Windows 7 : Blocking Hackers with Windows Firewall (part 2) - Making Exceptions to Firewall Protection

9/8/2012 1:32:03 AM
When Windows Firewall is turned on and running, you don't really have to do anything special to use it. It will be on constant vigil, automatically protecting your computer from hackers and worms trying to sneak in through unprotected ports. Ports for common Internet tasks such as e-mail and the Web will be open and monitored so that you can easily use those programs safely.

Internet programs that don't use standard e-mail and Web ports may require that you create an exception to the default firewall rules for incoming traffic. Examples include instant messaging programs and some online games. When you try to use such a program, Windows Firewall displays a security alert like the one in Figure 4.

The message doesn't mean that the program is "bad." It just means that to use the program, the Firewall has to open a port. If you don't recognize the program name and publisher shown, click Cancel. If you want to use the program, first decide for which networks the exception will be allowed. For example, if the traffic is coming from another computer on your local network, select the Private Networks option. For traffic coming from the Internet, select Public Networks (you can select either or both, as needed). Then, click Allow Access. Allowing access for a program doesn't leave the associated port wide open. It just creates a new rule that allows that one program to use the port. You're still protected because the port is closed when you're not using that specific program. The port is also closed to programs other than the one for which you unblocked the port. Should you change your mind in the future, you can always reblock the port as described in the next section.

3.1. Manually Configuring Firewall Exceptions (Allowed Programs)

Normally, when you try to use a program that needs to work through the firewall, you get a message like the example shown in Figure 7-4. Occasionally, you might need, or want, to manually allow or block a program through the firewall. If you have administrative privileges, you can do that via the Allowed Programs page shown in Figure 7-5. To open that page, click Allow a Program Through Windows Firewall in System and Security (by the Windows Firewall item in Control Panel).

Items on the list with a check mark beside them represent programs and features that work through the firewall. You'll also see any exceptions you created in response to a security alert. For example, Trillian isn't a Windows 7 feature, so you might not see that one. It shows in Figure 5 because I chose to allow access for it in response to the security alert shown back in Figure 4.

You probably aren't familiar with most of the programs listed in the Allowed Programs and Features list, so you should not select or deselect a box just by guessing. But you don't need to guess, either. If you just leave things as they are, everything will be fine. If you later decide to use one of the listed features, you'll be prompted at that point to allow access for the program if it's necessary to do so.

Figure 4. Windows Firewall security alert.

Figure 5. Windows Firewall Allowed programs and features.

3.2. Adding a Program Exception

You can unblock ports for programs that aren't listed under Allowed Programs and Features. You would do this only if specifically instructed to do so by a program manufacturer you know and trust.

If the program for which you want to create an exception isn't listed under Allowed Programs and Features, first click Change Settings and then click the Allow Another Program button. When you click Allow Another Program, you see a list of installed programs that might require Internet access, as in Figure 6. Click the program that you want to add to the list. Optionally, if the program isn't listed, but you know where it's installed, you can use the Browse button to get to the main executable for that program (typically the .exe file).

Figure 6. Add a Program dialog box.

Clicking the Network Location Types button lets you define the addresses from which any unsolicited traffic is expected to originate. For example, if you're using a program that provides communications among programs within your local network only, you wouldn't want to accept unsolicited traffic coming to that port from the Internet. You'd want to accept unsolicited traffic coming only from computers within your own network. When you click Network Location Types, you see the options shown in Figure 7. Your options are as follows:

  • Private Networks, Such as Those at Home or at a Workplace: If the program in question has nothing to do with the Internet, and is for your home or business network only, choose this option to block Internet access but allow programs within your own network to communicate with each other through the program.

  • Public Networks, Such as Those in an Airport or Coffee Shop: If you want the program to be able to connect to the Internet, choose this option.

You can choose the scope for the program within the Allowed programs and features list just by placing a check in the Home/Work (Private) or Public columns for the program.

Figure 7. The Choose Network Location Types dialog box.

IP Addresses on Home/Office Networks

Each computer is automatically assigned a 192.168.0.x IP address, where x is unique to each computer. For example, if the computers are sharing a single Internet connection, the first computer will be, and the subsequent computers will also have addresses in that same address space.

All computers will have the same subnet mask of The subnet mask just tells the computer that the first three numbers are part of the network address (the address of your network as a whole), and the last number refers to a specific host (computer) on that network. The 192.168 ... addresses are called private addresses because they cannot be accessed directly from the Internet.

To see the IP address of a computer on your local network, go to that computer, click the Start button, and choose All Programs => Accessories => Command Prompt. At the command prompt, type ipconfig /all and press Enter. You see the computer's IP address and subnet mask listed along with other Internet Protocol data.

3.3. Disabling, Changing, and Deleting Exceptions

The check boxes in the Allowed Programs and Features list indicate whether the exception is enabled or disabled. When you clear a check box, the exception is disabled and traffic for that program is rejected. This makes it relatively easy to enable and disable a rule for a program on an as-needed basis, because the program name always remains in the list of exceptions.

To change the scope of an exception in your exceptions list, click the check box in the Private or Public column, as needed. To remove a program from the exceptions list, and stop accepting unsolicited traffic through its port, click the program name and then click the Remove button.

You can remove the default programs from the list — only those you have added.

Top 10
Review : Sigma 24mm f/1.4 DG HSM Art
Review : Canon EF11-24mm f/4L USM
Review : Creative Sound Blaster Roar 2
Review : Philips Fidelio M2L
Review : Alienware 17 - Dell's Alienware laptops
Review Smartwatch : Wellograph
Review : Xiaomi Redmi 2
Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator
Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator
3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8