2

I've tried using Get-NetFirewallRule | fl * to see if I can tell the difference between Windows Firewall rules that were created by 3rd party programs vs rules that are native and present by default in Windows Firewall, but I couldn't.

Is there any command, script or .NET method that can do that? want to list all non-native ones.

The only difference I can see between Windows built-in Firewall rules and Firewall rules created by 3rd party programs is that Windows built-in rules always have Group names and are placed in groups, but 3rd party Firewall rules don't have groups, of course they can have groups too but so far, at least on my computer, they don't. looking for a more concrete identifier though.

Update: another Identifier I can see is that in the "Program" section of all Windows built-in Firewall things like this exist:

  1. %SystemRoot%\*
  2. System
  3. SYSTEM

Although I haven't figured out how I can use that. I'm not sure if 3rd party Firewall rules can use system or SYSTEM too or what program system even is exactly.

  • You can find out by looking at the properties of those objects to see if there is any indicator of "native and present by default". (I would be surprised if there was such a property.) – Bill_Stewart Jan 10 '23 at 15:37
  • I don't see how you can besides keeping a list of the original rules and doing a compare-object. Plus there's a lot of user appx rules. – js2010 Jan 10 '23 at 16:03
  • Okay that's also a good idea. I know Windows keeps the default rules stored somewhere but not sure where (because Windows Firewall GUI lets you instantly restore default rules). if we can get that file and extract the rules from it, then compare them with the currently set rules, we can find the ones that are not default, right? –  Jan 10 '23 at 16:08
  • I wouldn't know where that is. – js2010 Jan 10 '23 at 16:31
  • "I know Windows keeps the default rules stored somewhere": Probably not in a way that's accessible to you. It may just be in the development team's source code. – Bill_Stewart Jan 11 '23 at 20:28

0 Answers0