From 995eb60e9fab4c4a54c6d325708d064c670433cd Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Mon, 26 Mar 2018 11:41:06 +0200 Subject: [PATCH] Block more programs / applications with firewall --- modules.d/FW_ProgramsApps.conf | 172 +++++++++++++++++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100644 modules.d/FW_ProgramsApps.conf diff --git a/modules.d/FW_ProgramsApps.conf b/modules.d/FW_ProgramsApps.conf new file mode 100644 index 0000000..84b7297 --- /dev/null +++ b/modules.d/FW_ProgramsApps.conf @@ -0,0 +1,172 @@ +{ + "Name" : "Applications (Firewall)", + "Description" : "This module Add a firewall rule to desactivate some windows program / application net traffic", + "actions" : + [ + { + "action" : "FwBlockProgram", + "name" : "explorer", + "path" : "$env:systemroot\\explorer.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "SystemSettings", + "path" : "$env:systemroot\\ImmersiveControlPanel\\SystemSettings.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "BgTaskHost", + "path" : "$env:systemroot\\System32\\backgroundTaskHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "BgTransfertHost", + "path" : "$env:systemroot\\System32\\BackgroundTransferHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "BrowserBroker", + "path" : "$env:systemroot\\System32\\browser_broker.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "CompatTelRunner", + "path" : "$env:systemroot\\System32\\CompatTelRunner.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "DmClient", + "path" : "$env:systemroot\\System32\\dmclient.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "InstallAgentUserBroker", + "path" : "$env:systemroot\\System32\\InstallAgentUserBroker.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "lsass", + "path" : "$env:systemroot\\System32\\lsass.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "msfeedssync", + "path" : "$env:systemroot\\System32\\msfeedssync.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "run32dll", + "path" : "$env:systemroot\\System32\\rundll32.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "SettingSyncHost", + "path" : "$env:systemroot\\System32\\SettingSyncHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "SIHClient", + "path" : "$env:systemroot\\System32\\SIHClient.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "SmartScreen", + "path" : "$env:systemroot\\System32\\smartscreen.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "TaskHostw", + "path" : "$env:systemroot\\System32\\taskhostw.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WmiPrvSE", + "path" : "$env:systemroot\\System32\\wbem\\WmiPrvSE.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WerFault", + "path" : "$env:systemroot\\System32\\WerFault.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WerMgr", + "path" : "$env:systemroot\\System32\\wermgr.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "Wsqmcons", + "path" : "$env:systemroot\\System32\\wsqmcons.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WWAHost", + "path" : "$env:systemroot\\System32\\WWAHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "ContactSupport", + "path" : "$env:systemroot\\systemapps\\ContactSupport_cw5n1h2txyewy\\ContactSupport.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "Edge", + "path" : "$env:systemroot\\systemapps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "cleanw10_Cortana", + "path" : "$env:systemroot\\systemapps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "BackgroundTaskHost64", + "path" : "$env:systemroot\\SysWOW64\\backgroundTaskHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "BackgroundTransferHost64", + "path" : "$env:systemroot\\SysWOW64\BackgroundTransferHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "InstallAgentUserBroker64", + "path" : "$env:systemroot\\SysWOW64\\InstallAgentUserBroker.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "MsFeedsSync64", + "path" : "$env:systemroot\\SysWOW64\\msfeedssync.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "rundll3264", + "path" : "$env:systemroot\\SysWOW64\\rundll32.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "SettingSyncHost64", + "path" : "$env:systemroot\\SysWOW64\\SettingSyncHost.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WmiPrvSE64", + "path" : "$env:systemroot\\SysWOW64\\wbem\\WmiPrvSE.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WerFault64", + "path" : "$env:systemroot\\SysWOW64\\WerFault.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WerMgr64", + "path" : "$env:systemroot\\SysWOW64\\wermgr.exe" + }, + { + "action" : "FwBlockProgram", + "name" : "WWAHost64", + "path" : "$env:systemroot\\SysWOW64\\WWAHost.exe" + } + ] +}