe|Name=1Custom-DragonChromium|Desc=PortableBrowser|"
"{53FB2CE1-C6A1-48E3-9336-01B945995D99}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=C:\\PortPFs\\AppsUtils\\x2pro\\x2pro.exe|Name=1Custom-x2pro|"
"{1C646686-02E7-4DB8-81C6-D15AA59E9994}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=C:\\PortPFs\\AppsUtils\\x2pro\\x2pro.exe|Name=1Custom-x2pro|"
"{EEDBA29E-9147-4FE4-B9F6-5D0E5C380E97}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\\PortPFs\\AppsUtils\\x2pro\\x2pro.exe|Name=1Custom-x2pro|"
"{024497EC-0238-43F5-94C9-ADC8227A2707}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\\PortPFs\\AppsUtils\\x2pro\\x2pro.exe|Name=1Custom-x2pro|"
"{865367CA-3305-43E1-BF2A-D77ED42A25D6}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=C:\\PortPFs\\AppsUtils\\FreeComm\\FreeComm.exe|Name=1Custom-FrC|"
"{417DC8EE-991F-45CC-A4BA-D2BD415B4B7F}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=C:\\PortPFs\\AppsUtils\\FreeComm\\FreeComm.exe|Name=1Custom-FrC|"
"{FDF51CD3-F652-46BF-AF2D-E54D2A481614}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\\PortPFs\\AppsUtils\\FreeComm\\FreeComm.exe|Name=1Custom-FrC|"
"{AF9FCAC7-C9F1-4A61-9BCA-912C63173D97}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\\PortPFs\\AppsUtils\\FreeComm\\FreeComm.exe|Name=1Custom-FrC|"
"{0684CA66-6483-49FE-992E-D3F671350ECB}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=C:\\PortPFs\\AppsUtils\\2xEx\\2xExplorer.exe|Name=1Custom-2x|"
"{2E369B22-816E-45BC-899C-F8AFBB7A1010}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=C:\\PortPFs\\AppsUtils\\2xEx\\2xExplorer.exe|Name=1Custom-2x|"
"{FF867010-4EC1-4457-878C-A06E342538D5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\\PortPFs\\AppsUtils\\2xEx\\2xExplorer.exe|Name=1Custom-2x|"
"{23CFA4FD-00C3-48EB-AF68-5BA26035CB95}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\\PortPFs\\AppsUtils\\2xEx\\2xExplorer.exe|Name=1Custom-2x|"
"UDP Query User{35AF5E76-1FD8-4F4C-8AC1-DD7484B071CF}C:\\portpfs\\appswww\\dragon\\dragon.exe"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\\portpfs\\appswww\\dragon\\dragon.exe|Name=1Custom-ComodoDragon|Desc=Comodo Dragon|Defer=User|"
"TCP Query User{64A452DB-C04F-4948-BB73-8CF96C6D413C}C:\\portpfs\\appswww\\dragon\\dragon.exe"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\\portpfs\\appswww\\dragon\\dragon.exe|Name=1Custom-ComodoDragon|Desc=Comodo Dragon|Defer=User|"
"{0E2A80B0-DBE3-4825-8473-BF53A8CA47FD}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\windows\\system32\\slui.exe|Name=1Custom-Windows Activation Client|"
"{A179FB97-E01A-4909-A659-CD7686DEB828}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\windows\\system32\\svchost.exe|Svc=W32Time|Name=1Custom-Windows Time|"
"{B60B18EB-1890-4023-B8A2-B37BF1E06827}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\\Program Files\\MMPFs\\Winamp\\winamp.exe|Name=1Custom-WinAmp|"
"{9C4A6FBF-B61B-4B6F-8D4C-60EA173D32B5}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\\Program Files\\MMPFs\\Winamp\\winamp.exe|Name=1Custom-WinAmp|"
"{9F9747BD-A7F1-4810-A6B0-4F9E34CBD960}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|App=C:\\Windows\\system32\\svchost.exe|Svc=bits|Name=1Custom-Background Intelligent Transfer Service(auto) [R:80,443]|"
"{B3E26D32-2E3C-4848-A54A-9B7FEE90B903}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=Z:\\exez\\pez\\wbpe\\projects\\tools\\win7pese\\wget.exe|Name=1CustomWBPE|"
"{985E1634-D1CE-4C0A-A518-6D1D5AF13A83}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\program files\\mmpfs\\klite\\tools\\codectweaktool.exe|Name=1Custom-KLiteUpdateCheck|"
"{C0C3527C-C841-4DEF-9010-418515C2CAA9}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|App=C:\\Windows\\system32\\svchost.exe|Svc=wuauserv|Name=1Custom-Windows Update (auto) [R:80,443]|"
"{E656DBC8-8CCE-4465-B43E-067ED1D20F86}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|App=C:\\Windows\\system32\\svchost.exe|Svc=cryptsvc|Name=1Custom-Cryptographic Services(auto) [R:80]|"
"{CB83A62B-1083-4533-BD1E-4CD0EE16CA61}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\users\\61u01\\appdata\\local\\temp\\jds5832721.tmp\\jre-8u171-windows-au.exe|Name=1Custom-Java Platform SE binary|"
"{97835900-E53D-4E05-9F7F-8DF03C465580}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\users\\61u01\\appdata\\local\\temp\\jds6293189.tmp\\jre-8u171-windows-au.exe|Name=1Custom-Java Platform SE binary|"
"{B3BCD385-6520-4B88-BD30-260934556303}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\users\\61u01\\.xdman\\jre\\bin\\javaw.exe|Name=1Custom-JavaW (XDM)|"
"{535EF435-5B2E-4C4D-ABAD-B20321237578}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\PortPFs\\wwwApps\\FDM\\App\\FDM\\FDM.exe|Name=1Custom-FDM|"
"{AC22A992-50CB-46EF-88BB-3110EB1ED021}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\PortPFs\\wwwApps\\MSisoDLtool.exe|Name=1Custom-MSisoDownloader|"
"{E2F18BF9-6DBD-4858-BDC2-591069B5E1B8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|RA4=131.232.43.61|RA4=131.232.61.161|Name=1Custom-LANethIP|"
I then imported/merged those few dozen custom/ized rules into the T61p Win7 registry :thumbs-UP: 8)

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Windows 7”

Who is online

Users browsing this forum: No registered users and 3 guests