Ask a new question

Windows Firewall Event Viewer questions

Hello

 I have some questions. How do I know Windows Firewall is blocking malware? How do I know that someone is trying to hack into my computer when I get no warning message? The Comodo Firewall actually says how many intrusions were blocked in the user interface. Also, I have 935 events logged in my Firewall according to the Event Viewer, I find the following message:

"A rule has been added to the Windows Defender Firewall exception list"

What does this mean? Is it normal to have 900 events? How do I know when Windows Firewall has blocked a malicious program? Who or what is adding new rules to the exception list? I have zero events in ConnectionSecurity, ConnectionSecurityVerbose and the rest.

Will my computer be more secure if I block  Outbound Connections in my firewall? What happens if you block Outbound Connections and why are they allowed. What makes Comodo Firewall different from Windows?

How do I make my Firewall more secure or should I leave at default?

* Moved from Virus & Malware

* Merged *

What does mean in the Event Viewer

"A rule has been added to the Windows Defender Firewall exception list"

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

A firewall blocks or opens ports to Windows services, including remote attacks by computers trying to get into your PC from the outside, it doesn't block malware.

Blocking malware is the job of your antivirus/antimalware programs and though some 3rd-party companies try to combine these, that typically just confuses most PC users, so Microsoft doesn't do this.

Microsoft also tries not to display annoying and confusing pop-up messages that most consumers have no idea how to answer, so they usually automatically configure firewall rules based on the installation process a newly installed program performs.  So when, say, Firefox is installed it will also request during the installation that the Windows firewall enable it to use the outbound and inbound ports for things like html (port 80) or FTP for example.

Blocking outbound connections only works if every single possibility that any program might need outbound access to has been created.  Since many programs assume that outbound ports will already be open, this setting typically breaks many things, so it's generally not done except by extremely paranoid users with nothing better to do.

As with anything on a highly complex system like a computer, if you have to ask, then leave it alone.  All you'll end up doing is breaking something you didn't expect, which at best might cause a single application to fail and at worst might end up allowing attacks to succeed, since not fully understanding the ramifications of what you're doing can cause undesired results.

Rob

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

* Merged

* Original title: The Event Viewer for the Windows Firewall

The Event Viewer for the Windows Firewall is saying:

ConnectionSecurity   Number of Events  = ZERO

ConnectionSecurity Verbose    Number of Events  =   ZERO

Firewall Verbose   Number of Events  =  ZERO

Network Isolation Operational   Number of Events  =   ZERO


But the Firewall says 925  events

What does this mean? Is it good news? Has my firewall blocked any virus or malware?

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

@ Paintyourworld:

Please stay with this thread and don't re-ask this Firewall question as a new question/new thread.

Don

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated October 22, 2023 Views 3,694 Applies to: