Windows Firewall - how to block inbound for all .exe files in a folder
You can use a Simple Batch File. Open Notepad and copy/paste the script below into a blank document. Save the file as BLOCKALL.BAT. Now copy that file to the same directory as the EXEs you want to block and double click it. It will add outbound rules to advanced Windows Firewall settings blocking all EXEs in that folder and sub-folders as well.
It is tested with Windows 7, but it should work with other versions of Windows that use Windows Firewall.
NOTE: Batch starts itself in system32. Thus you need to prepend it with cd /d "%~dp0" to make it work in current directory.
The resulting script would be as follows:
@ setlocal enableextensions
@ cd /d "%~dp0"
for /R %%a in (*.exe) do (
netsh advfirewall firewall add rule name="Blocked with Batchfile %%a" dir=out program="%%a" action=block
)
*Configure and Add rules in windows firewall based on dynamic content (exe files) in that folder: *
you should work with PowerShell or command line tools that run everyday.
like this : Article Link
function Add-FirewallRule {
param(
$name,
$tcpPorts,
$appName = $null,
$serviceName = $null
)
$fw = New-Object -ComObject hnetcfg.fwpolicy2
$rule = New-Object -ComObject HNetCfg.FWRule
$rule.Name = $name
if ($appName -ne $null) { $rule.ApplicationName = $appName }
if ($serviceName -ne $null) { $rule.serviceName = $serviceName }
$rule.Protocol = 6 #NET_FW_IP_PROTOCOL_TCP
$rule.LocalPorts = $tcpPorts
$rule.Enabled = $true
$rule.Grouping = "@firewallapi.dll,-23255"
$rule.Profiles = 7 # all
$rule.Action = 1 # NET_FW_ACTION_ALLOW
$rule.EdgeTraversal = $false
$fw.Rules.Add($rule)
}
# Sample Usage
Add-FirewallRule "Test port 1234" "1234" $null $null
Add-FirewallRule "Test port 5555-6666" "5555-6666" $null $null
Add-FirewallRule "Test port 2222 Calc" 2222 "c:\windows\system32\calc.exe" $null
Add-FirewallRule "Test port 3333 W3SVC" 3333 $null "W3SVC"
There are also some good VBScript samples on MSDN which I used as a starting point.
BUT recommended that you add firewall or proxy in edge of your network, like ISA or SQUID for all of your inbound traffic in your LAN.
open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
Block responses containing Windows executable content visit this Article here
To block responses containing Windows executable content
1. In the console tree of ISA Server Management, click Firewall Policy.
2. In the details pane, click the applicable access rule or Web
publishing rule.
3. On the Tasks tab, click Edit Selected Rule.
4. On the Traffic tab (for Web publishing rules) or on the Protocols
tab (for access rules), click Filtering, and then click Configure
HTTP.
5. On the General tab, click Block responses containing Windows
executable content.
in our network that based on windows we have cache server named SQUID :
Squid content filtering: Block / download of music MP3, mpg, mpeg, exec files
First open squid.conf file /etc/squid/squid.conf:
vi /etc/squid/squid.conf
Now add following lines to your squid ACL section:
acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
You want display custom error message when a file is blocked:
Deny all blocked extension
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfile
Firewall App Blocker (Fab) added a feature to block all executable files in a folder in version 1.5. You can select between inbound and outbound rules.
