# Windows Firewall Inbound/Outbound Rules- Feeling Overwhelmed



## ilovecats88 (Aug 16, 2012)

I'm really getting into computer security lately, so sorry if I've been posting too much. I only just now discovered that there are countless rules in my Windows Firewall, and I'm feeling overwhelmed. I'm wondering if any of them should be removed, or if I should add some more. Some of them seem suspicious to me, but I am not a security expert, so I don't know if they are or not. Could I paste my Firewall settings here for you to look at? One thing that I definitely want to do is disable all remote desktop connections, after I oddly found a remote desktop connection file in my documents, which was a hidden file! Thank you.

Edit: I disabled everything that said "Remote Assistance," is this ok?


----------



## Professionalgirl (Jan 10, 2020)

Hi ilovecats, What operating system type are you using such as Windows Xp, seven, 10, vista, eight ext? Have you set a remote desktop connection and forget all about it? If you know for sure that you did not create the file is it possible that you sought assistance from a remote support technician at any time that you know of? 

What does the firewall say such as block, allow inbound and outbound? Remote sessions should be disabled or blocked when not in use, especially if the connection is not known to the user. All inbound and outbound traffic regarding remote connections such as remote desk, remote assistance, teamviewer or other types of remote assistance should be blocked by the firewall. 

This should not be confused with Remote procedure call since it is needed by some services such as applications and network configurations. 

You do not need to configure every rule since the firewall is designed to block bad programs automatically and normally configures its own rules depending on the settings you select.


----------



## ilovecats88 (Aug 16, 2012)

Professionalgirl said:


> Hi ilovecats, What operating system type are you using such as Windows Xp, seven, 10, vista, eight ext? Have you set a remote desktop connection and forget all about it? If you know for sure that you did not create the file is it possible that you sought assistance from a remote support technician at any time that you know of?


I have Windows 8.1. I think I did have one set up a couple years ago, as I was accessing my computer on my phone. I also had another remote desktop connection via Chrome, but I have since removed the connection and Chrome from my computer.


----------



## Professionalgirl (Jan 10, 2020)

Have you tried removing the remote connection through add and remove programs? If so I would recommend what cookiegal recommended to another user to thoroughly remove all third party remote connection software. I would recommend revo uninstaller. It does a very nice job removing leftover programs that are no longer in use.

Revo uninstaller contains a free version that is available for most Windows operating system versions. Please follow the link below to install Revo Uninstaller and follow the directions that the app provides.

https://www.revouninstaller.com/products/revo-uninstaller-free/

Please note that if you need further assistance with revo uninstaller or are not sure which settings to use, please feel free to reach out to me and I will be happy to assist with step by step instructions with screenshots as visual aides, Thanks


----------



## Cookiegal (Aug 27, 2003)

Most people don't change any settings in the Windows Firewall and generally speaking the default settings should be adequate for the average user.

Perhaps post the ones you are suspicious of?


----------



## Professionalgirl (Jan 10, 2020)

Cookiegal said:


> Most people don't change any settings in the Windows Firewall and generally speaking the default settings should be adequate for the average user.
> 
> Perhaps post the ones you are suspicious of?


Hi Cookigal, I did state this prior to what you typed at the end of my paragraph. "You do not need to configure every rule since the firewall is designed to block bad programs automatically and normally configures its own rules depending on the settings you select."


----------



## Cookiegal (Aug 27, 2003)

I don't see the statements as being the same but if that's the way you intepret it then that's fine.


----------



## Professionalgirl (Jan 10, 2020)

Cookiegal said:


> I don't see the statements as being the same but if that's the way you intepret it then that's fine.


Cookigal, I just wanted you to know that I am aware that users don't normally set firewall rules unless they are exports like us, but I don't even bother with the firewall rules because it is a tedious task.


----------



## ilovecats88 (Aug 16, 2012)

Cookiegal said:


> Most people don't change any settings in the Windows Firewall and generally speaking the default settings should be adequate for the average user.
> 
> Perhaps post the ones you are suspicious of?


Is there a way to paste them so the data is easy to read? I exported the firewall rules as a .csv, but when I try to paste them, it looks like this:
AVG Diagnostics 
Public Yes Allow No C:\Program Files (x86)\AVG\Av\avgdiagex.exe Any Any TCP Any Any Any Any Any Any Any


----------



## ilovecats88 (Aug 16, 2012)

Professionalgirl said:


> Have you tried removing the remote connection through add and remove programs? If so I would recommend what cookiegal recommended to another user to thoroughly remove all third party remote connection software. I would recommend revo uninstaller. It does a very nice job removing leftover programs that are no longer in use.
> 
> Revo uninstaller contains a free version that is available for most Windows operating system versions. Please follow the link below to install Revo Uninstaller and follow the directions that the app provides.
> 
> ...


I just checked my programs list, and they are not showing up there, so I guess I have removed them. I ran revo installer a couple weeks ago, for a different issue I had posted about on here.


----------



## ilovecats88 (Aug 16, 2012)

I blocked all of these connections for both the inbound and outbound firewall rules; previously, most of them were allowed (I think), or the rule was not active:


----------



## Cookiegal (Aug 27, 2003)

Allowing Remote assistance are default settings but it's much easier and safer to disable remote assistance and remote desktop than to fiddle with firewall settings.

Go to Control Panel - System - Remote Settings (on the left side) and turn both off there.


----------



## Professionalgirl (Jan 10, 2020)

Hi Ilovecats, You don't have to configure firewall rules for this. You can just disable remote assistance directly if it is the built in windows version and all other third party remote assistance tools can be deleted using Revo Uninstaller.

Another thing to try would be to access the run box and type services.msc and disable the remote desktop services from there in the list of services. If you would like to give it a try and need help locating the settings, let me know and I will provide screenshots with step by step instructions using cited sources from Google image search and the link.


----------



## Cookiegal (Aug 27, 2003)

Beat you to it.


----------



## Professionalgirl (Jan 10, 2020)

Cookiegal said:


> Beat you to it.


Oops, you did cookigal


----------



## ilovecats88 (Aug 16, 2012)

Cookiegal said:


> Allowing Remote assistance are default settings but it's much easier and safer to disable remote assistance and remote desktop than to fiddle with firewall settings.
> 
> Go to Control Panel - System - Remote Settings (on the left side) and turn both off there.


I see a checkbox for remote assistance which is unchecked in the "Remote" tab- is there anything else to uncheck?

Since I messed with my firewall settings a bit, should I just restore them to the default settings?


----------



## Cookiegal (Aug 27, 2003)

Yes, below that you need to select the circle that says "don't allow remote connections to this computer" then click "Apply".

Do you remember what other firewall settings you changed beside remote assistance?


----------



## ilovecats88 (Aug 16, 2012)

Cookiegal said:


> Yes, below that you need to select the circle that says "don't allow remote connections to this computer" then click "Apply".
> 
> Do you remember what other firewall settings you changed beside remote assistance?


I don't have that circle? This is all I see. I'm also logged into the limited account, not administrator (I had to put in my administrator password to get to the system settings), could this be why?










I'm pretty sure the only settings I've ever changed have to do with remote connections. I see that there are a lot of settings the firewall added itself when I installed various programs I no longer have.


----------



## Professionalgirl (Jan 10, 2020)

ilovecats, I can see that your remote assistance is not enabled but there may be other services that are related to remote assistance and you can find them by opening the run box and typing services.msc. You may need to disable the service itself in order to fully disable remote assistance. Once you disable remote assistance from the services tab, restart your computer and see if that helps.

To use the run box it looks like the following below

There is one more thing you can try is using the run box and typing msconfig and unchecking remote desktop from there as well and will prevent remote assistance from running at startup.


----------



## ilovecats88 (Aug 16, 2012)

Professionalgirl said:


> View attachment 274343
> View attachment 274345
> View attachment 274345
> View attachment 274343
> ...


The remote assistance settings under System Configuration are all stopped. It won't let me change the settings under Services, but they are all set to manual, except RPC, which is running.


----------



## Cookiegal (Aug 27, 2003)

ilovecats88 said:


> I don't have that circle? This is all I see. I'm also logged into the limited account, not administrator (I had to put in my administrator password to get to the system settings), could this be why?


If you're running Windows 8.1 Home version then you won't see that so it's normal.


----------



## Cookiegal (Aug 27, 2003)

You should be using an account that has Administrator privileges when making changes to settings.


----------



## Cookiegal (Aug 27, 2003)

ilovecats88 said:


> Since I messed with my firewall settings a bit, should I just restore them to the default settings?


I would just leave them for now unless you experience some issues.


----------

