Batch script to block internet access for all .exe files in a folder recursively using Windows Firewall (inbound and outbound rules). Includes dynamic folder path input, usage instructions, and automation.

block-internet-access-folder-executables-windows-firewall.bat

:: Batch Script: block_folder.bat
:: Author: https://github.com/ph33nx
:: Description: Blocks all .exe files in the specified folder (and subfolders) from accessing the internet (both inbound and outbound) using Windows Firewall.
:: Usage: 
::   block_folder.bat [FolderPath] 
::     - Pass the folder path containing the .exe files to block.
::   block_folder.bat -h
::     - Displays this help message.

:: Check for admin rights and relaunch as admin if not already
@echo off
NET SESSION >nul 2>&1
IF %ERRORLEVEL% NEQ 0 (
    echo [INFO] Requesting administrator privileges...
    powershell -Command "Start-Process '%~f0' -ArgumentList '%*' -Verb RunAs"
    exit /b
)

setlocal enabledelayedexpansion

REM Check if a parameter is passed
if "%~1"=="" goto help
if "%~1"=="-h" goto help

REM Get the folder path from the argument
set "folderPath=%~1"

REM Verify if the folder exists
if not exist "%folderPath%" (
    echo [ERROR] The specified folder does not exist: %folderPath%
    exit /b 1
)

REM Extract base folder name from the provided path
for %%A in ("%folderPath%") do set "baseFolderName=%%~nA"

REM Display a confirmation message
echo [INFO] Blocking all .exe files in folder: %folderPath%

REM Loop through all .exe files in the folder and create firewall rules
for /r "%folderPath%" %%F in (*.exe) do (
    set "filePath=%%F"
    set "fileName=%%~nxF"
    
    REM Enable delayed expansion inside the loop to use updated variables
    call :AddFirewallRules "!filePath!" "!baseFolderName!" "!fileName!"
)

REM Final message
echo [INFO] All .exe files in %folderPath% have been blocked (inbound and outbound).
echo [INFO] You can view the rules in Windows Defender Firewall with Advanced Security by opening it from the Start menu.
exit /b 0

:AddFirewallRules
REM Arguments: %1 = filePath, %2 = baseFolderName, %3 = fileName
set "filePath=%~1"
set "baseFolderName=%~2"
set "fileName=%~3"

REM Generate rule names with base folder name and file name
set "ruleName=Block %baseFolderName% %fileName% (automated)"

echo [INFO] Adding outbound block rule for: %filePath%
netsh advfirewall firewall add rule name="%ruleName% OUT" dir=out program="%filePath%" action=block enable=yes >nul

echo [INFO] Adding inbound block rule for: %filePath%
netsh advfirewall firewall add rule name="%ruleName% IN" dir=in program="%filePath%" action=block enable=yes >nul

goto :eof

:help
echo Usage: block_folder.bat [FolderPath]
echo.
echo This script blocks all .exe files in the specified folder and its subfolders from accessing the internet (inbound and outbound) using Windows Firewall.
echo.
echo Parameters:
echo   FolderPath  - Path to the folder containing .exe files to block.
echo   -h          - Display this help message.
echo.
echo Example:
echo   block_folder.bat "C:\Program Files\Adobe"
exit /b 0

Dude, i need your help, i use your code to block all programs of Adobe, but i have another apps then i pay, but this apps cant use IA to Generative Fill and uptdate, i use photoshop and ligthroom, how i can enable the conexion or deactivate or delete de block host, i hope you can help, i dont know about cmd and programation

This is a really good script! and thank you @ph33nx for this.
But it fails to mention one key thing to - Run this in Admin mode
And due to the >null parameter in lines 56 and 59, the error message which says to run this rule in Admin mode is not displayed 😅 .

So for @maxzugu , please check if you are running this rule in Admin mode - and if yes, you can view and edit or modify this rule in
Windows Defender Firewall application.

Else, if you would like a cli, alternative, please read up on configuring windows firewall with command line
Hope this helps

Hey, first thanks a lot for this code! Really helpful.
But I have a question: when I try to run it for "C:\Program Files (x86)\Adobe\Adobe Creative Cloud" it doesn't work (I assume it's because of the blanks):

$ cd C:\Users\user\Desktop
$ block_folder.bat "C:\Program Files (x86)\Adobe\Adobe Creative Cloud"
\Adobe\Adobe was unexpected at this time.