Configuring Windows Firewall Rules

The basic Windows Firewall allows you to create rules based on programs and features only while to create firewall rules based on port addresses or services you need to use the WFAS (Windows Firewall with Advanced Security). In this article we will see how to configure exceptions based on programs using the basic Windows Firewall.

This implementation is different from Windows Vista where you had just one option that is, to configure rules based just on port addresses! In Windows 7 you can do that through WFAS. Windows 7 features such as, Windows Virtual PC can be enabled through the Turn Windows features on or off item in Control Panel\All Control Panel Items\Programs and Features. To add firewall rules for programs or features open Control Panel\All Control Panel Items\Windows Firewall and click the Allow a program or feature through Windows Firewall item.

In the window above you can view the list of currently installed features and program for which rules have been created for specific network profiles. You need administrator privileges to be able to modify the settings and add new programs to the list of rules. In the following exercise, we will configure a rule that allows traffic for the Remote Desktop Connection feature:

  1. Open Control Panel\System and Security\Windows Firewall and click the Allow a program through Windows Firewall item.
  2. In the Allow programs to communicate through Windows Firewall window, click the Allow another program… button
  3. From the Add a program window, click Browse and navigate to C:\Windows\system32\ folder and select mstsc.exe, and click Open.
  4. Click the Network location types… button and select the Home/Work (Private) check-box, and click OK
  5. Click Add and verify that a rule for Remote Desktop Connection now appears in the list of Allowed prgrams and features for the Home/Work (Private) profile. 
  6. Finally, click OK to complete the exercise.

Remember, that each time you open a port or allow a program to communicate through the firewall, your computer becomes a bit less secure. The more allowed programs or open ports your firewall has, the more opportunities there are for hackers or malicious software to use one of those openings to spread a worm, access your files, or use your computer to spread malicious software to others. In generally, it is safer to add a program to the list of allowed programs than to open a port.