Following this topic (Thanks @crossroads !)
This is for Windows Defender on Windows 11.
Following a recommendation from someone on PG forums, I already applied “Windows Spy Blocker” basic rules.
But I stumbled upon many “Allow” rules and I wonder if I can delete them or will this break stuff? For instance I have 3 allow rules for “Xbox Identity Provider”. I don’t have a Xbox account, can I delete those?
Thanks!
Pinging @Average_Joe as I know you’ve been playing with Firewalls in the last few months.
Would you or someone else know?
In my experience, you should not delete these rules. Rather, switch the Action from Allow to Deny in order to block the connection.
If your threat model allows for it, I find it personally more useful to go with a third party firewall solution where you can whitelist applications and connections rather than having to blacklist.
In my experience, you should not delete these rules. Rather, switch the Action from Allow to Deny in order to block the connection.
This is correct. Usually the outbound default action is to allow, so deleting outbound allow rules has no effect and you would need to deny the traffic explicitly for it to actually be blocked.
As for whether this should be done for a given rule, it really depends on if doing so would break any functionality you need. You may need to test and be prepared to undo your changes if necessary.
If your threat model allows for it, I find it personally more useful to go with a third party firewall solution where you can whitelist applications and connections rather than having to blacklist.
This can be done easily with the built-in firewall too. Just change the default outbound action to deny.
