You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Are there firewall policies that can help against common threats without breaking thing. E.g. Velocet suggested:
"The Explorer leaks NTLM hashes (not in every case) and your IP (every case) via simply display a folder that does contain a specially crafted "desktop.ini": Create a new firewall rule that prevents the explorer.exe from accessing the internet..."
Another idea:
I assume setting the default rule for outgoing connections to "not allow" will break lots of things (via "netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbund")?
Any experience out there?
The text was updated successfully, but these errors were encountered:
I would suggest to block everything and only allow certain apps. In the case of explorer.exe this will break LAN connections (File Sharing, Computer Browser, etc.). To circumvent this it is possible to only allow connections to the local subnet and only if the network is "trusted" (eg: Private/Home, Domain):
When a group is set rules become more manageable like in this example where all HardenTools rules get disabled:
netsh advfirewall firewall setrule group="HardenTools" new enable=no
I am using Windows Firewall Control from binisoft and could really recommend it. Very lightweight and it's just a frontend for the built-in firewall. Another simple (and also open source) app to manage fw rules is simplewall.
The whitelist approach is "the best" since everything gets blocked and only known applications are allowed.
Are there firewall policies that can help against common threats without breaking thing. E.g. Velocet suggested:
"The Explorer leaks NTLM hashes (not in every case) and your IP (every case) via simply display a folder that does contain a specially crafted "desktop.ini": Create a new firewall rule that prevents the explorer.exe from accessing the internet..."
Another idea:
I assume setting the default rule for outgoing connections to "not allow" will break lots of things (via "netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbund")?
Any experience out there?
The text was updated successfully, but these errors were encountered: