How-To

Use the Windows 7 Firewall to Block a Program From Internet Access

If you’re careful about which programs you download, you probably don’t need to worry about them accessing the internet. But even when a program has a good reputation, you don’t have to leave your security to good faith.

Have you ever installed a program that you only needed for offline use, but it insisted on trying to connect to the internet? About four years ago we showed you how to allow programs through the Windows firewall. This time around we’re going to show you how to block them with it in Windows 7 and 8.

Block a Program From Internet Access via Windows Firewall

If you’re not sure which programs are accessing the internet, one easy way to find out is to open up Windows Resource Monitor. This can be done by searching for “resmon” in the start menu, or typing “resmon” into the Run Box (Windows Key + R). In this example, I noticed that the Everything app had networking activity and I’m going to block it to make sure it doesn’t send any data away from my PC.

resmon network activity

To get started we need to open up Windows Firewall. One quick way to do this is from the Control Panel. Just click the Windows Firewall icon.

control panel windows fire wall

From the Firewall page click Advanced settings.

advanced firewall settings

Here you can choose which you would like to block first: Inbound or Outbound. When it comes down to it I think blocking Outbound is usually enough for most applications. When Outbound connects are blocked, this means that the application can’t send any of your data to a remote server somewhere on the internet. Of course, if bandwidth is what you’re worried about you should probably block both. In any case, the process for blocking both is the same, so I’ll just cover one.

Click the New Rule… button.

create new outbound rule

For the “Rule Type” select the Program bullet and click Next.

programs

Select the “This program path:” option and then either type in the path or use the browse button to find the executable of the application.

this program path

For the Action select the “Block the connection” option and click Next.

block the connection

For the Profile tab, select all of the available boxes: Domain, Private, and Public.

all domains next

You can name the firewall rule whatever you like. It’s a good idea to keep it something memorable or relevant though because you may want to change or disable it later on.

name and finish

Now the rule should be created and ready to go. However some applications also run as a service, so be sure to disable that as well if you can. Right-click the newly created rule and select “Properties.”

properties

From the Properties window select the “Programs and Services” tab and then click the Settings button.

this program and service settings

Here click to “Apply to this service” and then select the service that matches up with the program blocked by the rule. If you can’t find a matching service, chances are your program didn’t install a service alongside it (so you can just cancel out).  Click OK to save change sand exit from both this and the properties window.

apply to this service

That’s all there is for creating an Outbound rule. Now if you want, just repeat the process for an Inbound rule. And the program will be completely blocked from internet access.

new rule inbound rules

If you want to temporarily give the application internet access again, you can disable the firewall rule by right-clicking on it within the Advanced Firewall Security window. If you want to permanently get rid of this blocking rule, just delete it.

disable rule

15 Comments

15 Comments

  1. kuntal

    March 25, 2013 at 9:41 am

    This is such a good topic which you are discussed and i was looking for this type of firewall protection tricks for a couple of days.than bro for this article.

  2. Ziggy

    March 25, 2013 at 7:53 pm

    Thanks Austin! I’ve been looking for this information for a while. Your overview is brilliantly simple and very easy to follow.

    Thanks for the reference to “resmon”, which I had forgotten all about but is certainly one of Win 7’s most handy features.

  3. Ziggy

    March 25, 2013 at 8:29 pm

    Some readers may be interested in the following posting (http://www.raymond.cc/blog/easily-determine-if-a-specific-software-is-secretly-connecting-to-internet-2/) which provides links to programs that monitor outbound connections.

  4. C Festa

    March 27, 2013 at 7:32 am

    Java is constantly askig me to install updates which, in the past, has caused major headaches on my computer. Can I use this to block Java from advising about updates?

    • Austin Krause

      March 27, 2013 at 9:04 am

      Hi C Festa,

      I’m glad you asked!. You could block Java with this, but that would be a BAD idea. Because Java is the most popular application platform in the world it is also the most exploited, and it needs to be updated regularly to prevent this from happening. In other words, Java needs all of the security patches it can get!

      But, I complete agree with you. Java’s autoupdate is SUPER ANNOYING. But we found a way to work around this a couple years ago and it seems to still be working today.
      Instructions are here:
      https://www.groovypost.com/howto/geek-stuff/what-is-jusched-exe-safe-why-running-virus/

      • Cathy

        March 27, 2013 at 11:51 am

        Thanks, Austin. The problem is that I think installing updates has also caused problems with my computer being suseptible to viruses and where I work, we have been warned about Java…

        Cathy

        • Austin Krause

          March 27, 2013 at 2:25 pm

          Hi Cathy,

          You’re right to be wary of Java, but let me give you some details on the recent Java scare that has been going around.

          A few months ago some HUGE exploits hit the net that infected millions of computers worldwide. These exploits infected computers through a web browser (Chrome, Firefox, Internet Explorer, Opera, etc..) via a Java plugin. The only way to get infected by this virus was to visit a website that was executing the server side script. In most cases people were fine unless they visited an unscrupulous website, or a good website that had its server hacked and reprogrammed to run the virus.

          As far as vulnerability goes, the server-side Java virus can really only infect Web Browsers that have the Java plugin installed. The virus travels through the web browser plugin and into Windows. Of course, any Java program that connects to random websites is a liability, but a Web Browser is really the only application that does so, so your non-browser Java applications should be fine.

          A lot of programs require that you have the JRE (Java Runtime Environment) installed. This is a local Java platform that doesn’t connect to the internet, except to update. So you probably shouldn’t try to get rid of Java completely, and a lot of the vulnerabilities are fixed in the updates that you receive.

          ## Conclusion ##

          You really don’t need to worry about Java running on your desktop. However, you should definitely disable the Web Browser plugins in (Chrome, Firefox, or Internet Explorer) whichever you use. Please, please, please keep your Java updated!!! Failure to update is the #1 reason people get computer viruses.

          For instructions on disabling the java Web Browser plugins: Follow this:
          https://www.groovypost.com/news/java-zero-day-exploit-disable-prevent-infection/

          And there is more detail here if you need it:
          https://www.groovypost.com/howto/disable-java-browsers-uninstall-from-pc/

  5. TJ

    April 27, 2014 at 1:34 am

    I have windows 8.1. The “everything” option is not available under apply services.

  6. TJ

    April 27, 2014 at 1:41 am

    Disregard my post. I see what I am doing now. Thanks

  7. glenndm

    February 7, 2015 at 10:12 am

    How can you allow a program through the outgoing traffic firewall when there is NO program file path know ?

    an example of such a program is the adobe flash update downloader program (install_flashplayer16x32_mssd_aaa_aih.exe)
    When executed, the updater unpacks itself and deletes the downloaded file
    The updater runs in memory without a linked file path – Sysinternals Process explorer shows an error
    This means an outgoing rule cannot be made in MS Firewall, which blocks the update.

    the only way to update is to allow all outgoing traffice during the update, hardly a recommend solution

    your take on this?
    and, a shot in the dark, do you know of a “learning” extension to FW as in the regretted Kerio FW or the tinywall extension?
    (I don’t use tinywall because of the obfuscated rules it creates.)

    regards

  8. AW

    July 23, 2015 at 12:52 am

    Microsoft office allows searching features and links to circumvent parental controls and third-party Internet parental control programs like Qustodio. They have allowed their own programs to escape their safety features. How can we disable these weaknesses to protect our family? Obviously these programs are accessing the internet without my permission, so there must be some way to block it and cut it off other than to just not be able to use these programs.

  9. heera

    August 4, 2016 at 12:12 pm

    hi i have been trying to block photohsop from accessing interrnet but has not been possible so far

  10. AsPika

    January 21, 2022 at 10:40 pm

    Thanks! Useful for stopping KMPlayer from auto updates his program!

Leave a Reply

Your email address will not be published. Required fields are marked *

 

To Top