# Alternative firewall



## lunarlander (Sep 22, 2007)

Hi,

I don't like how MS re-enables some default firewall rules which I have disabled every time there is a cumulative update. They think the administrator is stupid and will lock out important functions. What firewall are you using ?


----------



## Johnny b (Nov 7, 2016)

I don't use Win 10, but my sister does and I ask out of concern for her, what rules are being reset in the Windows firewall?


----------



## lunarlander (Sep 22, 2007)

I have turned off default-on rules like Cortana, Mail, Microsoft Content, Microsoft Store and more. I don't use those features, so they are unnecessary just give more opportunities to hackers.


----------



## Johnny b (Nov 7, 2016)

Thanks, I'll pass along that info.


----------



## LeoLui (Jan 5, 2019)

I have used ZoneAlarm Free Firewall for a long time. Have no issues.


----------



## lunarlander (Sep 22, 2007)

I just finished looking into ZoneAlarm Free. It is quite good. Unlike Windows Firewall, you cannot specify a rule for a Service, because most services are not EXE's. Instead you have to allow SVCHOST, which starts most services. That's acceptable, because I usually disable all services that I don't want, especially those that talk to the net.

Just looking up documentation online, it seems that the paid version of ZoneAlarm allows you to specify rules for individual services. More money for the same functionality of Windows Firewall. BUT, you won't have MS modifying your firewall rules.


----------



## lunarlander (Sep 22, 2007)

Also I just found there is an Exception List in Windows Firewall. Going to Event Viewer, Create a Custom View. By Log > select Applications and Services Log > Microsoft > Windows > Windows Firewall with Advanced Security > Firewall

And I saw a MS AAD (Azure Active Directory) broker plugin loaded into this 'exception list'. And there is also User Mode Font Driver Host (fontdrvhost.exe) , Windows Cloud Experience Host, windows_ie_ac_001, Windows Shell Experience Host, and various Windows Store sites.

I don't see any way to look at this exception list or modify it in Windows Firewall for Advanced Security .


----------



## lunarlander (Sep 22, 2007)

The only problem I have with ZoneAlarm is that Google can't find the offline installer. However I just used ZA Support Chat and asked for offline installers, and they do have them, and gave me the link. All you have to do is ask.


----------



## dlipman (Feb 14, 2013)

lunarlander said:


> I have turned off default-on rules like Cortana, Mail, Microsoft Content, Microsoft Store and more. I don't use those features, so they are unnecessary just give more opportunities to hackers.


It isn't just that. Microsoft has added a Site Preview ( aka; Tab Peek ) to Edge. I created a Reg Hack that disables this screen-wasteful construct. Yet Microsoft in their infinite wisdom kept re-enabling it. So I created a Scheduled Task to run a KiXtart script then will, daily, disable that and make other changes as needed.

In other words, there are ways to overcome Microsoft's Control Freak attitude via Local Policies and scripts.


----------



## zebanovich (Mar 2, 2019)

lunarlander said:


> I don't like how MS re-enables some default firewall rules which I have disabled every time there is a cumulative update.


Use firewall from Group policy, Windows doesn't do anithing to group's policy firewall.
and there are tolls like mTail and ProcessMonitor to help you set up rules and monitor activity.


----------



## lunarlander (Sep 22, 2007)

How does mTail help in this regard ? What log file do you watch ?


----------



## zebanovich (Mar 2, 2019)

lunarlander said:


> How does mTail help in this regard ? What log file do you watch ?


As you probably already discovered mTail is available here

Windows firewall log file is located here:
*C:\Windows\System32\LogFiles\Firewall\pfirewall.log*

You must run mTail as administrator to be able to read firewall log file.
mTail has plenty of options to customize how you monitor firewall in real time.

here is my screenshot:
http://prntscr.com/msn15i

Windows GPO Firewall is fetched in: (run as Administrator)
*Start -> Windows administrative tools -> Windows Defender Firewall with Advanced security*

http://prntscr.com/msn5yg


----------

