C:\Program Files\Internet Explorer\iexplore.exe
. Do not forget that the owners of 64-bit systems should create one more such rule, only for Program Files (x86)
(IE is also installed there). After selecting a file, select the item “Allow connection”, then check the desired network profiles. It remains only to come up with a name for our rule. I recommend all the rules to write with the same word / symbol, then it will be more convenient to search. The created rule will be displayed in the general list.
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(path for a 64-bit system). This is a common situation, so do not rush to add services, start with exe. In addition, ping will stop working in our system. For it, you need to add a rule of the “Configurable” type, leave everything by default, just select the ICMPv4 protocol and click “Configure” at the bottom, where you can tick only the “Echo request” checkbox. Now ping and tracert will work. For IPv6 repeat, but already with the ICMPv6 protocol. If a rule has already been created, but something needs to be changed in it, this can be easily done by selecting the necessary rule in the list and going into its properties. On the tabs, you can customize everything for every taste - to tie the service to a specific exe, restrict the program in ports, etc.
%USERPROFILE%\AppData\Local\Microsoft\OneDrive\OneDrive.exe
and everything should work. But, having spent several months, I came to the C:\Users\ProfileName\AppData\Local\Microsoft\OneDrive\OneDrive.exe
that, it turns out, it was necessary to prescribe the direct path C:\Users\ProfileName\AppData\Local\Microsoft\OneDrive\OneDrive.exe
, although in previous OS of the same family everything worked well and with the first option (riddle?).
Set-ExecutionPolicy Unrestricted Set-ExecutionPolicy Default #
Set-NetFirewallProfile -All -DefaultOutboundAction Block
New-NetFirewallRule -Program 'C:\Windows\explorer.exe' -Action Allow -Profile Any -DisplayName ' explorer.exe' -Direction Outbound
$programs
. Let's start with a simple one: Internet Explorer, Google Chrome, Tor Browser, Yandex.Browser, Notepad ++, Visual Studio 2015, qBittorrent, HWMonitor, OneDrive, PowerShell, PowerShell ISE, Steam, CS GO, TeamViewer, and so on - all more or less simple applications which require access from 1-2 exe files to access the network.
# $env - %USERPROFILE%, %SystemRoot% .. $programs = (' Internet Explorer (x86)', (${env:ProgramFiles(x86)}+'\Internet Explorer\iexplore.exe')), (' Internet Explorer', ($env:ProgramFiles+'\Internet Explorer\iexplore.exe')), (' Google Chrome', (${env:ProgramFiles(x86)}+'\Google\Chrome\Application\chrome.exe')), (' Google Update', (${env:ProgramFiles(x86)}+'\Google\Update\GoogleUpdate.exe')), (' Tor Browser', ($env:USERPROFILE+'\AppData\Local\Tor Browser\Browser\firefox.exe')), (' Tor Browser updater', ($env:USERPROFILE+'\AppData\Local\Tor Browser\Browser\updater.exe')), (' Yandex.Browser', ($env:USERPROFILE+'\AppData\Local\Yandex\YandexBrowser\Application\browser.exe')), (' Notepad++ (GUP)', (${env:ProgramFiles(x86)}+'\Notepad++\updater\GUP.exe')), (' Visual Studio 2015', (${env:ProgramFiles(x86)}+'\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe')), (' Blend (Visual Studio)', (${env:ProgramFiles(x86)}+'\Microsoft Visual Studio 14.0\Common7\IDE\Blend.exe')), (' qBittorrent', (${env:ProgramFiles(x86)}+'\qBittorrent\qbittorrent.exe')), (' HWMonitor', ($env:ProgramFiles+'\CPUID\HWMonitor\HWMonitor.exe')), (' OneDrive', ($env:USERPROFILE+'\AppData\Local\Microsoft\OneDrive\OneDrive.exe')), (' PowerShell ( )', ($env:SystemRoot+'\System32\WindowsPowerShell\v1.0\powershell.exe')), (' PowerShell ISE ( )', ($env:SystemRoot+'\System32\WindowsPowerShell\v1.0\powershell_ise.exe')), (' Steam', (${env:ProgramFiles(x86)}+'\Steam\Steam.exe')), (' steamwebhelper', (${env:ProgramFiles(x86)}+'\Steam\bin\steamwebhelper.exe')), (' Steam CS GO', ('D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe')), (' TeamViewer', (${env:ProgramFiles(x86)}+'\TeamViewer\TeamViewer.exe')), (' TeamViewer_Service', (${env:ProgramFiles(x86)}+'\TeamViewer\TeamViewer_Service.exe'))
(' AvastUI+', ($env:ProgramFiles+'\AVAST Software\Avast\AvastUI.exe')), (' AvastSvc', ($env:ProgramFiles+'\AVAST Software\Avast\AvastSvc.exe')), (' Avast (AvastEmUpdate)', ($env:ProgramFiles+'\AVAST Software\Avast\AvastEmUpdate.exe')), (' Avast (instup)', ($env:ProgramFiles+'\AVAST Software\Avast\setup\instup.exe')), (' Mozilla Firefox', (${env:ProgramFiles(x86)}+'\Mozilla Firefox\firefox.exe'))
foreach($prog in $programs) { try { New-NetFirewallRule -Program $prog[1] -Action Allow -Profile Any -DisplayName $prog[0] -Direction Outbound Write-Host ': '$prog[0] } catch { Write-Host ': '$prog[0] } Write-Host }
try { $i = ' Windows Update/Modern Apps' New-NetFirewallRule -Program ($env:SystemRoot+'\System32\svchost.exe') -Protocol TCP -RemotePort 80, 443 -Action Allow -Profile Any -DisplayName $i -Direction Outbound $i = ' Avast ()' New-NetFirewallRule -Service 'avast! Antivirus' -Action Allow -Profile Any -DisplayName $i -Direction Outbound $i = ' Mozilla Maintenance Service' New-NetFirewallRule -Service 'MozillaMaintenance' -Action Allow -Profile Any -DisplayName $i -Direction Outbound $i = ' ping (v4)' New-NetFirewallRule -Profile Any -Action Allow -DisplayName $i -Protocol ICMPv4 -IcmpType 8 -Direction Outbound $i = ' ping (v6)' New-NetFirewallRule -Profile Any -Action Allow -DisplayName $i -Protocol ICMPv6 -IcmpType 8 -Direction Outbound $i = ' Windows' New-NetFirewallRule -Service 'WSService' -Action Allow -Profile Any -DisplayName $i -Direction Outbound # , ( , ) $i = ' ()' New-NetFirewallRule -Enabled False -Action Allow -Profile Private -DisplayName $i -Direction Outbound Write-Host ' ' } catch { Write-Host ' :' $i } Write-Host
Set-NetFirewallProfile -All -DefaultOutboundAction Block $programs = (' Internet Explorer (x86)', (${env:ProgramFiles(x86)}+'\Internet Explorer\iexplore.exe')), (' Internet Explorer', ($env:ProgramFiles+'\Internet Explorer\iexplore.exe')), (' Google Chrome', (${env:ProgramFiles(x86)}+'\Google\Chrome\Application\chrome.exe')), (' Google Update', (${env:ProgramFiles(x86)}+'\Google\Update\GoogleUpdate.exe')), (' Tor Browser', ($env:USERPROFILE+'\AppData\Local\Tor Browser\Browser\firefox.exe')), (' Tor Browser updater', ($env:USERPROFILE+'\AppData\Local\Tor Browser\Browser\updater.exe')), (' Yandex.Browser', ($env:USERPROFILE+'\AppData\Local\Yandex\YandexBrowser\Application\browser.exe')), (' Notepad++ (GUP)', (${env:ProgramFiles(x86)}+'\Notepad++\updater\GUP.exe')), (' Visual Studio 2015', (${env:ProgramFiles(x86)}+'\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe')), (' Blend (Visual Studio)', (${env:ProgramFiles(x86)}+'\Microsoft Visual Studio 14.0\Common7\IDE\Blend.exe')), (' qBittorrent', (${env:ProgramFiles(x86)}+'\qBittorrent\qbittorrent.exe')), (' HWMonitor', ($env:ProgramFiles+'\CPUID\HWMonitor\HWMonitor.exe')), (' OneDrive', ($env:USERPROFILE+'\AppData\Local\Microsoft\OneDrive\OneDrive.exe')), (' PowerShell ( )', ($env:SystemRoot+'\System32\WindowsPowerShell\v1.0\powershell.exe')), (' PowerShell ISE ( )', ($env:SystemRoot+'\System32\WindowsPowerShell\v1.0\powershell_ise.exe')), (' Steam', (${env:ProgramFiles(x86)}+'\Steam\Steam.exe')), (' steamwebhelper', (${env:ProgramFiles(x86)}+'\Steam\bin\steamwebhelper.exe')), (' Steam CS GO', ('D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe')), (' TeamViewer', (${env:ProgramFiles(x86)}+'\TeamViewer\TeamViewer.exe')), (' TeamViewer_Service', (${env:ProgramFiles(x86)}+'\TeamViewer\TeamViewer_Service.exe')), (' explorer.exe', ($env:SystemRoot+'\explorer.exe')), (' AvastUI+', ($env:ProgramFiles+'\AVAST Software\Avast\AvastUI.exe')), (' AvastSvc', ($env:ProgramFiles+'\AVAST Software\Avast\AvastSvc.exe')), (' Avast (AvastEmUpdate)', ($env:ProgramFiles+'\AVAST Software\Avast\AvastEmUpdate.exe')), (' Avast (instup)', ($env:ProgramFiles+'\AVAST Software\Avast\setup\instup.exe')), (' Mozilla Firefox', (${env:ProgramFiles(x86)}+'\Mozilla Firefox\firefox.exe')) foreach($prog in $programs) { try { New-NetFirewallRule -Program $prog[1] -Action Allow -Profile Any -DisplayName $prog[0] -Direction Outbound Write-Host ': '$prog[0] } catch { Write-Host ': '$prog[0] } Write-Host } try { $i = ' Windows Update/Modern Apps' New-NetFirewallRule -Program ($env:SystemRoot+'\System32\svchost.exe') -Protocol TCP -RemotePort 80, 443 -Action Allow -Profile Any -DisplayName $i -Direction Outbound $i = ' Avast ()' New-NetFirewallRule -Service 'avast! Antivirus' -Action Allow -Profile Any -DisplayName $i -Direction Outbound $i = ' Mozilla Maintenance Service' New-NetFirewallRule -Service 'MozillaMaintenance' -Action Allow -Profile Any -DisplayName $i -Direction Outbound $i = ' ping (v4)' New-NetFirewallRule -Profile Any -Action Allow -DisplayName $i -Protocol ICMPv4 -IcmpType 8 -Direction Outbound $i = ' ping (v6)' New-NetFirewallRule -Profile Any -Action Allow -DisplayName $i -Protocol ICMPv6 -IcmpType 8 -Direction Outbound $i = ' Windows' New-NetFirewallRule -Service 'WSService' -Action Allow -Profile Any -DisplayName $i -Direction Outbound # , ( , ) $i = ' ()' New-NetFirewallRule -Enabled False -Action Allow -Profile Private -DisplayName $i -Direction Outbound Write-Host ' ' } catch { Write-Host ' :' $i } Write-Host
Source: https://habr.com/ru/post/275549/