Goals:
- Use only Windows 10 Firewall
- Block all outbound traffic by default
- Allow Windows 10 updates
- Limit which svchost services are allowed through
My progress so far on a fresh install:
- Outbound traffic is denied by default
- All default rules have been disabled
- Core Networking - DHCP-Out: allowed
- svchost TCP (remote ports: 80, 443) and svchost UDP (remote port: 53): allowed
- The programs that I want connected to the internet are allowed
With my current configuration, Windows is able to update successfully, but all svchost services (almost 200) are able to connect to the internet. I want to reduce the number of svhost services that are allowed to the minimum.
On another attempt to reduce connected svchost services, I've created different rules for specific svchost services (while disabling the generic svchost rules stated above), but Windows updates do not work (my allowed programs work, though). The svchost services that I allowed in this attempt were:
- Background Intelligent Transfer Service (BITS)
- Client License Service (ClipSVC)
- Security Center
- Update Orchestrator Service
- Windows License Manager Service
- Windows Update Service
Do I need to allow svchost TCP (remote ports: 80, 443) and svchost UDP (remote port: 53) and then manually create new blocking rules for each of the other svchost services (basically inverting what I've tried)?
Thanks!
No comments:
Post a Comment