Windows Firewall (officially called Microsoft Defender Firewall in

Windows 10 version 2004 Windows 10 May 2020 Update (also known as version 2004 and codenamed "20H1") is the ninth major update to Windows 10. It carries the build number 10.0.19041. Version history The first preview was released to Insiders who opted in to the exclusive ...

and later) is a

firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...

component of Microsoft Windows. It was first included in

Windows XP SP2 Windows XP is a major release of Microsoft's Windows NT operating system. It was release to manufacturing, released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Wind ...

and Windows Server 2003 SP1. Before the release of Windows XP Service Pack 2, it was known as the "Internet Connection Firewall."

Overview

When Windows XP was originally shipped in October 2001, it included a limited firewall called "Internet Connection Firewall". It was disabled by default due to concerns with backward compatibility, and the configuration screens were buried away in network configuration screens that many users never looked at. As a result, it was rarely used. In mid-2003, the

Blaster worm Blaster (also known as Lovsan, Lovesan, or MSBlast) was a computer worm that spread on computers running operating systems Windows XP and Windows 2000 during August 2003. The worm was first noticed and started spreading on August 11, 2003. The ...

attacked a large number of Windows machines, taking advantage of flaws in the RPC Windows service. Several months later, the Sasser worm did something similar. The ongoing prevalence of these worms through 2004 resulted in unpatched machines being infected within a matter of minutes. Because of these incidents, as well as other criticisms that Microsoft was not being active in protecting customers from threats, Microsoft decided to significantly improve both the functionality and the interface of Windows XP's built-in firewall, rebrand it as Windows Firewall, and switched it on by default since Windows XP SP2. One of three profiles is activated automatically for each network interface: *''Public'' assumes that the network is shared with the World and is the most restrictive profile. *''Private'' assumes that the network is isolated from the Internet and allows more inbound connections than ''public''. A network is never assumed to be ''private'' unless designated as such by a local administrator. *''Domain'' profile is the least restrictive. It allows more inbound connections to allow for file sharing etc. The ''domain'' profile is selected automatically when connected to a network with a domain trusted by the local computer. Security log capabilities are included, which can record

IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...

es and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. This security log is not enabled by default; the administrator must enable it. Windows Firewall can be controlled/configured through a

COM Com or COM may refer to: Computing * COM (hardware interface), a serial port interface on IBM PC-compatible computers * COM file, or .com file, short for "command", a file extension for an executable file in MS-DOS * .com, an Internet top-level d ...

object-oriented API, scriptable through the

netsh In computing, netsh, or network shell, is a command-line utility included in Microsoft's Windows NT line of operating systems beginning with Windows 2000. It allows local or remote configuration of network devices such as the interface. Overview ...

command, through the

GUI The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...

administration tool or centrally through

group policies Group Policy is a feature of the Microsoft Windows NT family of operating systems (including Windows 7, Windows 8.1, Windows 10, Windows 11, and Windows Server 2003+) that controls the working environment of user accounts and computer accounts. G ...

. All features are available regardless of how it is configured.

Versions

Windows Neptune

In the unreleased

Windows Neptune __NOTOC__ Neptune was the codename for a version of Microsoft Windows under development in 1999. Based on Windows 2000, it was to replace the Windows 9x series and was scheduled to be the first home consumer-oriented version of Windows built on Wi ...

, the firewall was introduced. It is similar to the one found in Windows XP.

Windows XP

Windows Firewall was first introduced as part of Windows XP Service Pack 2. Every type of network connection, whether it is wired, wireless, VPN, or even FireWire, has the firewall enabled by default, with some built-in exceptions to allow connections from machines on the local network. It also fixed a problem whereby the firewall policies would not be enabled on a network connection until several seconds after the connection itself was created, thereby creating a window of vulnerability. A number of additions were made to

Group Policy Group Policy is a feature of the Microsoft Windows NT family of operating systems (including Windows 7, Windows 8.1, Windows 10, Windows 11, and Windows Server 2003+) that controls the working environment of user accounts and computer accounts. G ...

, so that Windows system administrators could configure the Windows Firewall product on a company-wide level. XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones. Windows Firewall turned out to be one of the two most significant reasons (the other being DCOM activation security) that many corporations did not upgrade to Service Pack 2 in a timely fashion. Around the time of SP2's release, a number of Internet sites were reporting significant application compatibility issues, though the majority of those ended up being nothing more than ports that needed to be opened on the firewall so that components of distributed systems (typically backup and antivirus solutions) could communicate. Windows Firewall added

IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...

, which was not supported by its predecessor, Internet Connection Firewall.

Windows Vista

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...

improved the firewall to address a number of concerns around the flexibility of ''Windows Firewall'' in a corporate environment: * The firewall is based on the

Windows Filtering Platform Windows Filtering Platform (WFP) is a set of system services in Windows Vista and later that allows Windows software to process and filter network traffic. Microsoft intended WFP for use by firewalls, antimalware software, and parental controls a ...

. * A new management console snap-in named ''Windows Firewall with Advanced Security'' which provides access to many advanced options, and enables remote administration. This can be accessed via Start -> Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security, or by running "wf.msc" * Outbound packet filtering, reflecting increasing concerns about

spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their privac ...

and

viruses A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsky's 1 ...

that attempt to "phone home". Outbound rules are configured using the management console. Notifications are not shown however for outbound connections. * With the advanced packet filter, rules can also be specified for source and destination IP addresses and port ranges. * Rules can be configured for services by its service name chosen by a list, without needing to specify the full path file name. *

IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...

is fully integrated, allowing connections to be allowed or denied based on security certificates, Kerberos authentication, etc. Encryption can also be required for any kind of connection. * Improved interface for managing separate firewall profiles. Ability to have three separate firewall profiles for when computers are domain-joined, connected to a private network, or connected to a public network (XP SP2 supports two profiles—domain-joined and standard). Support for the creation of rules for enforcing server and domain isolation policies.

Windows Server 2008 and Windows 7

Windows Server 2008 Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on Fe ...

contains the same firewall as Windows Vista. The firewall in

Windows Server 2008 R2 Windows Server 2008 R2 is the fifth version of the Windows Server operating system produced by Microsoft and released as part of the Windows NT family of operating systems. It was released to manufacturing on July 22, 2009, and became General av ...

and

Windows 7 Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009. It is the successor to Windows Vista, released nearly ...

contains some improvements, such as multiple active profiles.

Windows 10

Changes to this component in Windows 10 are: * The change of name that occurred in the September 2017 update, known as the

Fall Creators Update Windows 10 Fall Creators Update (also known as version 1709 and codenamed "Redstone 3") is the fourth major update to Windows 10 and the third in a series of updates under the Redstone codenames. It carries the build number 10.0.16299. PC version ...

(codename Redstone 3). * Firewall service (mpssvc) cannot be stopped anymore.

References

Notes

# These multiple vulnerabilities were fixed by Microsoft over the course of several months; Microsoft security bulletin
MS03-026MS03-039
an
MS04-012
cover this in more detail.

External links

Windows Firewall with Advanced Security
on

Microsoft TechNet Microsoft TechNet was a Microsoft web portal and web service for IT professionals. It included a library containing documentation and technical resources for Microsoft products, a learning center which provides online training, discussion forums ...

{{Firewall software

Firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...

Firewall software