You can get mad at Microsoft and scream at Windows 10 Firewall, but when you do, realize that at least part of the problem lies in the way the firewall has to work. It has to block packets that are trying to get in, unless you explicitly tell the firewall to allow them to get in.
Perhaps most infuriatingly, Windows Firewall blocks those packets by simply swallowing them, not by notifying the computer that sent the packet. Windows Firewall has to remain stealthy because if it sends back a packet that says, “Hey, I got your packet, but I can’t let it through,” the bad guys get an acknowledgment that your computer exists, they can probably figure out which firewall you’re using, and they may be able to combine those two pieces of information to give you a headache. It’s far better for Windows Firewall to act like a black hole.
Some programs need to listen to incoming traffic from the Internet; they wait until they’re contacted and then respond. Usually, you know whether you have this type of program because the installer tells you that you need to tell your firewall to back off.
If you have a program that doesn’t (or can’t) poke its own hole through Windows Firewall, you can tell WF to allow packets destined for that specific program — and only that program — in through the firewall. You may want to do that with a game that needs to accept incoming traffic, for example, or for an Outlook extender program that interacts with mobile phones.
To poke a hole in the inbound Windows 10 Firewall for a specific program:- Make sure that the program you want to allow through Firewall is installed.
- In the search box, next to the Start button, type firewall. Choose Allow an App through Windows Firewall.
Windows Firewall presents you with a lengthy list of programs that you may want to allow: If a box is selected, Windows Firewall allows unsolicited incoming packets of data directed to that program and that program alone, and the column tells you whether the connection is allowed for private or public connections.
Allow installed programs to poke through the firewall.These settings don’t apply to incoming packets of data that are received in response to a request from your computer; they apply only when a packet of data appears on your firewall’s doorstep without an invitation.
In the image above, the tiled Weather app is allowed to receive inbound packets whether you’re connected to a private or public network. Windows Media Player, on the other hand, may accept unsolicited inbound data from other computers only if you’re connected to a private network: If you’re attached to a public network, inbound packets headed for Windows Media Player are swallowed by the WF Black Hole (patent pending).
- Do one of the following:
- If you can find the program that you want to poke through the firewall listed in the Allow Programs list, select the check boxes that correspond to whether you want to allow the unsolicited incoming data when connected to a home or work network and whether you want to allow the incoming packets when connected to a public network. It’s rare indeed that you’d allow access when connected to a public network but not to a home or work network.
- If you can’t find the program that you want to poke through the firewall, you need to go out and look for it. Tap or click the Change Settings button at the top, and then tap or click the Allow Another App button at the bottom. You have to tap or click the Change Settings button first and then tap or click Allow Another Program. It’s kind of a double-down protection feature that ensures you don’t accidentally change things.
Windows Firewall goes out to all common program locations and finally presents you with the Whack a Mol … er, Add an App list like the one shown here. It can take a while.
Allow a program (that you’ve thoroughly vetted!) to break through the firewall.
- Choose the program you want to add, and then tap or click the Add button.
Realize that you’re opening a potential, albeit small, security hole. The program you choose had better be quite capable of handling packets from unknown sources. If you authorize a renegade program to accept incoming packets, the bad program could let the fox into the chicken coop.
You return to the Windows Firewall Allowed Apps list, and your newly selected program is now available.
- Select the check boxes to allow your poked-through program to accept incoming data while you’re connected to a private or a public network. Then tap or click OK.
Your poked-through program can immediately start handling inbound data.
In many cases, poking through Windows Firewall doesn’t solve the whole problem. You may have to poke through your modem or router as well — unsolicited packets that arrive at the router may get kicked back according to the router’s rules, even if Windows would allow them in. Unfortunately, each router and the method for poking holes in the router’s inbound firewall differ. Check Portforward.com for an enormous amount of information about poking through routers.