Windows Firewall Configuration - Truly Block EVERYTHING... - Windows 10

It seems as much as we look into changing, tweaking, etc, there's always more crap phoning home.

I was working on a script, like 1000 others, to block via blacklist, but it has proven futile so far.

So, I'm going to take the approach I use with my browser: Block EVERYTHING by Default unless specified.

We're going to use Windows Firewall and some preconfigured registry, and WFC for our little setup...

Here's the base registry (Blocks Everything by Default, even Windows Updates):

Allow Only Core Networking + Block Windows Update

Spoiler:

Code:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"CoreNet-DHCP-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCP-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCPV6-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCPV6-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DNS-Out-UDP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-LSASS-Out-TCP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-NP-Out-TCP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-Out-TCP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP4-DUFRAG-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-DU-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-LD-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LD-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LQ-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LQ-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR2-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR2-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-NDA-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDA-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-NDS-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDS-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-PP-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PP-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-PTB-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RA-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RA-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RS-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|Name=@FirewallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RS-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-TE-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-TE-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IGMP-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IGMP-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPHTTPS-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|Name=@FirewallAPI.dll,-25426|Desc=@FirewallAPI.dll,-25428|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPHTTPS-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPv6-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPv6-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-Teredo-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-Teredo-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WindowsUpdate-IPAddress-65.55.163.222-Out"="v2.24|Action=Block|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=65.55.163.222|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (65.55.163.222)|Desc=Outbound rule to allow Windows Update IP (65.55.163.222)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-157.56.96.123-Out"="v2.24|Action=Block|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=157.56.96.123|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (157.56.96.123)|Desc=Outbound rule to allow Windows Update IP (157.56.96.123)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-157.55.240.220-Out"="v2.24|Action=Block|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=157.55.240.220|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (157.55.240.220)|Desc=Outbound rule to allow Windows Update IP (157.55.240.220)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-191.234.72.183-Out"="v2.24|Action=Block|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=191.234.72.183|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (191.234.72.183)|Desc=Outbound rule to allow Windows Update IP (191.234.72.183)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-191.234.72.186-Out"="v2.24|Action=Block|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=191.234.72.186|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (191.234.72.186)|Desc=Outbound rule to allow Windows Update IP (191.234.72.186)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-191.234.72.188-Out"="v2.24|Action=Block|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=191.234.72.188|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (191.234.72.188)|Desc=Outbound rule to allow Windows Update IP (191.234.72.188)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-191.234.72.190-Out"="v2.24|Action=Block|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=191.234.72.190|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (191.234.72.190)|Desc=Outbound rule to allow Windows Update IP (191.234.72.190)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPRange-173.223.204.0-173.223.204.255-Out"="v2.24|Action=Block|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=173.223.204.0-173.223.204.255|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP Range (173.223.204.0-173.223.204.255)|Desc=Outbound rule to allow Windows Update IP Range (173.223.204.0-173.223.204.255)|EmbedCtxt=Windows Firewall Control|"

Allow Only Core Networking + Allow Windows Update*

Spoiler:

Code:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"CoreNet-DHCP-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCP-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCPV6-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCPV6-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DNS-Out-UDP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-LSASS-Out-TCP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-NP-Out-TCP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-Out-TCP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP4-DUFRAG-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-DU-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-LD-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LD-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LQ-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LQ-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR2-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR2-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-NDA-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDA-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-NDS-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDS-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-PP-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PP-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-PTB-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RA-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RA-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RS-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|Name=@FirewallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RS-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-TE-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-TE-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IGMP-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IGMP-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPHTTPS-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|Name=@FirewallAPI.dll,-25426|Desc=@FirewallAPI.dll,-25428|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPHTTPS-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPv6-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPv6-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-Teredo-In"="v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-Teredo-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WindowsUpdate-IPAddress-65.55.163.222-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=65.55.163.222|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (65.55.163.222)|Desc=Outbound rule to allow Windows Update IP (65.55.163.222)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-157.56.96.123-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=157.56.96.123|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (157.56.96.123)|Desc=Outbound rule to allow Windows Update IP (157.56.96.123)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-157.55.240.220-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=157.55.240.220|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (157.55.240.220)|Desc=Outbound rule to allow Windows Update IP (157.55.240.220)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-191.234.72.183-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=191.234.72.183|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (191.234.72.183)|Desc=Outbound rule to allow Windows Update IP (191.234.72.183)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-191.234.72.186-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=191.234.72.186|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (191.234.72.186)|Desc=Outbound rule to allow Windows Update IP (191.234.72.186)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-191.234.72.188-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=191.234.72.188|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (191.234.72.188)|Desc=Outbound rule to allow Windows Update IP (191.234.72.188)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPAddress-191.234.72.190-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=191.234.72.190|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP (191.234.72.190)|Desc=Outbound rule to allow Windows Update IP (191.234.72.190)|EmbedCtxt=Windows Firewall Control|"
"WindowsUpdate-IPRange-173.223.204.0-173.223.204.255-Out"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|RA4=173.223.204.0-173.223.204.255|App=%WINDIR%\\system32\\svchost.exe|Name=Windows Update IP Range (173.223.204.0-173.223.204.255)|Desc=Outbound rule to allow Windows Update IP Range (173.223.204.0-173.223.204.255)|EmbedCtxt=Windows Firewall Control|"

*IMPORTANT: Windows Update IPs may vary from person or region. Those were what I needed for it to work.

ALWAYS MAKE A COPY OF YOUR REGISTER BEFORE TRY THIS

Source: http://forums.mydigi...lock-EVERYTHING

This can be reinforced with a local DNS proxy installed on your machine: http://reboot.pro/to...xy/#entry195379

EDIT: We can also use Windows Firewall Control for easier management.

Notes:
1. Be warned that this setup is for someone with the time and knowledge to put up with apps, network services, the entire internet, etc, not working, and to figure out what is needed to whitelist. There is a log feature in WFC that will help you view connections, but it's mostly trial and error if you're trying to unblock something like Windows Update (in case by registry above doesn't work for you).
2. Don't blindly enable WFC Recommended Rules. It allows the Windows Store to talk to the internet, in case you don't want that.
3. I tested with a fully activated WFC. You will not have Notification Levels to control if not activated.
4. This may cause lower level services and networking to fail (even LAN Drives). It may require more effort than simply right click to whitelist to handle said services.
5. Some apps may have multiple exe files that need whitelisted to fully function. You'll likely only need to worry about EXE files.
6. Unless Microsoft compromises their own Firewall Software (which is terrible as it should do what it is told, and the Pro and up version are supposed to be Enterprise grade (*cough*), this should kill all possibilities for talking to MS, except those you knowingly (or unknowingly, with too permissive whitelisting) allow via WFC.

EDIT 2: If you want to dowlnoad this see: http://reboot.pro/fi...ock-everything/

Best Regards

alacran

Edited by alacran, 15 September 2015 - 10:28 PM.

Boot methods & tools → Boot from USB / Boot anywhere → Tutorials → Reduce telemetry Started by alacran , 27 Jul 2020 win10, win8.x, win7	3 replies 4341 views	alacran 01 Oct 2020
Boot methods & tools → Boot from USB / Boot anywhere → Make your own updated (x86+x64) esd(s), to install OS(s) from USB Started by alacran , 29 Sep 2018 win7, win8.1, win10, usb, install	9 replies 10160 views	alacran 23 Feb 2019
Boot methods & tools → Boot from USB / Boot anywhere → Grub4dos → kexec into sedutil unlocked drive that runs Win10 Started by ottidmes , 09 Mar 2018 kexec, keyboard, grub4dos, win10 and 1 more...	Hot 15 replies 7859 views	Wonko the Sane 11 Mar 2018
Boot methods & tools → WinBuilder → Win10PE → BestCrypt Volume Encryption in Win10PE Started by leonmol , 07 Nov 2017 bcve, win10, encryption	3 replies 5769 views	leonmol 08 Nov 2017
Groups → Project forge → Boot Win10 VHD using Linux Grub2 Started by Natrim , 22 May 2017 vhd, boot, linux, win10, grub	8 replies 16112 views	Natrim 23 May 2017

Windows Firewall Configuration - Truly Block EVERYTHING...

#1 alacran

#2 Guest_AnonVendetta_*

#3 Brito

#4 v77

#5 alacran

#6 Guest_AnonVendetta_*

Also tagged with one or more of these keywords: win10, antispy

Reduce telemetry

Make your own updated (x86+x64) esd(s), to install OS(s) from USB

kexec into sedutil unlocked drive that runs Win10

BestCrypt Volume Encryption in Win10PE

Boot Win10 VHD using Linux Grub2

1 user(s) are reading this topic