

(genshinimpact.exe) Windows Firewall Control All Yes Allow No D:\genshin impact\genshin impact game\genshinimpact.exe 192.168.9.2 Any UDP Any 1025-65535 Any Any Any Any I use Binisoft WFC, but rules can be easily extracted as WD rules.Ĭode: Name Group Profile Enabled Action Override Program Local Address Remote Address Protocol Local Port Remote Port Authorized Computers Authorized Local Principals Local User Owner Application Package

I have recently started fresh, so I am re-creating my rules, because MS started to distribute windows updates via 443 and I hoped that it would be the end of 80, unfortunately, not really. If you are using just windows firewall than T CP UDP Watch is a great helper, I used it a lot along with IP Info. I am in EU, so it mostly connects to UK, Germany, Austria and such, so you need to create your own rules. You can not really use my rules, because it also depends on your location. Svchost is a little tiresome to setup, but once done, it will keep work as expected, there are only so many IP ranges they can use. Also only IP ranges, which are really needed.
BLACKFOG PRIVACY HIDE BROWSER TRAFFIC HOW TO
I have the feeling that firewalls are undervalued (or users are too lazy and they don't want to invest time learning how to harden firewalls).Ĭlick to expand.I mostly pay attention to processes, that run nonstop or can be easily exploited, so I do not tinker much with occasional apps like a streamer software and such.ĭNS is fairly simple, you allow only IPs of your DNS servers, preferably encrypted, so DoH via 443 or DoT using a designated port, so you can block UDP entirely.Īs for the browser, discord, cloud apps like icedrive/onedrive, no port 80 is allowed to avoid unencrypted connections. But what I learnt from this experience is that hardening firewall is extremely useful for privacy/security. And I don't expect that a firewall will be the ultimate solution for privacy/security. But based on my tests, I'm well confident that a firewall software with rules can manage 90% of these problems. The problem is those trusted apps/programs needing svchost (or malicious scripts exploiting svchosts). And as a workaround, if once a month network access is allowed to these processes, probably everything is going to work perfectly (updates, time etc). It's a fact that 99% of Windows processes without network access are going to work fine. That's the reason I'm testing firewalls allowing rules for svchost' processes filtered by service/programs names. On my tests, once the firewall software is set to "block all", and after allowing network access only to few trusted apps/programs, svchost remains as basically the only piece that really needs firewall attention. Click to expand.Thank you always for your help.
