How to use Windows Firewall to block Hackers and Malware 

We will have a live discord workshop and hangout to discuss some of the concepts in this video, building a malware lab etc. Make sure you sign up in the events section of our discord if you'd like to attend next week: discord.com/invite/XyM5SJqZ?event=1112466823535919194

Just so you know, the example script you showed could potentially have a huge vulnerability, because if the server hosting that file with the IPs ever gets compromised, an attacker could basically inject whatever Powershell command they want in place of the "ip" that you're appending to the command string, and just like that they can perform arbitrary remote code execution on your PC.

Great video, just ensure that the list has IP numbers in the correct format, so to avoid code injection.

Imagine blocking Microsoft using Windows Firewall

awesome vid dude thank you! im getting into cyber security, doing a course so i can get my foot through the door an stuff like this is so helpful on my journey. The reason i decided to get into cyber sec is because I was playing a game one night and some dude got mad an hit me offline, i couldnt play for a whole day almost. With zero knowledge on how to combat that I was like yeah I wanna learn this stuff an so here I am. Thanks again! I look forward to learning more stuff from your vids! cheers!

Hi there, it was one of the best tutorial videos you made and shared with us. kindly upload more like this content regarding the block Vulnerable IP to protect more on Windows and router. thnx

Thanks for the cool guide! I did the same thing but with powershell and it makes one rule for inbound and one for outbound. It works great and downloads the list for me as well.

Leo, you are talking to normal people here. Unless you show us all step by step from a blank start,this is very good content for tech heads, clear to me and maybe most as Mud.

Very informative video. I actually started building a small tool to check for blacklisted IPs using the same resource.

Thanks for the video - I went down a slightly different path. Firstly - I wasn't sure when you said "delete all the rules every day" you meant the default ones windows already had, so that wasn't clear at all. If you were deleting your firewall rules everyday, a good script would include a command line to backup the firewall rules that are already there before deletion. Not all of us are gurus so a safe backup practise is very healthy :) Also, secondly, I go back a bit :) am over 50 (used the text based early internet) and remember using a program called peerblock. Love it or hate it, it is still to my surprise available to download. It's also portable. I don't recommend anyone use it BUT it does give the option of leaving the firewall (and settings untouched). By me using this program ( a proof of concept too) it was able to suck up the complete block list :) For it to work it needs to run all the time. Back in the day it was popular but then unpopular probably because someone worked out how to bypass it........... Still really appreciate these videos and learned about the abuse list from it, Thanks so much......!

I would love to have a list of malicious Microsoft IP's that were updated daily and implemented the way you demonstrated... What I have done manually is blocking the Windows Search executable, it works well, although it delays the local search function a bit. Thanks for this interesting video!

@TPSC Just to stay safe, when parsing those IP addresses, you can create a regex pattern that would match only IP addresses and nothing else. That would make the process of injecting remote code much more difficult.

Added these blocklists on my router. Thanks.

ended up using openai to fix whatever happened with the text extracted from the screenshot that I tooked and it works, thx 👍

when i click on a recent video on your channel my cat jumps onto my lap and watches the whole thing with me

Good video Leo I knew about this already i have Bitdefender but if you are on a budget or you love windows Firewall this is a good thing to do. I would set the rules manually though.

Dude awesome video I am a fast learner, love learning new stuff would love to do everything u did in this tutorial foresure just reinstalled windows 11, and realizing how powerful you can make Defender is very cool, save cash too. Would love to learn more alot more on security basic to corporate, and to learn how to see things always from other views. If you have had time to read this or can think of anything I could jump to other links I would appreciate that, as well as becoming part of the community cheers for now.

Thanks took some trys never coded much before

awesome one mate✔️😛

In addition, you can make this more automated by adding a task to task scheduler to run this script every day using pythonw, so you don't get the terminal popup while using your computer.

The proper way to do it is at the firewall/router level! A proper malware that came through phishing would have no problem disabling the windows firewall completely.

Wouldn't it be better to use 1 rule with multiple ips? But otherwise nice learning!

Hi, Thanks for the to the point video. I do have one comment, in my opinion it would be more clean to have one "BadIP" rule with all the IP address in it instead of having 100+ firewall rules. can you also show how to do that with the python script?

nice and informative, thanks!

Muchas gracias por el video, muy buena idea.

Fantastic thank you

You could do this on every host but i think it would be way smarter to do this on a central router/firewall solution like pfsense/opnsense or a commercial solution.

Not sure how the performance is affacted by the Windows Firewall itself. But if it behaves like the hosts file it... will be pretty much unusable after a certain point, since it will become somewhat unresponsive for minutes. But still an interesting idea, it's still somehow sad that we lack a simple solution to basically have a pihole in your PC itself (since those are hard to get still and became pricey aswell).

Great stuff. I used your script but it wasn’t adding in the rules. With help of ChatGpt, I managed to make few changes and it is running perfectly in my Windows 11 22H2 version. Thank you 🙏

Can we apply this method to the programs that we use but are constantly controlled? For example, we use program A without a license. to its own company so that it does not hinder its use. Does it prevent you from sending information?

Really nice.

do you have a video on how you setup these testing machines? i want to learn how to setup mine so I can test programs etc

Can you not just add all IPs to one rule insteald of creating a single rule for each IP? Would be faster, right?

Thank you

It would be nice to make the script available to download for those who are not into programming and scripting. Please

Is 365 referencing this site already? Or do we have to add IOC list and if so, how do we keep that updated without a CSV pull via PS

When I get pop ups to allow a game to use the firewall I decline it and the game still works. I checked the firewall rules and in some cases windows just allowed it anyway, in other it is not selected as allowed, but still works anyway.

Thank you for your informative video, was wondering where I can get your script please?

if I wish to add the link from this file then how to do without automation ?

Yo! Can you do a video on the virus that was in Minecraft mods recently? Would like to know more about it and see what all it does. I thankfully wasn't infected but perhaps you can see what all the virus touches and messes with.

Hey TPSC , What is the way that I can get a copy of that script that you wrote to have all of those Bad IP's blocked by Windows Firewall?

Hello love videos question what's the best firewall I use Windows Firewall and Antimalware bytes also what would you recommend for security

I just use Simplewall and block everything I don't need or what I don't understand why it wants to connect.

i reinstall windows every other day, and i tend to export my setting and then convert it to a script be it app settings, registry tweaks etc to a .bat or .cmd i wanted to know if the ips can be added onto one entry instead of having 1000s firewall entrys to keep it organised yknow...well ill be trying to configure it thank you

Great content as always. Next phase: How to block windows spyware using windows defender

Nice video dude, but I’m getting in doubt. Recently I decided to replace the Windows Defender to Bitdefender Antivirus Free version + comodo firewall and I’ve noticed gains over performance. Here’s my question should I use my actual combo with this tool? or I’m safe with Bitdefender + comodo? (i know that my pc can be susceptible to attacks or any kind of virus) I hope someone can guide me

where can i find this script? and does comodo firewall automatically block the bad ips with their updates?

Please do another top anti-virus tier list video

I use Skynet Firewall available for Asus routers with Merlin firmware

Why not block these IP addresses using the host file that way they never come in to begin with where is the firewall still a better idea because it can block both directions? Will this slow down the firewall? How can we get a copy of this script? I don't see a link for it in the description.

Could you make a video on how you would setup a fresh install of Windows 11?

Keep in mind that if you create a lot of rules in Windows Defender it will unfortunately slow down your internet speeds. (This comment was made in error, read further comments below)

This video is great from beginner to protect PC from hacker and malware, but I create program same as you but I really got error in my program, the error code is: IndexError: list index out of range in code: ip = row[1]. How to fix this error? Thank you.

Now what about what is the best free firewall? Is Comodo firewall good, I have that along side with my antivirus. (And I also have Crowdsec)

can your script subnet them to make the list smaller ??

Is Malwarebytes good compare to what you showed on your video.

Does not Malwarebytes Premium do this sort of thing? I have it and it constantly blocks sites.

Need some soft to automate process, everyday download file and update list in firewall, but nice thing, i like it

Love your videos! Keep up the awesome work!

By adding all those rules, will that slow down a pc or internet browsing?

Couldn't you use something like peerblock and add this list?

how can i run the python script by pulling in a admin command prompt screen

so do these rules expire ? Or the IP is blocked indefinitely, because that seems like it could cause some issues as those IPs may be used for legitimate services in the future

Could you do that with a batch file ?

How is this different from a Host file?

If using a pi-hole, will be this redundant?

I believe I can simply use the mentioned blocklist with my Pihole ?

Would like to have this script. Please and thank you. Also, will this script work in PiHole on a network wide basis?

I made a very similar script for the Half-Life 2 Deathmatch community since there is a malicious server that spams the server list with fake redirection servers.

Does that Python script clear the old rules and start over?

Is this available for home routers, like ASUS, Netgear, etc?

where to download script?

Would an anti-virus like Bit Defender already have those IPs black listed?

I'm sure if I tried scripting that in Powershell, I would get errors for every line..

where is the file to download

Hey man can you make a vedio of how to make a constantly swapping or bouncing ip I really need it

that great, can please give another video for getting all adult websites list, with blocking them. Also automate this on windows startup.

Comodo Firewall vs Windows Firewall which is better?

Very good channel and my question is illegal apps in Play store installing my phone how much dangerous

Can I set this on inbound as well?

i dont use that i use norton smart firewall that comes with norton 360 delux plus for up to 5 devices

where i can copy the python script ?

Newbie question, but can a bad ip become a good ip? You know, a year has passed, the person or malware that used that ip no longer exists and the number is allocated to something else.

can you make a video for safing port master program

nice video, i do already a .bat for do the same thing but when i enable the firewall my connection interrupt :/

Will it be possible to use the firewall as an ad blocker?

how i can dowload the script? very useful thx for the work.

Where can i get the script and what do i edit it with?

I just let Sordum's freeware Firewall App Blocker in whitelist mode and never have to deal with Windows Defender GUI itself. You can just add EXEs, processes and even folders into the window and voilá. Firewall configured in 5 seconds.

I can’t put my script in the command prompt

I use router Parental Controls feature to block malware and adult IP

Why not just use Simplewall?

I recommend: Loaris Trojan Remover, Malwarebytes, and any Endpoint security.

Wait, what? 7:58 "As far as I'm aware I've never really seen Windows firewall block the malware IPs I test with." Can you clarify? I used to manually set a lot of Windows firewall rules, and they did work. I also set rules to deny any application that wasn't whitelisted. It just got too cumbersome.

i am trying to make this script run and i get an error on line 9 as the following SyntaxError: '(' was never closed i have typed mycsv = csv.reader(filter(lambda x: not x.startswith(#), response.splitlines())) what have i written wrong ? help me out

Can we use a pihole to block all these ip adressed ?

Hello if you whant a better defender software go to peer to peer blocker. You make your firewalls. Tanks.

Portmaster for the win

What is this program in 6:39? how do i do this code?

Won't your PC overheat the CPU?