How to Create an Outbound Firewall Rule for a Specific Process
🔍 WiseChecker

How to Create an Outbound Firewall Rule for a Specific Process

by

Quick fix: Open Windows Defender Firewall with Advanced Security (wf.msc). Click Outbound Rules → New Rule → Program. Browse to the EXE. Choose Block the connection. Pick profiles. Name the rule. The app can no longer make outbound connections.

You want to prevent a specific app from connecting to the internet — a game checking for updates, telemetry, an app that shouldn’t phone home. Default Windows allows outbound. Create an explicit Outbound rule to block. PowerShell scripts the same for automation.

Symptom: Want to block a specific app from outbound network access while leaving other apps free.
Affects: Windows 11 (and Windows 10) with Windows Defender Firewall.
Fix time: ~5 minutes.

ADVERTISEMENT

What causes this

Windows Defender Firewall allows all outbound traffic by default and blocks inbound from unknown sources. To restrict outbound for a specific app, create an explicit Block rule for that app. Once created, Windows blocks every outbound connection from the app.

Method 1: Create rule via Windows Defender Firewall with Advanced Security

The standard route.

  1. Press Win + R, type wf.msc, press Enter.
  2. In the left pane, click Outbound Rules.
  3. In the right pane, click New Rule.
  4. Rule type: Program. Click Next.
  5. Program path: browse to the EXE. Click Next.
  6. Action: Block the connection. Click Next.
  7. Profile: tick Domain, Private, Public (or just relevant ones). Click Next.
  8. Name: descriptive (e.g., “Block GameUpdater outbound”). Optional description. Click Finish.
  9. The rule appears in the Outbound Rules list. Verify Action column = Block.
  10. The app can no longer initiate outbound connections.
  11. To disable rule temporarily: right-click → Disable Rule. Re-enable as needed.

This is the standard rule creation.

ADVERTISEMENT

Method 2: Create rule via PowerShell

For scripted/automated rule creation.

  1. Open Terminal (Admin).
  2. Block specific EXE outbound: 
    New-NetFirewallRule -DisplayName "Block AppName Outbound" -Direction Outbound -Program "C:\Path\to\app.exe" -Action Block -Profile Domain,Private,Public
  3. Block specific port (e.g., port 12345 outbound): 
    New-NetFirewallRule -DisplayName "Block port 12345 out" -Direction Outbound -Protocol TCP -RemotePort 12345 -Action Block
  4. Block by remote IP (e.g., specific telemetry server): 
    New-NetFirewallRule -DisplayName "Block telemetry IP" -Direction Outbound -RemoteAddress 203.0.113.45 -Action Block
  5. List rules: Get-NetFirewallRule -Direction Outbound -Action Block | Format-Table DisplayName, Enabled.
  6. Remove rule: Remove-NetFirewallRule -DisplayName "Block AppName Outbound".
  7. For mass rule creation: save commands in PS1 script; deploy via Intune or scheduled task.

PowerShell is the right tool for IT automation.

Method 3: Use third-party firewall for richer per-process control

For granular control beyond Windows Firewall.

  1. Install SimpleWall from github.com/henrypp/simplewall (free, opensource).
  2. SimpleWall’s default mode: block all by default, prompt for each new outbound. Click Allow or Block.
  3. For Windows Defender Firewall power-user UI: WindowsFirewallControl from Malwarebytes (free, was BiniSoft). Adds “Allowed/Blocked/Disabled” modes.
  4. For network monitor + firewall: GlassWire (free tier). Visualizes connections; one-click block.
  5. For Linux-style iptables-like control: NetLimiter (paid) — per-process bandwidth + connection rules.
  6. For ad/tracking blocking system-wide: Pi-hole (Raspberry Pi or VM) blocks at DNS level. Combines with firewall rules for ad/telemetry control.

This is the right path for advanced firewall workflows.

How to verify the fix worked

  • Launch the blocked app. Try to use a feature requiring internet. App reports connection error or hangs.
  • Open wf.msc → Outbound Rules → sort by Action. Your Block rule is listed with Action = Block.
  • Use netstat -ano | findstr ESTABLISHED to verify no active connections from the app’s PID.

If none of these work

If the app still connects despite rule: Multiple EXEs for the app: many apps run from several EXEs. Block rule for app.exe doesn’t cover updater.exe or service.exe. List all the app’s processes via Task Manager and add rules for each. Service running as System: Windows Services run independently. Block process EXE; the service path is different. Check via sc qc ServiceName. Add rule for service binary. App uses VPN tunnel: traffic through VPN bypasses local firewall. VPN client’s firewall is separate. Inbound traffic still occurs: Outbound block doesn’t stop incoming. Add Inbound rule too if needed. For corporate-managed PCs: Group Policy may override your rules. Check gpresult. For UWP apps: blocking by EXE doesn’t work; use Windows Privacy & security → Background apps to restrict. Or block at MMC console with package-based rules.

Bottom line: wf.msc → Outbound Rules → New Rule → Program → Block. Or PowerShell New-NetFirewallRule -Direction Outbound -Action Block. Granular control per-EXE.

ADVERTISEMENT

← Back to WiseChecker HomeMore in Windows & PC

🔍 Recommended for You