Windows Firewall, now known as Windows Defender Firewall, is a useful tool for a number of reasons. Though you can use it for several purposes, today we’re going to show you how to block a program from accessing the internet in Windows Firewall. We’ll also show you how to allow an app through Firewall if its connectivity isn’t working.
Allowing or Blocking Internet Access of Programs and Apps
Knowing how to block programs in Firewall is useful for several reasons. You may want to prevent it from receiving updates, stop it from sending data back to a remote server, or simply want to know how it functions offline.
Conversely, allowing a program through Windows Firewall can help it to function better online. This is especially true if anybody is connecting to your app from the outside world (such as when you’re hosting a game or media server). If you get the “your internet access is blocked – security or firewall settings might be blocking the connection” error, this is also useful, as it lets you return a blocked app to normal functioning.
The most user-friendly way to allow block an app in Firewall is, of course, via the Windows Defender Firewall app or security alert. However, we’ll also be showing you how to achieve the same effect via the command-line for pro users or those without a GUI.
How To Allow an App through Windows Defender Firewall via Windows Security Alert
- Tick Appropriate Network Types and Allow Access
Select either “Private networks” or “Public networks” based on your needs and click “Allow access“. This action enables the application to communicate through the firewall on the selected network types.
How to Allow a Program Through Windows Defender Firewall in Windows Firewall Settings
- Open Control Panel
Click on the search icon on your taskbar, type “Control Panel“, and open the top result to access the Control Panel interface.
- Type “Windows Firewall” in the Control Panel search and choose “Windows Defender Firewall” in the main list
- Click “Allow an app or feature through Windows Defender Firewall”
This option will be in the sidebar on the left.
- Press “Change Settings” in the “Allowed Apps” Window
Allowing a program in Firewall requires you to provide administrator access.
- Press “Allow another app…” at the Bottom of the Window
- Next to the “Path” box, press “Browse…”
- Browse to your applications .exe-file, click it, and press “Open”
- Click the “Network types…” button in the bottom-left
- Tick “Private” and/or “Public” networks and press “OK”
- Press “Add” to allow the app through Firewall
- Find the program in your “Allowed apps” list and make sure it’s ticked
Press “OK” when you’re done to close the window.
How to Remove Allowed App in Windows Firewall Settings
- Open Control Panel
Repeat the steps to open the Control Panel and navigate to Windows Defender Firewall as described in the previous section.
- Search Control Panel for Windows Firewall and select it from the list
- Open Allowed Apps Settings
Click on “Allow an app or feature through Windows Defender Firewall“.
- Click “Change settings”
This opens the list of allowed applications.
- Remove the Application
Locate the program you wish to remove, select it, and press “Remove“. Confirm your action if prompted, effectively revoking the application’s access through the firewall.
- Press “Yes” to the prompt
The app then is no longer allowed through your firewall. Doing this will not automatically block internet access to a program, but will modify how it interacts with the outside world. Depending on its function, this may stop it from working properly.
- Press “OK” in the “Allowed Apps” Window
How to Allow or Block a Program from Accessing the Internet via Command Prompt
- Open Command Prompt as an admin
Press the search icon on your taskbar and type “Command Prompt“, then right-click on it and select “Run as administrator“. This will grant you the necessary permissions to alter Windows Firewall rules.
- Use the netsh command to allow a program through Windows Firewall in Command Prompt
Here is an example of what you’d type to allow an app through the Firewall in Windows 11 or Windows 10:
netsh advfirewall firewall add rule name="Firefox" dir=in action=allow program="C:/Program Files/Mozilla Firefox/firefox.exe" enable=yes
Make sure to replace “Firefox” and the file path within quotation marks with the name and path of the program you wish to allow. Successfully executing this command should resolve any “security or firewall settings might be blocking the connection” errors.
- Use netsh to block a program in Windows Firewall
To block an application, simply change “action=allow
” to “action=block
” in the command. Here’s the full command for blocking a program:
netsh advfirewall firewall add rule name="Firefox" dir=in action=block program="C:/Program Files/Mozilla Firefox/firefox.exe" enable=yes
As before, modify “Firefox” and the application’s file path in the quotation marks to match the program you’re intending to block. This action will prevent the program from accessing the internet.
How to Remove an Allowed App from Windows Defender Firewall with Command Prompt
You can also use Command Prompt to remove apps that you’ve previously allowed in your Firewall. Here is how:
- Open Command Prompt as an administrator
Press the search icon on your taskbar and type “Command Prompt“, then right-click the top result and choose “Run as administrator“.
- Run the show rule command to export a list of your firewall entries
To do so, simply paste the following into your Command Prompt and press Enter:
netsh advfirewall firewall show rule name=all >"%UserProfile%/Desktop/WindowsFirewallRules.text"
- Open the “WindowsFirewallRules.txt” file on your desktop and find your application
You’ll see the name of the rule you created next to the “Rule Name” field. If you’re struggling to find your rule, you can press Ctrl + F to search.
- Use the netsh command to delete the firewall rule
Once you know the name of your firewall rule you can delete it by running the following command:
netsh advfirewall Delete rule name="yourfirewallrule"
Naturally, you should replace “yourfirewallrule” with the name of your rule. After you receive the “Deleted x rule(s)” confirmation, you can close Command Prompt.
How to Allow or Block a Program in Windows Firewall via PowerShell
If you want to allow or block a program in Firewall using Microsoft’s PowerShell tool, you can do so with the NetFirewallRule
command. Here’s the procedure:
- Open Windows PowerShell as an admin
Access Windows PowerShell with administrator privileges by opening the hidden Start menu using “Windows + X” and then selecting “Windows PowerShell (Admin)”.
- Use NetFirewallRule to allow a program through the Firewall
To allow an application through the Firewall, execute the following command:
New-NetFirewallRule -DisplayName "firewallrulename" -Direction Inbound -Program "C:/path/to/your/file.exe" -Action Allow
Replace “firewallrulename” with a name for your rule and “C:/path/to/your/file.exe” with the path to the executable of your program. Press Enter to execute the command. - Use NetFirewallRule to block a program in Windows Firewall
To block an application, utilize this command format:
New-NetFirewallRule -DisplayName "firewallrulename" -Direction Inbound -Program "C:/path/to/your/file.exe" -Action Block
Again, adjust “firewallrulename” to designate your rule, and modify “C:/path/to/your/file.exe” with the exact path to your program’s executable file. Press Enter to run the command.
How to Remove Allowed Windows Firewall App in PowerShell
If you’ve previously added an application to the Firewall through PowerShell and now wish to remove it, follow these simple steps:
- Open PowerShell as an admin
Launch PowerShell with admin rights by using the hidden Start menu, pressing “Windows + X”, and selecting “Windows PowerShell (Admin)”.
- Export a list of your Firewall rules
Before revoking a program’s access through the Firewall, you need to know its rule name. This information can be acquired by exporting a list of all Firewall rules to your desktop using the command below:
Show-NetFirewallRule | Out-File "$env:userprofile/Desktop/WindowsFirewallRules.txt"
- Open “WindowsFirewallRules.txt” from your desktop and find your rule name
Locate the rule name next to the “DisplayName” label within the text file. Note it for the upcoming command.
- Remove the rule with PowerShell
Having identified the rule name, remove it by executing the command below:
Remove-NetFirewallRule -DisplayName "YourRule"
In place of “YourRule”, input the actual name of the rule you wish to delete.
FAQ – Frequently Asked Questions About Windows Defender Firewall
Can I allow or block a program through Windows Defender Firewall without an admin account?
No, administrative privileges are required to modify firewall settings. This is a security measure to prevent unauthorized changes that could compromise the system’s security. Users need to log in with an administrator account or obtain the password to an admin account to make these changes. If you’re part of a larger organization, you might need to contact your IT department for assistance.
Does allowing an app through the firewall affect my antivirus protection?
Allowing an app through the firewall does not directly impact the effectiveness of your antivirus protection. Firewall and antivirus software operate in different domains of your system’s security; while the firewall manages network traffic, the antivirus focuses on identifying and removing malicious software. However, it’s crucial to only allow trustworthy applications through the firewall, as malicious programs could otherwise exploit network access to perform harmful actions unchecked by the antivirus.
Can Windows Defender Firewall block all incoming traffic?
Yes, you can configure Windows Defender Firewall to block all incoming traffic, which may be useful in high-security scenarios or when diagnosing network issues. This is done through advanced settings where you specify outbound or inbound rules. Keep in mind that such a blockade might prevent legitimate and necessary network communications, potentially hampering the functionality of applications that rely on internet access.
What should I do if an allowed app still cannot access the internet?
If a permitted application still cannot access the internet, first ensure it is correctly allowed in the firewall settings. Then, check for other potential blockages such as antivirus software rules, network connection issues, or additional firewall software that might be overriding Windows Defender Firewall settings. Additionally, ensuring the app’s network permissions are correctly set for the intended private or public network could resolve the issue.
Can I create custom firewall rules beyond just allowing or blocking?
Yes, Windows Defender Firewall allows for the creation of detailed custom rules. Advanced users can leverage the Command Prompt or PowerShell to specify conditions based on IP addresses, ports, protocols, and more to finely tune network traffic permissions. These custom rules provide granular control for sophisticated network management and are ideal for tailoring the firewall’s behavior to meet specific security or operational requirements.
How does blocking a program in the firewall protect my privacy?
Blocking a program from accessing the internet can significantly enhance privacy by stopping the application from sending data back to its servers, which might contain personal or sensitive information. It prevents unauthorized data transmission that could be exploited for targeted advertising, data mining, or malicious activities. Always consider blocking applications that have no clear need for internet access or those known for questionable data handling practices.
Will performing a network reset affect my firewall settings?
Performing a network reset generally reverts your network adapters and settings back to their default state but may not directly alter custom Windows Defender Firewall rules. However, it is advisable to check your firewall settings after a network reset to ensure that your configurations are intact and functioning as expected. This ensures that previously set security measures are still in place to protect your network traffic.
What’s the procedure for blocking or allowing an app through the firewall via PowerShell?
To manage Windows Defender Firewall rules via PowerShell, administrators can use several cmdlets such as New-NetFirewallRule for creating new rules, or Get-NetFirewallRule and Remove-NetFirewallRule for retrieving and removing existing rules. This process involves identifying the program path or the specific ports and protocols you wish to control and applying the necessary rule. For instance, to allow an application, you might create a new rule that specifies the app’s executable file and sets the action to allow. PowerShell offers powerful, scriptable control over firewall configurations, ideal for automation or administering multiple systems.
Why can I not edit certain firewall settings, even as an admin?
If you’re unable to edit firewall settings despite having administrative privileges, this could be due to Group Policy restrictions applied in organizational environments, conflict with third-party security software, or system corruption. If applicable, consult with your IT department regarding Group Policy restrictions. Otherwise, check for software conflicts and consider system repair tools or command-line operations such as sfc /scannow to identify and repair system files.
What is the impact of incorrectly configuring firewall settings?
Incorrect configuration of firewall settings can lead to security vulnerabilities or unnecessary restrictions. For example, excessively permissive rules might allow malicious traffic, increasing the risk of unauthorized access or data breaches. Conversely, overly restrictive rules can block legitimate applications from functioning correctly, potentially disrupting workflows or access to network resources. Hence, careful planning and understanding the functionality of each rule are crucial in firewall management.
How can I ensure my firewall settings are optimized for gaming?
To optimize firewall settings for gaming, identify and allow the necessary games and their associated online services through the firewall. This often involves setting specific rules that permit inbound and outbound connections for game servers and ensuring that voice chat or matchmaking services are not inadvertently blocked. Additionally, specifying the appropriate network profile (private or public) based on your gaming setup can help minimize connectivity issues without compromising security.
Can I apply firewall settings to specific users or profiles on my computer?
While Windows Defender Firewall settings are generally applied at a system level affecting all users, the application of rules can differ between network profiles (Private, Public, Domain). However, specific user-targeted rules are not directly supported through the Windows Defender Firewall interface. Alternative methods, such as using third-party software or network policies in organizational environments, may provide more granularity for user-based settings.
How to revert changes made to firewall settings?
To revert changes made to your firewall settings, you can reset the firewall rules to their default state via the Windows Defender Firewall control panel. This option, found under the “Restore defaults” section, will remove all custom rules and revert to the original settings established when Windows was first installed. Use this feature cautiously, as it will erase all modifications including any specific rules you have added for your applications.
Is it possible to manage Windows Defender Firewall settings remotely?
Managing Windows Defender Firewall settings remotely is possible but requires setup for remote management tools such as Windows Management Instrumentation (WMI), PowerShell remoting, or Group Policy if within a domain environment. These tools allow administrators to implement and adjust firewall settings across multiple systems from a central location, streamlining network security management for businesses or advanced home networks.
What happens if I block a critical Windows service in the firewall?
Blocking a critical Windows service could lead to system instability, loss of functionality, or prevent Windows from performing vital operations. It’s imperative to understand the role and necessity of each service before blocking it in the firewall. In case of accidental blocking, restoring default firewall settings or specifically re-allowing the service can help remedy the situation and restore normal operation.
Related: How to Open or Close a Port in Windows Firewall
As well as allowing and blocking applications, Windows Defender Firewall lets you open and close specific ports. This may be useful if you’re trying to use SSH for example. You can check our how to open or close a port in Windows Firewall guide to learn how.
Related: How to Perform a Network Reset
If you’re still experiencing connectivity issues after allowing an app through your Firewall, you can try performing a Windows Network reset. This will reset all of your settings to default and hopefully fix any strange behavior you’ve been experiencing. It will, however, keep your Firewall rules.
Last Updated on November 7, 2024 9:27 pm CET