When you add a program to the list of allowed programs in a firewall, or when you open a firewall port, you allow a particular program to send information to or from your computer through the firewall. Allowing a program to communicate through a firewall (sometimes called unblocking) is like punching a hole in the firewall.

Each time you open a port or allow a program to communicate through a firewall, your computer becomes a bit less secure. The more allowed programs or open ports your firewall has, the more opportunities there are for hackers or malicious software to use one of those openings to spread a worm, access your files, or use your computer to spread malicious software to others.

It's generally safer to add a program to the list of allowed programs than to open a port. If you open a port, it stays open until you close it, whether or not a program is using it. If you add a program to the list of allowed programs, the "hole" is open only when needed for a particular communication.

To help decrease your security risk:

  • Only allow a program or open a port when you really need to, and follow the steps below to remove programs from the list of allowed programs or close ports that you no longer need.

  • Never allow a program that you don't recognize to communicate through the firewall.

To remove a program from the list of allowed programs

  1. Open Windows Firewall by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.

  2. In the left pane, click Allow a program or feature through Windows Firewall.

    Picture of the left pane of Windows Firewall in Control Panel
    Left pane of Windows Firewall
  3. Click Change settings. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  4. Clear the check box next to the program you want to remove from the list of allowed programs, and then click OK.

To close a firewall port

  1. Open Windows Firewall by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.

  2. In the left pane, click Advanced settings. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  3. In the Windows Firewall with Advanced Security dialog box, in the left pane, click Inbound Rules.

  4. In the middle pane, select the rule that you want to disable, and then, in the right pane, click Disable Rule.