Skip to content

Instantly share code, notes, and snippets.

@scuq

scuq/firewall-blockappdata.bat

Created October 11, 2015 21:03
Show Gist options
  • Save scuq/2ad5b178f96b49f0e202 to your computer and use it in GitHub Desktop.
Save scuq/2ad5b178f96b49f0e202 to your computer and use it in GitHub Desktop.
Download ZIP
configure windows firewall, block outbound traffic from .exe/binary located in %appdata%
Raw
firewall-blockappdata.bat
netsh advfirewall reset
netsh advfirewall set allprofiles logging droppedconnections enable
netsh advfirewall set allprofiles logging maxfilesize 4096
netsh advfirewall set allprofiles logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log
netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound
netsh advfirewall set allprofiles state on
netsh advfirewall set currentprofile state on
dir %APPDATA% /s /b | findstr /e .exe > %temp%\appdataexe.txt
dir %LOCALAPPDATA% /s /b | findstr /e .exe >> %temp%\appdataexe.txt
dir %TEMP% /s /b | findstr /e .exe >> %temp%\appdataexe.txt
dir %ProgramFiles% /s /b | findstr /e .exe >> %temp%\appdataexe.txt
dir %ProgramFiles(x86)% /s /b | findstr /e .exe >> %temp%\appdataexe.txt
FOR /F "tokens=*" %%G IN (%temp%\appdataexe.txt) DO call :blockapp %%G
:blockapp
netsh advfirewall firewall add rule name="Block %1" dir=out action=block program="%1" enable=yes
netsh advfirewall firewall add rule name="Block %1" dir=in action=block program="%1" enable=yes
@maicoross
Copy link

Very good !!
I tried the script to block a program in "%ProgramFiles%\program"
by changing the paths. But added in Firewall only the first line of exe.txt
At the command prompt it appears like this in the command neths advfarewall ... in the line: C:\Windows\system32> netsh advfirewall firewall add rule name="Block C:\Program" dir=in action=block program="C:\Program" enable=yes

What could be wrong? Tranks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment