How can I use the folder firewall blocker?

345 Asked by AnilJha in Cyber Security , Asked on Mar 30, 2022

In Windows Firewall with Advanced Settings I can create a rule which blocks all inbound or outbound traffic for a particular program by pointing to its .exe file. The problem is that this program has many .exe files in its directory, as well as additional ones in its sub directories.

So my question is: do I need to make separate rules for each .exe file, which in this case would mean about 50 rules? Or is there a way to block the traffic for a group of .exe files based on their location on the local hard drive?

Answered by Andrea Bailey

To use the folder firewall blocker -

  **Configure and Add rules in windows firewall based on dynamic content (exe files) in that folder: **

you should work with PowerShell or command line tools that run everyday.

like this : Article Link

function Add-FirewallRule {

   param( 

      $name,

      $tcpPorts,

      $appName = $null,

      $serviceName = $null

   )

    $fw = New-Object -ComObject hnetcfg.fwpolicy2 

    $rule = New-Object -ComObject HNetCfg.FWRule

    $rule.Name = $name

    if ($appName -ne $null) { $rule.ApplicationName = $appName }

    if ($serviceName -ne $null) { $rule.serviceName = $serviceName }

    $rule.Protocol = 6 #NET_FW_IP_PROTOCOL_TCP

    $rule.LocalPorts = $tcpPorts

    $rule.Enabled = $true

    $rule.Grouping = "@firewallapi.dll,-23255"

    $rule.Profiles = 7 # all

    $rule.Action = 1 # NET_FW_ACTION_ALLOW

    $rule.EdgeTraversal = $false

    $fw.Rules.Add($rule)

}

# Sample Usage

Add-FirewallRule "Test port 1234" "1234" $null $null

Add-FirewallRule "Test port 5555-6666" "5555-6666" $null $null

Add-FirewallRule "Test port 2222 Calc" 2222 "c:windowssystem32calc.exe" $null

Add-FirewallRule "Test port 3333 W3SVC" 3333 $null "W3SVC"

There are also some good VBScript samples on MSDN which I used as a starting point.

BUT recommended that you add a firewall or proxy on the edge of your network, like ISA or SQUID for all of your inbound traffic in your LAN.

open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management. Block responses containing Windows executable content visit this Article here

To block responses containing Windows executable content

1. In the console tree of ISA Server Management, click Firewall Policy.

2. In the details pane, click the applicable access rule or Web publishing rule.

3. On the Tasks tab, click Edit Selected Rule.

4. On the Traffic tab (for Web publishing rules) or on the Protocols

        tab (for access rules), click Filtering, and then click Configure

        HTTP.

5. On the General tab, click Block responses containing Windows

executable content.

  in our network that based on windows we have cache server named SQUID quid content filtering: Block / download of music MP3, mpg, mpeg, exec files

First open squid.conf file /etc/squid/squid.conf:

vi /etc/squid/squid.conf

Now add following lines to your squid ACL section:

acl block files urlpath_regex "/etc/squid/blocks.files.acl"

You want display custom error message when a file is blocked:

Deny all blocked extension

deny_info ERR_BLOCKED_FILES blockfiles

http_access deny blockfile

How can I use the folder firewall blocker?

Your Answer