Edit filter log

'{{Infobox software | name = Windows Defender Firewall | logo = Windows Firewall Vista icon.png | logo_size = x64px | screenshot = Windows Firewall.png | screenshot_size = 300px | caption = Windows Defender Firewall in [[Windows 10 Fall Creators Update]], reporting firewall is turned off. | developer = [[Microsoft]] | other_names = Windows Firewall <br/> Internet Connection Firewall | service_name = MpsSvc | operating system = {{ubl|[[Windows XP]] and later|[[Windows Server 2008]] and later}} | genre = [[Firewall (computing)|Firewall]] software }} '''Windows Firewall''' (officially called '''Windows Defender Firewall''' in [[Windows 10]]), is a [[Firewall (computing)|firewall]] component of Microsoft Windows. It was first included in [[Windows XP]] and [[Windows Server 2003]]. Prior to the release of [[Windows_XP#Service_Pack_2|Windows XP Service Pack 2]] in 2004, it was known as '''Internet Connection Firewall'''. With the release of Windows 10 version 1709 in September 2017, it was renamed Windows Defender Firewall. == Overview == When Windows XP was originally shipped in October 2001, it included a limited firewall called "Internet Connection Firewall". It was disabled by default due to concerns with backward compatibility, and the configuration screens were buried away in network configuration screens that many users never looked at. As a result, it was rarely used. In mid-2003, the [[Blaster (computer worm)|Blaster worm]] attacked a large number of Windows machines, taking advantage of flaws in the [[Remote procedure call|RPC]] Windows service.{{ref|ms03-026}}{{dead link|date=April 2018}} Several months later, the [[Sasser (computer worm)|Sasser worm]] did something similar. The ongoing prevalence of these worms through 2004 resulted in unpatched machines being infected within a matter of minutes.<ref>{{cite web|url=https://www.cnet.com/news/study-unpatched-pcs-compromised-in-20-minutes/|title=Study: Unpatched PCs compromised in 20 minutes|date=August 17, 2004|first=Robert|last=Lemos|work=[[CNET]]|publisher=[[CBS Interactive]]}}</ref> Because of these incidents, as well as other criticisms that Microsoft was not being active in protecting customers from threats, Microsoft decided to significantly improve both the functionality and the interface of Windows XP's built-in firewall, rebrand it as Windows Firewall,<ref>{{cite web|url=http://support.microsoft.com/kb/875357|title=Troubleshooting Windows Firewall settings in Windows XP Service Pack 2|date=October 19, 2004|work=Support|publisher=[[Microsoft]]|url-status=dead|archiveurl=https://web.archive.org/web/20041020065757/http://support.microsoft.com/kb/875357|archivedate=October 20, 2004}}</ref> and switched it on by default since Windows XP SP2. One of three profiles is activated automatically for each network interface:<ref>{{cite web|title=Network Location Awareness|url=https://technet.microsoft.com/en-us/library/cc753545(v=WS.10).aspx|publisher=[[Microsoft]]|work=[[Microsoft TechNet|TechNet]]|date=November 2, 2007}}</ref> *''Public'' assumes that the network is shared with the World and is the most restrictive profile. *''Private'' assumes that the network is isolated from the Internet and allows more inbound connections than ''public''. A network is never assumed to be ''private'' unless designated as such by a local administrator. *''Domain'' profile is the least restrictive. It allows more inbound connections to allow for file sharing etc. The ''domain'' profile is selected automatically when connected to a network with a domain trusted by the local computer. [[Security log]] capabilities are included, which can record [[IP address]]es and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. This security log is not enabled by default; the administrator must enable it.<ref>{{cite web|url=https://technet.microsoft.com/en-us/library/cc785939.aspx|title=Internet Connection Firewall security log|work=[[Microsoft TechNet|TechNet]]|publisher=[[Microsoft]]|date=January 21, 2005|url-status=dead|archiveurl=https://web.archive.org/web/20081110043733/http://technet.microsoft.com/en-us/library/cc785939.aspx|archivedate=November 10, 2008}}</ref> Windows Firewall can be controlled/configured through a [[Component Object Model|COM]] object-oriented API, scriptable through the [[netsh]] command,<ref>{{cite web|title=Appendix B: Netsh Command Syntax for the Netsh Firewall Context|url=https://technet.microsoft.com/en-us/library/bb490617.aspx|publisher=[[Microsoft]]|work=[[Microsoft TechNet|TechNet]]|date=December 17, 2004}}</ref> through the [[GUI]] administration tool<ref>{{cite web|title=User Interface: Windows Firewall with Advanced Security|url=https://technet.microsoft.com/en-us/library/dd448573(v=WS.10).aspx|publisher=[[Microsoft]]|work=[[Microsoft TechNet|TechNet]]|date=January 20, 2009}}</ref> or centrally through [[group policies]].<ref>{{cite web|title=Deploying Windows Firewall Settings With Group Policy|url=https://technet.microsoft.com/en-us/library/bb490626.aspx|publisher=[[Microsoft]]|work=[[Microsoft TechNet|TechNet]]|date=December 17, 2004}}</ref> All features are available regardless of how it is configured. == Versions == === Windows Neptune === In the unreleased [[Windows Neptune]], the firewall was introduced{{fact|date=April 2018}}. It is similar to the one found in Windows XP.<ref>{{cite web|url=http://windows.microsoft.com/en-us/windows-xp/help/networking/using-windows-firewall |title=Windows Firewall |publisher=[[Microsoft]] |work=[[Windows]]|accessdate=2015-11-30|url-status=dead|archiveurl=https://web.archive.org/web/20110611031556/http://windows.microsoft.com/en-us/windows-xp/help/networking/using-windows-firewall|archivedate=June 11, 2011}}</ref> === Windows XP === [[Image:Windows Firewall XP SP2.png|thumb|Windows Firewall settings in [[Windows XP Service Pack 2]].|alt=]] Windows Firewall was first introduced as part of Windows XP Service Pack 2. Every type of network connection, whether it is wired, wireless, VPN, or even FireWire, has the firewall enabled by default, with some built-in exceptions to allow connections from machines on the local network. It also fixed a problem whereby the firewall policies would not be enabled on a network connection until several seconds after the connection itself was created, thereby creating a window of vulnerability.<ref>{{cite web|url=http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx|title=Manually Configuring Windows Firewall in Windows XP Service Pack 2|date=February 2004|work=[[Microsoft TechNet|TechNet]]|publisher=[[Microsoft]]}}</ref> A number of additions were made to [[Group Policy]], so that Windows system administrators could configure the Windows Firewall product on a company-wide level. XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones. Windows Firewall turned out to be one of the two most significant reasons (the other being [[Distributed Component Object Model|DCOM]] activation security)<ref>{{cite web|url=http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngsecps.mspx#ECAA|title=Deploying Windows XP Service Pack 2 using Software Update Services|date=August 18, 2004|work=[[Microsoft TechNet|TechNet]]|publisher=[[Microsoft]]|quote=Factors to consider when using SUS to deploy Windows XP SP2}}</ref> that many corporations did not upgrade to Service Pack 2 in a timely fashion. Around the time of SP2's release, a number of Internet sites were reporting significant application compatibility issues, though the majority of those ended up being nothing more than ports that needed to be opened on the firewall so that components of distributed systems (typically backup and antivirus solutions) could communicate. Windows Firewall added [[IPv6]], which was not supported by its predecessor, Internet Connection Firewall.<ref>{{Cite web|url=https://technet.microsoft.com/en-us/library/bb726938.aspx|title=To configure IPv6 Internet Connection Firewall|date=February 2, 2006|website=[[Microsoft TechNet|TechNet]]|publisher=[[Microsoft]]}}</ref> Note that the DCOM problem can be solved by moving applications to DComLab's ComBridge protocol. === Windows Vista === [[Windows Vista]] improved the firewall to address a number of concerns around the flexibility of ''Windows Firewall'' in a corporate environment:<ref>{{cite web|url=http://www.microsoft.com/technet/community/columns/cableguy/cg0106.mspx|title=The New Windows Firewall in Windows Vista and Windows Server 2008|date=January 2006|work=[[Microsoft TechNet|TechNet]]|publisher=[[Microsoft]]}}</ref> * The firewall is based on the [[Windows Filtering Platform]]. * A new [[Microsoft Management Console|management console]] snap-in named ''Windows Firewall with Advanced Security'' which provides access to many advanced options, and enables remote administration. This can be accessed via Start -> Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security, or by running "wf.msc" * Outbound packet filtering, reflecting increasing concerns about [[spyware]] and [[Computer virus|viruses]] that attempt to "phone home". Outbound rules are configured using the management console. Notifications are not shown however for outbound connections. * With the advanced packet filter, rules can also be specified for source and destination IP addresses and port ranges. * Rules can be configured for services by its service name chosen by a list, without needing to specify the full path file name. * [[IPsec]] is fully integrated, allowing connections to be allowed or denied based on security certificates, [[Kerberos (protocol)|Kerberos]] authentication, etc. Encryption can also be required for any kind of connection. * Improved interface for managing separate firewall profiles. Ability to have three separate firewall profiles for when computers are domain-joined, connected to a private network, or connected to a public network (XP SP2 supports two profiles—domain-joined and standard). Support for the creation of rules for enforcing server and domain isolation policies. === Windows Server 2008 and Windows 7 === [[Windows Server 2008]] contains the same firewall as Windows Vista. The firewall in [[Windows Server 2008 R2]] and [[Windows 7]] contains some improvements, such as multiple active profiles.<ref>{{cite web|url=https://technet.microsoft.com/en-us/library/cc755158%28WS.10%29.aspx|title=What's New in Windows Firewall with Advanced Security|date=October 26, 2009|work=[[Microsoft TechNet|TechNet]]|publisher=[[Microsoft]]}}</ref> === Windows 10 === Changes to this component in Windows 10 are: * The change of name that occurred in the September 2017 update, known as the [[Fall Creators Update]] (codename Redstone 3). * Firewall service (mpssvc) cannot be stopped anymore. == See also == * [[List of Microsoft Windows components]] * [[Security and safety features new to Windows Vista]] * [[Personal firewall]] * [[Comparison of firewalls]] == References == {{Reflist}} ==Notes== <small> #{{note|ms03-026}} These multiple vulnerabilities were fixed by Microsoft over the course of several months; Microsoft security bulletins [https://web.archive.org/web/20050225010955/http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx MS03-026], [https://web.archive.org/web/20040603065110/http://www.microsoft.com/technet/security/bulletin/MS03-039.mspx MS03-039], and [http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx MS04-012] cover this in more detail. </small> ==External links== *[https://technet.microsoft.com/en-us/network/bb545423.aspx Windows Firewall with Advanced Security] on [[Microsoft TechNet]] {{Microsoft Security Products}} {{Windows Components}} {{Firewall software}} [[Category:Windows components|Firewall]] [[Category:Firewall software]] [[Category:Microsoft Windows security technology|Firewall]]'