Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Outbound Firewallrules for Defender for Ennpoint

Brass Contributor

Hi,

i would like to propose that Default outbound Firewallrules for Windows * and Windows Server * are available by default, that you just have to activate them.

Open Outbound Firewalling for(used procmon to identify them):

C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe

C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe

C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe

C:\Program Files\Windows Defender Advanced Threat Protection\SenseNdr.exe

C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe

C:\Program Files\Windows Defender Advanced Threat Protection\SenseSC.exe

Service WinDefend

Service DiagTrack

c:\windows\system32\smartscreen.exe

Also Svchost (system pid4) is needed for updating CTL,CRL,RootCertupdates,... could anyone give a hint on how to restrict that a bit more?

 

0 Replies