Windows Firewall allows you to block all outgoing connections to restrict applications from connecting to the internet. Here's how.
Windows comes with a default firewall application that gives you granular control over the internet access and also allows you to configure all the incoming and outgoing connections. By default, the Windows firewall is configured to allow all outgoing connections unless they are blacklisted and block all incoming connections unless they are whitelisted.
Most Windows programs have almost unrestricted access to outgoing connections. This means that the applications can phone home and perform other activities without any restrictions.
If you don't like this behavior then you can use the Windows Firewall options to block all outgoing connections. Blocking oubound connections is helpful when you want granular control over which applications can send data over the internet.
The method shown below is verified to work with Windows 10, 8, & 7. Before making any changes, I strongly recommend you to backup Windows Firewall settings.
Steps to Block All Outgoing Connections with Windows Firewall
These are the steps you should follow to block outgoing connections in Windows Firewall.
- Open the Start menu.
- Search for "Windows Defender Firewall" and open it.
- Click on the "Advanced Settings" link in the Firewall application.
- Here, select the "Windows Defender Firewall with Advanced Security on Local Computer" option on the left panel.
- Click on the "Windows Defender Firewall Properties" link in the middle panel.
- In the Firewall properties window, go to the profile tab of your choice.
- Domain profile tab: If the system is joined in a domain.
- Private profile tab: If the system is connected to a private network (like home or office network).
- Public profile tab: If the system is connected to a public network (like a coffee shop WiFi)
In my case, I'm selecting the Private profile tab because I'm connected to a private network. For a vast majority of users, this is the option to select.
- Here, select "Block" from the drop-down menu next to "Outbound connections".
- Click on the "Apply" and "Ok" buttons to save changes.
- Close Windows Firewall application.
The changes are instant. From now on, all outbound connections are blocked and applications cannot send any data over the network.
Whitelist Applications to Allow Outbound Connections
To allow outgoing connections for specific applications, you need to manually whitelist them. Whitelisted application takes priority over the general block rule for outbound connections. For example, maybe you want the Chrome browser to work even when you blocked the outbound connections.
Follow these steps to whitelist applications for outbound connections.
- Open Windows Firewall.
- Click on the "Advanced Settings" link.
- Select "Outbound rules" on the left panel.
- Click on the "New rule" option in the right panel.
- Select "Program" and click "Next".
- Select "This program path" and click "Browse".
- Find the application's exe file, select it, and click on the "Open" button.
- Click "Next".
- Select "Allow this connection" and click "Next".
- Select Domain, Private, and Public checkboxes and click "Next".
- Name the rule and click "Finish".
As soon as you click the Finish button, the outbound rule will be created and applied to the firewall. From now, the whitelisted application should be able to send data over the network even if the outbound connections are blocked.
FIXED: Some Applications can Still Connect to the Internet After Blocking Outgoing Connections
Even after block all outbound connections, some applications can still send data over the network. For example, most built-in Windows applications and services can send data over the network. This is because those applications are whitelisted by the system.
If you don't want those applications accessing the outgoing connections, you have to manually disable the outbound rule for those applications in the Firewall settings. Let me show you how.
- Open the Windows Firewall application.
- On the left panel, click on the "Advanced Settings" link.
- Here, select the "Outbound Rules" option on the left panel.
- In the middle panel, find the rule related to the application you want to block.
- For example, I want to block the Windows 10 Email app. So, I selected it.
- Right-click on the rule and select the "Disable Rule" option.
That is it. The changes are instant. For demonstration purposes, I also blocked the outbound rule for the legacy Edge browser. As you can see from the image below, it cannot connect to the internet due to the restriction of the outgoing rule. Do this to all the applications you don't want connecting to the internet.
I hope that helps. If you are stuck or need some help, comment below and I will try to help as much as possible.