A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers.

There are three settings on the General tab in Windows Firewall. Here's what they do and when you should use them:

On (recommended)

This setting is selected by default. When Windows Firewall is on, most programs are blocked from communicating through the firewall. If you want to unblock a program, you can add it to the Exceptions list (on the Exceptions tab). For example, you might not be able to send photos in an instant message until you add the instant messaging program to the Exceptions list. To add a program to the Exceptions list, see Allow a program to communicate through Windows Firewall.

Block all incoming connections

This setting blocks all unsolicited attempts to connect to your computer. Use this setting when you need maximum protection for your computer, such as when you connect to a public network in a hotel or airport, or when a computer worm is spreading over the Internet. With this setting, you are not notified when Windows Firewall blocks programs, and programs on the Exceptions list are ignored.

When you select Block all incoming connections, you can still view most webpages, send and receive e‑mail, and send and receive instant messages.

Off (not recommended)

Avoid using this setting unless you have another firewall running on your computer. Turning off Windows Firewall might make your computer (and your network, if you have one) more vulnerable to damage from hackers and malicious software (such as worms).


  • If some firewall settings are unavailable and your computer is connected to a domain, your system administrator might be controlling these settings through Group Policy.