Who/what is changing my firewall rules ?

[jhg]

Dear forum.
Im running strict rules for my firewall but every 3-6 months Im finding all my firewall rules are changed and computer is changed to wide open in the windows 10 software, like its gone back to default settings.

Iam the only user of this computer as I have high sensitive data in it. Computer is kept locked in a safe and Im having several password levels. The only application Im allowing through the firewall is win defender and a vpn for the webbrowser, in & outbound data. Im checking my firewall status and rules several times every week and with 3-6 months intervall Im finding all my fire wall rules changed, deleted, and computer wide open.

All windows updates is disabled in registry, ram is efficiently wiped in a special manner. Only thing allowed updating is windows defender updated every day and one extra, quite unusual virus protection I have great confidence in. I have a external passive network listener and can see my computer is not leaking data in any direction besides cookies which poses me believe it is a windows 10 "function", the external sniffer is mainly for tracking who is trying to access my data. Unfortunately I must use win 10 for some applications so I need to figure out what opens up the win 10 part, it is a security hole I must close. The only instability in the win 10 software is the firewall rules, nothing else and have so been for three years.

How/who/why/what is changing my firewall rules in windows 10 ? Any ideas most appreciated.

Kindly jhg.

 

[Tim Locke]

If I had to seriously protect a PC type computer from the outside world I would buy or build a PFsense box.
Pfsense will run on any old pc hardware ..all you need really is two or more Ethernet ports. Actually running on a real Intel or AMD PC gives more power than is needed by a large margin.
The company sells ready built boxes from a small home office size to enterprise versions.

If you go PFsense and configure it carefully , strong passwords etc. nobody will change you firewall rules

 

[jhg]

@Tim Locke : Thank you for advice. Without revelaing too much I allready have something similar in place.
I just feel I want to get a grip of what is creating unwanted changes to the win firewall, Im most worried this process may affect something else than the computer local firewall that I believe Im currently in control of =0)

Edit . The hacking industry is ever evolving and currently I believe I have protection for foreseen riscs but the only thing i can be assured of is that i will be exposed to riscs I have not foreseen and at this occassion I would highly appreciate the win firewall to behave as expeceted, hackers almost always exploit known open ports opened by windows so here is where I would like to start, closing ports not used.

 

[davehc]

Te event viewer should give some indication of changes, or interference, in your firewall.
But, tongue in cheek. You have managed to find away to turn off mandatory Windows 10 updates. Often the major updates include handling potential attacks. It is (rarely) possibly that a published intrusion was dealt with in one of those updates.
I have , after reading your post, examined my firewall settings. Compared to a very early backup I keep, I cannot see any changes in mine.
You can see if there is any reported interference by using the settings - Update and security - Windows Security - Windows Security, and seeing if there is any comment in the "health" section.

 

[jhg]

@davehc : Dear dave, thank you for good advice. I will have a look at the event viewer again, problem is I tend to not see important events after scrolling through for a while but you are perfectly right, it is here I should search, my bad.

You gave me a great idea, is there a possibility keeping a backup of only the firewall settings and shoot back if altered ? sort of parameter file as it takes forever tinker through the complete fire wall rule list ? I do expect this possibility not available as that would be quite a handy tool for a hacker =0)

 

[Tim Locke]

@Tim Locke : Thank you for advice. Without revelaing too much I allready have something similar in place.
I just feel I want to get a grip of what is creating unwanted changes to the win firewall, Im most worried this process may affect something else than the computer local firewall that I believe Im currently in control of =0)

Edit . The hacking industry is ever evolving and currently I believe I have protection for foreseen riscs but the only thing i can be assured of is that i will be exposed to riscs I have not foreseen and at this occassion I would highly appreciate the win firewall to behave as expeceted, hackers almost always exploit known open ports opened by windows so here is where I would like to start, closing ports not used.

I don't know what your 'something similar' is. Either it is a real firewall, separate from Windows or it is not. If it is then why would you care what Windows firewall does. But 'real' firewalls are not always that easy to set up and I bet it is easy to miss something.
If is not and you are relying on the Defender system which Windows firewall is now a part of maybe you are missing some rules. OR Windows firewall itself is missing some rules that you need. OR the IPV6 part of Windows firewall is not very good and letting stuff through ( I might suspect that as nowadays Windows prefers IPV6 as a protocol internally and I wouldn't be surprised if Microsoft doesn't use V6 for updates and so on) .

 

[Trouble]

is there a possibility keeping a backup of only the firewall settings and shoot back if altered ?

Does this help.....
https://www.oueta.com/microsoft/backup-and-restore-windows-firewall-rules/