Completely disable internet connection except for browser and bittorrent

I need a simple software that ideally needs minimal configuration that will completely block all incoming and outgoing internet connections on my computer, with the exception of a browser (Firefox) and uTorrent. I have tried a few different firewall software (AVG, Norton, Outpost firewall), but they all need configuration for each and every application that needs blockage, and most times those applications in some way can get around the firewall. Instead of using a blacklist based firewall, couldn't i use one that only allows connections from white-listed software? I would still be using my AVG software to remove viruses, remove Trojans, etc. so this software would need to be non interfering with my AVG firewall, and vice versa.

I am running windows 7 professional 64 bit, on 62KB/s Shaw cable.


Windows itself can do this. Just set the default rule for outbound connections to Block instead of Allow in Windows Firewall with Advanced Security (When you open the menu, right click and go to Action->Properties on the dropdown menu).

enter image description here

Once you have set it to block just remove/disable all of the outbound and inbound rules. Then make program rules for the only programs you want to be set to Allow. After that all programs will be blocked except what the one or two programs you want.

(P.S. You are going to want to allow AVG to update it's virus definitions too or else you will quickly become vulnerable to viruses and whatnot (same for windows update))


Continuing where the other answer left off,

first of all, "Windows Firewall with Advanced Security" is a management console snap-in, so it can be started with running "mmc" and adding that snap-in. Also, when disabling the firewall note that there is similar rule in all "Domain profile", "Private profile" and "Public profile" tabs. Check them all.

I experienced that setting up outbound rules might not be that trivial. When setting the rule (though right-hand side "Actions" -> "New rule..."), it might not be that clear what executable your software is using when connecting. By default Windows Firewall does not tell you which software it has blocked so you'd know and could enable it if you'd want to.

One option is to enable firewall logs. However, that will only tell you connection information like this:

2017-08-14 11:48:09 DROP UDP 192.168.0.103 224.0.0.251 5353 5353 0 - - - - - - - SEND

To get information on which application was it, you need to enable audit logs for filtering platform:

  1. open cmd.exe as administrator
  2. run auditpol.exe /get /subcategory:"{0CCE9225-69AE-11D9-BED3-505054503030}" or auditpol.exe /get /category:* to get your localized name for the category you wish to set
  3. enable audit logs for blocked packets: auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:enable. subcategory name might be localized, hence the command above.
  4. set the firewall to block the connections and start application you have trouble with
  5. disable audit logs: auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:disable
  6. find your software from event viewer -> Windows logs -> Security using Find
  7. make a firewall rule for it

Audit logs look something like this, and Find can be used for any word in it:

The Windows Filtering Platform has blocked a packet.

Application Information:
    Process ID:     10672
    Application Name:   \device\harddiskvolume2\program files (x86)\google\chrome\application\chrome.exe

Network Information:
    Direction:      Outbound
    Source Address:     192.168.126.1
    Source Port:        53939
    Destination Address:    239.255.255.250
    Destination Port:       1900
    Protocol:       17

Filter Information:
    Filter Run-Time ID: 699893
    Layer Name:     Connect
    Layer Run-Time ID:  48

This is a very frequently asked question, and the complete answer is following steps

1- Open "Windows Defender Firewall with Advanced Security" , To open just type Windows Firewall in Search or control panel. Open Windows Firewall

2- Now in the Left Pane the Top Option says - "Windows Defender Firewall with Advanced Security on Local Computer" Right click on that and go to Properties. Go to Properties on the Top Option in Left Pane

3- Now in Properties "Block Outbound Connections" for Each Profile - Domain Profile, Public Profile, Private Profile or if any other you have, Click Apply/OK. Disable the Outbound for Each profile

4- Now go To Inbound Rules and Outbound Rules Both one by one, click on any rule and now Press CTRL+A to select All rules, from the extreme right Pane somewhere in the lower section click Disable Rule. This will Disable all rules. enter image description here

5- Add a rule in Outbound Rules, Create New Rule from Right Pane, Select a Program, which will be your browser New Rule in Outbound Select Program ( your Browser here) Specify browser path Allow the connection if you want to allow it

In many case you can also block it in inbound to stop a program to connect itself ( usually used for patches /activators) Here make this rule for the profile you want based on your needs select all 3 if you dont know Give the rule any name, least matters.

6- Now your computer is almost blocking every connection which means even chrome cannot connect at this point because even networking services are blocked.

7- So in final step, again right click on Outbound rules and Inbound Rule one by one both, in Left Pane, and Select "Filter by Group" --> "Filter by Core Networking"Filter By Core Networking in both Outbound and Inbound Rules

8- Now in Right Pane for both rule type Filters, Enable All the Rules like step 3, select all and from right pane enable rule.

DONE - Now only program of you choice can communicate, even the chrome cannot update itself as inbound for chrome is disabled. TWEAK the RULES accordingly.