Results 1 to 7 of 7

Thread: [RESOLVED] Configuring Windows Defender Firewall (Outbound)

  1. #1

    Thread Starter
    Fanatic Member
    Join Date
    Feb 2017
    Posts
    700

    Resolved [RESOLVED] Configuring Windows Defender Firewall (Outbound)

    I'd like to prevent any graphic files (.BMP, JPEG, TIFF, etc.)
    from being sent out of the system. Is this possible?
    If so how?

    Thanks

    Possible Link Help:
    {no example of a rule}
    https://docs.microsoft.com/en-us/win...ound-port-rule

    {Good discussion, but focuses more on ports}
    https://www.wilderssecurity.com/thre...-rules.428147/

    {Possible list for how to}
    https://www.google.com/search?q=wind...+firewall+rule
    Last edited by vb6forever; Sep 23rd, 2021 at 10:11 PM.

  2. #2
    Administrator Steve R Jones's Avatar
    Join Date
    Apr 2012
    Location
    Largo, FL.
    Posts
    1,396

    Re: Configuring Windows Defender Firewall (Outbound)

    Describe "Sent Out."

    Putting all the files in a folder(s) that only you have permission to access comes to mind.
    "I have been wanting to grow my own food but I can not find any bacon seeds."

  3. #3
    PowerPoster Zvoni's Avatar
    Join Date
    Sep 2012
    Location
    To the moon and then left
    Posts
    2,706

    Re: Configuring Windows Defender Firewall (Outbound)

    I don't think, you can create OutBound rules regarding File-Types.
    As Steve asked: How would they be sent out? With Mail? If Yes, which Mail-Client?
    I'd rather look in the Rules of your Mail-Client if you can suppress certain Filetypes as attachments

    EDIT: Steve, wouldn't help if he catches a Mail-Worm/Virus running under his own User-Context
    One System to rule them all, One IDE to find them,
    One Code to bring them all, and to the Framework bind them,
    in the Land of Redmond, where the Windows lie
    ---------------------------------------------------------------------------------
    People call me crazy because i'm jumping out of perfectly fine airplanes.
    ---------------------------------------------------------------------------------
    For health reasons i try to avoid reading unformatted Code

  4. #4

    Thread Starter
    Fanatic Member
    Join Date
    Feb 2017
    Posts
    700

    Re: Configuring Windows Defender Firewall (Outbound)

    Thanks Steve and Zvoni for responding.
    I may be looking at this in the wrong context, but what I'm after is trying to eliminate any possibility of a particular ActiveX (NOT mine) from screen scraping
    and then taking that image in whatever format and bringing it back for examination on their server. The ActiveX is used in one of my programs and looking inside the binary, as expected there are a
    number of API's. Whether they have code embedded inside the ActiveX, that allows remote access from their server, and then either invoke those API's, and/or already have an embedded function as part of that ActiveX to take a screen shot or do whatever is unknown.

    I've pursued this particular vulnerability issue over a number of years, but have yet to find a resolution. Was hoping development (MS-Win10) has reached a point where they now allow control of a needed foreign (not developed in-house) program that resides on ones system.
    Last edited by vb6forever; Sep 24th, 2021 at 01:11 PM.

  5. #5
    PowerPoster
    Join Date
    Feb 2006
    Posts
    22,951

    Re: Configuring Windows Defender Firewall (Outbound)

    If I were going to be that sneaky I'd probably just compress the image as PNG (since it probably isn't really photographic but blocks and swathes of solid colors) and maybe flip each byte of it by repeating some run of XORed "key" bytes as many times as needed.

    It seems unlikely any "outbound sniffing" is going to detect such BLOBs as images.

    If you can't trust the 3rd party library you are using then just replace it. If I was working in an environment this hostile I'd probably find another hobby.

  6. #6

    Thread Starter
    Fanatic Member
    Join Date
    Feb 2017
    Posts
    700

    Re: Configuring Windows Defender Firewall (Outbound)

    dilettante:
    Thanks for responding.

    It seems unlikely any "outbound sniffing" is going to detect such BLOBs as images.
    IMHO this issue has been a major security risk for years. With the number of 3rd party ActiveX's being used, and no one being able to either monitor them or really know what they're doing, it leaves a big security hole. The general caveat is, if you "think" you can't trust them, don't use them, but this is NOT always a viable option.
    Had hoped MS had come up with a way to finally address this issue.

  7. #7
    PowerPoster
    Join Date
    Feb 2006
    Posts
    22,951

    Re: [RESOLVED] Configuring Windows Defender Firewall (Outbound)

    Well, two ideas come to mind but they both presume your application doesn't use TCP/IP or Winsock.

    The simple one might be to configure a Windows Firewall rule for your application that blocks TCP and UDP for all ports.

    Or you might create a dummy ws2_32.dll as a private assembly, so anything relying on Winsock in your application gets redirected to that.

    Either way might cause your application to just crash, but the latter might avoid that if you implement all of the entrypoints compatibly and just change them to report good results without doing anything.

    The first way might be a good approach to diagnose the issue though. If you block outgoing connections and your program crashes that might be suspicious. If it doesn't crash then the criminal code might just assume you have no Internet access and play dumb waiting until you do.


    However there is no magical filtering genie to examine all outbound traffic for possible images, which could well be encrypted anyway.

    If you are using garbageware like this (or even any version of Windows prior to Windows 8.1 Fire Two) maybe you should only run on machines isolated from the Internet.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width