Windows 10 comes with a built-in Firewall app. It provides security from hackers and malicious software trying to access your PC using your network connection. It is possible to allow or deny a specific app from accessing the Internet. In this article, we'll see how it can be done.
In Windows 10, Windows Firewall is based completely on the Windows Filtering Platform API and has IPsec integrated with it. This is true since Windows Vista where the firewall added outbound connection blocking and also comes with an advanced Control Panel called Windows Firewall with Advanced Security. It gives fine-grained control over configuring the firewall. The Windows Firewall supports multiple active profiles, co-existence with third-party firewalls, and rules based on port ranges and protocols.
Before you allow or deny apps in the Windows Firewall, ensure that you are signed in as an administrator.
To allow an app through Windows Firewall, do the following.
For some apps, like Total Commander, a special prompt "Windows Security Alert" may appear as shown in the screenshot below. It can be used to allow or deny the app from accessing the network. Select the network locations you want to allow (private or public) or uncheck them all to block the app.
To allow an app through Windows Firewall using Firewall Settings, do the following.
- Open Settings.
- Go to Network & Internet - Status.
- Scroll down to the link "Windows Firewall" and click it.
- The following window will be opened. There, click the link "Allow an app or feature through Windows Firewall" on the left side.
- Click the button "Change settings" if you have UAC enabled to unblock other buttons.
- To allow some app, click on the button "Allow another app".
- In the next dialog, click the Browse button and pick an app you want to allow through Windows Firewall.
- Now, click on the button "Network types...". In the next dialog, select public, private or both network types to allow the app.
- Click on the "Add" button and you are done.
Alternatively, you can use the netsh command to allow the app to access the network.
Here is a rule-based example for Total Commander, which does the same as above:
netsh advfirewall firewall add rule name="Total Commander 32-bit" dir=in action=allow program="C:\Totalcmd\TOTALCMD.exe" enable=yes
You need to type it at an elevated command prompt.
Correct the file path and the rule name to fit your requirements.
Just like the steps for allowing an app, you can block certain apps from accessing the network.
To block an app in Windows Firewall, you can execute the following command:
netsh advfirewall firewall add rule name="Total Commander 32-bit" dir=in action=block program="C:\Totalcmd\TOTALCMD.exe" enable=yes
The main difference from the previous command is the "action=block" portion, which blocks the app from accessing the Internet.
In the Firewall settings, you can also block the allowed app. You can uncheck the check for the rule in the app's list (see the screenshot below) or remove the rule completely.
To remove the rule completely, select the desired app in the list and click the "Remove..." button.
Finally, you can save your time and use our tiny OneClickFirewall app. After installing, it adds two context menu entries: Block Internet Access and Restore Internet Access.
Under the hood, OneClickFirewall uses netsh commands mentioned above. You might find this method faster.