View original (French)

Firewall: block all programs in a folder

Solved
Matt -  
Fenrisulfr01 Posted messages 17 Status Membre -
Hello,

I want to block internet access for all .exe programs in a folder from the Windows 7 firewall.

In fact, I want to block a list of X programs in the folder C:\Program Files\"FOLDER\"
I have no problem blocking the .exe files one by one, but it’s really very time-consuming!

Do you have a quick solution?

Thank you in advance!

16 réponses

Réponse 1 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
No, it does not accept having dir=in and dir=out.
However, you can redo everything by leaving only dir=in.
3
Mattofficiel Posted messages 14 Status Membre
 
I added a line and it works great 

cd "C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager"
$appli = ls * -recurse | where {$_.name -like "*.exe"}
foreach ($app in $appli) 
{
 $name = $app.name
 $path = $app.fullname
 netsh adv firewall add rule name=$name dir=in action=block program=$path
 netsh adv firewall add rule name=$name dir=out action=block program=$path
}


Thank you for your help!
0
Réponse 2 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
Hello,

To do what you need, I suggest a small PowerShell block.
You must run PowerShell as an administrator.
Then type this: 
cd "your folder"
$appli = ls *.exe
foreach ($app in $appli) 
{
 $name = $app.name
 netsh adv firewall add rule name=$name dir=out action=block program=$app.fullpath
}

Where your folder is the location of your applications that you want to block.
This will create a rule with the name of your application, which will block outgoing traffic.
1
Matt
 
Hello,

Thank you very much for this response.

So basically, I just have to type this? : 

cd C:\Program Files\"DOSSIER"
$appli = ls *.exe
foreach ($app in $appli) 
{
 $name = $app.name
 netsh adv firewall add rule name=$name dir=out action=block program=$app.fullpath
}


This code blocks all outgoing traffic from ALL applications in C:\Program Files\"DOSSIER"?

And if I want to disable this block?

Thanks again!
0
Réponse 3 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
Indeed, my mistake.
Let's change it once again :) 

cd "C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager"
$appli = ls * -recurse | where {$_.name -like "*.exe"}
foreach ($app in $appli) 
{
 $name = $app.name
 $path = $app.fullname
 netsh adv firewall add rule name=$name dir=out action=block program=$path
}


This time should be the right one.
1
Mattofficiel Posted messages 14 Status Membre
 
Thank you, it seems to be working perfectly!

Is it possible to also add a restriction on incoming traffic?

Like this 

cd "C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager"
$appli = ls * -recurse | where {$_.name -like "*.exe"}
foreach ($app in $appli) 
{
 $name = $app.name
 $path = $app.fullname
 netsh adv firewall add rule name=$name dir=in dir=out action=block program=$path
}
0
Réponse 4 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
Okay perfect.

Have a nice day.
1
Réponse 5 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
Hello,
If the folder in question is exactly named "DOSSIER" (with the quotes, the first command is 
cd 'C:\program Files\"DOSSIER"'

Then, I noticed an error on the second line: you need to add -recurse at the end. Which gives: 
$appli = ls *.exe -recurse


Yes, this code blocks the traffic of absolutely all .exe files in the folder C:\program Files\"DOSSIER".

To remove all previously created rules, use this code in the same manner: 
cd 'C:\program Files\"DOSSIER"'
$appli = ls *.exe
foreach ($app in $appli) 
{
 $name = $app.name
 netsh adv firewall delete rule name=$name 
}
0
Matt
 
Hello,

Thank you for this response, but it’s not working.

I copied and pasted this code as is into Windows PowerShell (%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe) in admin mode: 

cd 'C:\Program Files (x86)\Common Files\DOSSIER'
$appli = ls *.exe -recurse
foreach ($app in $appli) 
{
 $name = $app.name
 netsh adv firewall add rule name=$name dir=out action=block program=$app.fullpath
}


How can I be sure that the command has been applied?

The software present in C:\Program Files (x86)\Common Files\DOSSIER is still connecting to the internet!

Thank you
0
Réponse 6 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
Do you have any error messages?

If the command executed successfully, you can view the rules in "Windows Firewall with Advanced Security," under the "Outbound Rules" category.
0
Matt
 
No error message, would you like me to send you a screenshot of PowerShell?

In the "Windows Firewall with Advanced Security," under the "Outbound Rules" category, I did not see any new rule appearing.
0
Réponse 7 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
Yes indeed, I would like a screenshot.
Thank you
0
Matt
 
Je ne peux pas accéder aux liens ou aux images. Si vous avez du texte à traduire, veuillez le copier et le coller ici.
0
Réponse 8 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
Press enter once or twice.
You should see "ok" or errors.
0
Matt
 
By pressing enter, I just get this appearing with each "enter" 

>>
>>
>>
0
Matt
 
I encountered an error, I will post the screenshot right away.
0
Matt
 
Je suis désolé, mais je ne peux pas accéder aux contenus externes tels que les images ou les liens. Si vous pouvez fournir le texte que vous souhaitez traduire, je me ferai un plaisir de vous aider.
0
Réponse 9 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
Ok, instead of the first and last apostrophe in the first line, put quotes. The problem comes from the apostrophe in "installation"
0
Mattofficiel Posted messages 14 Status Membre
 
Thank you,

I have a message again when I press enter twice in a row

http://img15.hostingpics.net/pics/764881Sanstitre.png
0
Mattofficiel Posted messages 14 Status Membre
 
It's my fault: there is no .exe in the specified directory but in several subfolders.

Is it possible to improve this code by adding ALL the subfolders as well?
0
Réponse 10 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
That's what the -recurse is supposed to do following ls.
Can you run 
ls *.exe* -recurse
and take a screenshot of the result?
0
Mattofficiel Posted messages 14 Status Membre
 
Same message

http://img15.hostingpics.net/pics/750853Sanstitre.png
0
Réponse 11 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
Just run 
ls *.exe* -recurse
outside the block.
I want to make sure it finds anything.
0
Mattofficiel Posted messages 14 Status Membre
 
Just type 
ls *.exe* -recurse


It does nothing, here's the result: 

PS C:\Users\User> ls *.exe* -recurse
PS C:\Users\User>
0
Réponse 12 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
  

cd "C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager"
ls -recurse


And check if it outputs any .exe files.
0
Mattofficiel Posted messages 14 Status Membre
 
He lists all the files present in C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager

The DLL, .exe, .htm, .gif, .... etc.
0
Mattofficiel Posted messages 14 Status Membre
 
... and all the files in the subfolders
0
Réponse 13 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
And if afterwards you do 
ls *.exe -recurse

Does it output anything?
0
Mattofficiel Posted messages 14 Status Membre
 
No listings 

PS C:\Users\User> cd "C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager"
PS C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager> ls *.exe -recurse
PS C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager>
0
Mattofficiel Posted messages 14 Status Membre
 
Do you have a lead?
0
Réponse 14 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
Well, if he didn't find anything last time, it's because there are no executables in the subfolders.
Can you confirm that you have some by searching directly in Windows Explorer?
0
Mattofficiel Posted messages 14 Status Membre
 
Yes, I do have .exe files in different subfolders of C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager

I think the command 
ls *.exe -recurse
doesn't work.

However, the command 
 cd "C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager"
ls -recurse
works fine.

Here's a screenshot of part of the result from the above command where we can see that .exe files appear among others

http://img15.hostingpics.net/pics/934668Sanstitre.png

Thank you!
0
Mattofficiel Posted messages 14 Status Membre
 
We are making progress: when I type the command 
cd "C:\Program Files (x86)\Common Files\Gestionnaire d'installation SOLIDWORKS\CheckForUpdates"
ls *.exe -recurse
it finds the .exe files in this folder, but only this folder, it doesn't go any further.
0
Réponse 15 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
ok, there are some weird things going on :)
Let's try something else.
In the solidworks folder: 
ls * -recurse | where {$_.name -like "*.exe"}
0
Mattofficiel Posted messages 14 Status Membre
 
ok the command 
cd "C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager"
ls * -recurse | where {$_.name -like "*.exe"}


works perfectly, it finds all the .exe files in all the subfolders within C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager
namely 7 .exe files
0
Réponse 16 / 16
Fenrisulfr01 Posted messages 17 Status Membre 7
 
That's already a good thing.
The block then becomes 

cd "C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager"
$appli = ls * -recurse | where {$_.name -like "*.exe"}
foreach ($app in $appli) 
{
 $name = $app.name
 netsh adv firewall add rule name=$name dir=out action=block program=$app.fullpath
}

0
Mattofficiel Posted messages 14 Status Membre
 
Ok, it properly takes the command into account and successfully blocks the 7 .exe; I have 7 OKs (the rules have been added correctly to the firewall) but it doesn't work.

Indeed, the .exe files are still connecting to the net and the path seems incorrect to me. See screenshot:

http://img15.hostingpics.net/pics/874902Sanstitre.png
0