Windows7 Firewall Control Manual

A network-connected application should not be supposed completely safe if the application can be connected from/to any point of a network and/or the internet. Rare applications can be allowed to connect from/to anywhere without limitations. A web browser should not be limited to connect the internet in ordinary circumstances. However, there are specific situations web browser should be limited with the connection ability as well (parental control, for instance).

So the applications are to be limited with the connection abilities to keep the security up. Disk sharing, for instance, is hardly to be provided unrestrictedly; trusted computers/networks may access your shared media only. Windows 7 Firewall Control is the utility to manage applications network access and to provide applications with the network access security.

The applications security is provided by applying appropriate set of network access rules to applications depending on specific network activities permitted/prohibited to applications individually. The rule is a named set of parameters as IP address/sub network, protocol, port number etc. The rules are grouped into named entities, so called zones. The zones are named to reflect the zone purpose. The zones are applied/managed by name; so all the rules in a zone are used for an application at once providing with one-click application security management. Windows7FirewallControl provides suitable procedures for zone, zones groups and the rules management.

How It WorksAfter the installation/launching Windows7FirewallControl starts intercepting the network traffic and starts detecting/listing internet active applications. If an application tries to establish incoming or outgoing internet connect Windows7FirewallControl prompts with the Edit Application dialog to set the application with a proper security zone (a set of predefined enabling/disabling rules) from the zones list.

Windows7FirewallControl offers a set of predefined security zones to be applied to the application. The free version offers four zones to be applied to applications. The Plus/Network version has the rich set of predefined zones to choose from. The proper zone can be chosen by the zone name. The zones are strictly named accordingly their functionalities, so if an application (a web browser, for instance) is detected and you expect the application safe and the application's internet access attempt fits your security policy you can set an enabling (chosen by meaningful name) zone (WebBrowserZone, for instance).

The Plus (or Network/Cloud) version includes the Zone Adviser, an option to offer you the most probable safe zone to enable the detected application. The adviser analyses the initial access attempt parameters and suggests a proper zone basing on the application usage experience. The logic is fuzzy, but the Zone Adviser helps to choose the best zone rapidly.After a zone is applied to an application, the application starts following the zone, i.e. if a momentary activity is permitted by a rule from the applied zone, the application's connection is passed through the firewall. If a monetary activity is disabled (explicitly or implicitly), the activity is rejected.

Windows7 Firewall Control Page 1 of 2

Windows7FirewallControl shows the blocked events immediately, reason of the blocking is specified precisely. So if an application is blocked (accidentally over-blocked and does not work properly therefore), the blocking details help to realize the problem. In that case, you can choose (re-apply) a more proper zone to the application, edit the zone with Zone Editor, patch the zone to enable a specific activity with assistance of the Blocked Events tab (Plus or Network/Cloud Edition only) manually.

Any initial application access attempt is blocked by design for the detection, so after the application detecting/listing and applying a zone to the application the application has to reconnect. If the application is not able to reconnect automatically you will have to force the reconnection manually or restart the application. This happens only once while the application is being detected/listed, the listed applications follow applied zone without a hassle. Majority of applications are able to reconnect automatically though.

Take into account application's network activity is known in full by the application developers only and can not be predicted in full in advance. An application may generate/require activity you can not expect or explain easily. For instance, a web browser set with the OutgoingOnly zone looks reasonable at first glance, however, the browser should be rather set with the EnableAll zone as the browser utilizes some inter process communication to the supplemental components/services. The activity is local solely and safe, but with the activity accidentally disabled, the browsing could slow down unpredictably.

After launching Windows7FirewallControl the icon appears on the task-bar (usually next to the clock). Right clicking the icon opens the program menu. Left clicking the icon opens the main program interface.

Special ModesWindows7FirewallControl allows setting special modes for all the listed applications at once. The modes are available by right clicking the icon:

Mode: Normal - The applications are allowed/prohibited following the zones set in the Applications list;

Mode: EnableAll - Enables all the applications, switches the firewall off completely;

Mode: DisableAll - Disables all the applications regardless of per-application zone settings;

Mode: Expensive/Insecure Connection - The special mode for Internet connection made over Expensive or Distrusted network, over mobile phone/network or satellite. The mode allows applications marked as "Allow in Mode: Expensive/Insecure Connection" only (see "Edit Application Access") to follow the specified security zones only. All the other applications are blocked (excepting some system vital activities). The mode allows selected application access only suppressing other redundant potentially (not required immediately) operations, auto updates, background network operations and so on. (Plus version only)

Windows7 Firewall Control Page 2 of 2