Intro:
I found myself needing to block all exe's in a folder from calling home and I didn't want them receiving anything from the mothership either. There were quite a few files to input and since you can't just drag and select a bunch of exe's from within the Windows Defender Firewall with Advanced Security to begin with, I was forced to write this batch file.
This batch file will search for all exe's in a folder (not recursive) and will add them as a blocked item in the Inbound & Outbound Rules section. If you need to search directories recursively then look at Solution #2.
Solution #1 (only search for exe's in the current folder):
1. Create a text file with the following contents and save it as "block-XYZ-in&out.bat" on the Desktop, where "XYZ" is the program name. You will move this file later. Make sure you do not miss the closing parenthesis at the end.
for %%G in ("C:\Program Files\YOUR-FOLDER-HERE\*.exe") do ( netsh advfirewall firewall add rule name="Blocked With Batchfile %%G" dir=in action=block program="%%G" enable=yes profile=any netsh advfirewall firewall add rule name="Blocked With Batchfile %%G" dir=out action=block program="%%G" enable=yes profile=any )
2. In the above file make sure you edit line 1 and change it to match the location you want to scan or this will fail.
3. You can change the name of the rules if you want.
4. Once you've made your modifications save the bat file, copy it to the folder location you have specified, and run it with admin credentials. So in this case drop the bat file in "C:\Program Files\YOUR-FOLDER-HERE\" and run it.
5. To open Windows Defender Firewall with Advanced Settings follow this: "Settings ➡ Windows Update & Security ➡ Windows Security ➡ Firewall & network protection ➡ Advanced Settings (bottom)" or "Right Click Start ➡ Run ➡ wf.msc" as seen here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.
6. Check to make sure the items have been added in the firewall as blocked. If it doesn't refresh click on Inbound or Outbound Rules to refresh the list.
Solution #2 (search for exe's recursively aka down the folder tree we go):
1. Create a text file with the following contents and save it as "block-XYZ-in&out.bat" on the Desktop, where "XYZ" is the program name. You will move this file later. Make sure you do not miss the closing parenthesis at the end.
For /R "C:\Program Files\YOUR-FOLDER-HERE\" %%G IN (*.exe) do (
netsh advfirewall firewall add rule name="Blocked With Batchfile %%G" dir=in action=block program="%%G" enable=yes profile=any
netsh advfirewall firewall add rule name="Blocked With Batchfile %%G" dir=out action=block program="%%G" enable=yes profile=any
)
2. In the above file make sure you edit line 1 and change it to match the location you want to scan or this will fail.
3. You can change the name of the rules if you want.
4. Once you've made your modifications save the bat file, copy it to the folder location you have specified, and run it with admin credentials. So in this case drop the bat file in "C:\Program Files\YOUR-FOLDER-HERE\" and run it.
5. To open Windows Defender Firewall with Advanced Settings follow this: "Settings ➡ Windows Update & Security ➡ Windows Security ➡ Firewall & network protection ➡ Advanced Settings (bottom)" or "Right Click Start ➡ Run ➡ wf.msc" as seen here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.
6. Check to make sure the items have been added in the firewall as blocked. If it doesn't refresh click on Inbound or Outbound Rules to refresh the list.
Conclusion:
This is by far the fastest way I've been able to bulk add rules like this. Although it applies the same settings to the inbound and outbound rules, its only intention was to search through a file directory and have rules created quickly with minimal interaction.
Icon at top of post found here: https://www.pngwing.com/en/free-png-ydrnk
๐ฝ
No comments:
Post a Comment