What are the risks of allowing applications through a firewall?

There are two ways of allowing an application through a firewall. Both of them are risky:

  • Adding an application to the list of allowed applications (less risky).

  • Opening a port (more risky).

When you add an application to the list of allowed applications in a firewall – sometimes called unblocking – or when you open a firewall port, you allow a specific application to send information to or from your PC through the firewall, as though you've drilled a hole in the firewall. This makes your PC less secure and might create opportunities for hackers or malware to use one of those openings to get to your files or use your PC to spread malware to other PCs.

Generally, it's safer to add an application to the list of allowed applications than to open a port. A port stays open until you close it, but an allowed application only opens the "hole" when needed.

To help decrease your security risk:

  • Only allow an application or open a port when you really need to, and follow the steps to remove applications from the list of allowed applications or close ports that you no longer need.

  • Never allow an application that you don't recognise to communicate through the firewall.

Show all

To remove an application from the list of allowed applications

  1. Open Windows Firewall by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the top-right corner of the screen, moving the mouse pointer down, then clicking Search), entering firewall in the search box, tapping or clicking Settings, then tapping or clicking Windows Firewall.

  2. Tap or click Allow an application or feature through Windows Firewall.

  3. Tap or click Change settings. Administrator permission required You might be asked for an admin password or to confirm your choice.

  4. Clear the checkbox next to the application that you want to remove from the list of allowed applications, then tap or click OK.

To close a firewall port

  1. Open Windows Firewall by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the top-right corner of the screen, moving the mouse pointer down, then clicking Search), entering firewall in the search box, tapping or clicking Settings, then tapping or clicking Windows Firewall.

  2. Tap or click Advanced settings. Administrator permission required You might be asked for an admin password or to confirm your choice.

  3. In the Windows Firewall with Advanced Security dialogue box, Tap or click Inbound Rules.

  4. Select the rule that you want to disable, then, in the right pane, tap or click Disable Rule.

Need more help?