How to Block Apps from Accessing the Internet in Windows Firewall

Blocking an application from accessing the internet using Windows Firewall is done by creating an outbound rule. This rule tells the firewall to prevent any outgoing connections initiated by that specific program. The process is straightforward and uses the built-in “Windows Defender Firewall with Advanced Security” console.

Step 1: Open Windows Defender Firewall with Advanced Security

There are a few ways to access the advanced firewall settings.

  1. Using Search (Recommended):
    • Click the Start button or press the Windows key.
    • Type “Windows Defender Firewall with Advanced Security” (or just “firewall advanced settings”) and press Enter, or click the matching result.
  2. Using Run Command:
    • Press Windows Key + R to open the Run dialog.
    • Type wf.msc and press Enter.
  3. Through Settings/Control Panel:
    • Go to Settings > Network & internet > Advanced network settings > Windows Firewall > Advanced settings.
    • Alternatively, open Control Panel > System and Security > Windows Defender Firewall, then click “Advanced settings” on the left pane.

Step 2: Navigate to Outbound Rules

Once the “Windows Defender Firewall with Advanced Security” window is open, you’ll need to create a new rule for outgoing connections.

  1. In the left-hand pane, click on “Outbound Rules.” This section lists all the rules that govern traffic leaving your computer.

Step 3: Create a New Rule

Now, you’ll initiate the New Outbound Rule Wizard.

  1. In the right-hand pane (Actions pane), click on “New Rule…” This will open a wizard that guides you through the process.

Step 4: Configure the Rule Type (Program)

The wizard will ask you what type of rule you want to create.

  1. On the “Rule Type” page, select “Program.” This indicates that you want the rule to apply to a specific application or executable file.
  2. Click “Next.”

Step 5: Specify the Program Path

This is where you tell the firewall exactly which application to block.

  1. On the “Program” page, select “This program path.”
  2. Click the “Browse…” button.
  3. Navigate to the executable file (.exe) of the app you want to block.
    • Most programs are located in C:\Program Files\ or C:\Program Files (x86)\.
    • For example, if you want to block a game, navigate to its installation folder and find its main .exe file.
    • Tip: If the program is currently running, you can find its .exe path via Task Manager. Press Ctrl + Shift + Esc, go to the “Details” tab, find the process name, right-click it, and select “Open file location.” Copy the path from the address bar.
  4. Once you’ve selected the .exe file, click “Open.” The path will now be filled in the wizard.
  5. Click “Next.”

Step 6: Define the Action (Block the Connection)

This step specifies what the rule should do when the program tries to connect.

  1. On the “Action” page, select “Block the connection.”
    • Note: You’ll see other options like “Allow the connection” (which you’d use for inbound rules or exceptions) and “Allow the connection if it is secure.”
  2. Click “Next.”

Step 7: Specify the Profiles

You need to tell Windows Firewall when this rule should apply. Network profiles define different security settings for different network types.

  1. On the “Profile” page, select the network profiles to which this rule should apply:
    • Domain: Applies when your computer is connected to a corporate domain network (e.g., at work).
    • Private: Applies when your computer is connected to a private network (e.g., your home Wi-Fi).
    • Public: Applies when your computer is connected to a public network (e.g., a coffee shop Wi-Fi, airport Wi-Fi).
  2. For maximum blocking: It’s generally recommended to check all three boxes (Domain, Private, Public) to ensure the app is blocked regardless of the network you’re connected to.
  3. Click “Next.”

Step 8: Name Your Rule and Finish

Give your rule a descriptive name so you can easily identify it later.

  1. On the “Name” page:
    • Enter a “Name” for your rule (e.g., “Block [App Name] Internet Access”).
    • Optionally, add a “Description” for more details (e.g., “Blocks [App Name] from connecting to the internet to save bandwidth and improve privacy.”).
  2. Click “Finish.”

Your new rule will now appear in the “Outbound Rules” list. The app you specified will no longer be able to access the internet. You can disable the rule temporarily (right-click the rule > Disable Rule) or delete it permanently (right-click > Delete) if you wish to restore internet access to the application.

Important Considerations and Best Practices

  • Administrator Privileges: You must have administrator rights on your Windows PC to create or modify firewall rules.
  • Locating .exe Files: Sometimes, an application might have multiple .exe files, or its main executable might be nested deep within folders. Use Task Manager’s “Open file location” feature if you’re unsure.
  • System Processes: Be cautious when blocking system processes (e.g., svchost.exe, System). Blocking critical Windows processes can lead to system instability or malfunction. Only block processes if you are certain of their function and necessity.
  • Inbound vs. Outbound Rules: This guide focuses on Outbound Rules to prevent apps from connecting out to the internet. Inbound Rules govern traffic coming into your computer, typically used to block external threats or allow specific incoming connections (e.g., for a game server).
  • Advanced Options: The New Rule Wizard offers “Custom” rules for highly specific scenarios, allowing you to define ports, protocols, and IP addresses. For simply blocking an app’s internet access, the “Program” rule is sufficient.

By following these steps, you can effectively manage which applications on your Windows PC can access the internet, enhancing your privacy and control over your system’s network behavior.

Frequently Asked Questions (FAQ)

Q1: Why would I want to block an app from accessing the internet using Windows Firewall?

A1: There are several reasons:

  • Privacy: Prevent apps from sending usage data, telemetry, or personal information without your knowledge.
  • Bandwidth Saving: Stop background updates or excessive data usage from non-essential apps.
  • Security: Isolate potentially untrustworthy software or prevent malware from communicating with command-and-control servers.
  • Offline Play: Force games to run in offline mode to avoid online requirements or distractions.
  • License Validation: Sometimes, blocking an app’s internet access can prevent it from validating its license online, which might be desired for older software where online activation is no longer supported (use with caution and only for legitimate purposes).

Q2: Does blocking an app’s outbound connection also block inbound connections?

A2: No. An outbound rule specifically prevents connections originating from your computer that the blocked app tries to make. To block connections coming into your computer that target that app, you would need to create a separate inbound rule for the same program. For most common uses like preventing an app from “phoning home,” an outbound rule is sufficient.

Q3: What if I block the wrong program or want to unblock an app later?

A3: You can easily manage the rules you create.

  1. Open Windows Defender Firewall with Advanced Security.
  2. Go to Outbound Rules.
  3. Find the rule you created (using the name you assigned).
  4. To temporarily unblock: Right-click the rule and select “Disable Rule.”
  5. To permanently unblock: Right-click the rule and select “Delete.”

Q4: Can I block internet access for all apps except a few specific ones?

A4: Yes, this is known as a whitelist approach. It’s more secure but requires more effort. Instead of creating outbound rules to block specific apps, you would:

  1. Change the default outbound behavior of your firewall to “Block” for all profiles (Domain, Private, Public). You can do this by right-clicking “Windows Defender Firewall with Advanced Security on Local Computer” (top-left) > Properties, and then changing “Outbound connections” to “Block” for each profile tab.
  2. Then, create “Allow” outbound rules for only the specific applications you want to grant internet access to (e.g., your web browser, email client). This method ensures that anything not explicitly allowed is blocked.

Q5: Will blocking an app from accessing the internet affect its offline functionality?

A5: Generally, no. If an app has features that work entirely offline (e.g., a word processor, a single-player game that doesn’t require online validation), those features should continue to work normally even if its internet access is blocked by the firewall. However, any features that rely on an internet connection (e.g., updates, cloud sync, multiplayer modes, license checks) will stop working.