Simplewall and Windows Firewall Control are great free solutions.
WFC includes some useful features but I prefer the simplicity of Simplewall.

I tried portmaster but the experience was not streamlined for my use case - ask to allow or block outgoing connection from any new app.

In short, all three are good solutions.

 

A side note to standard windows firewall: I just discovered few days ago, to me an absolute NO GO feature: it has no rule prioritization, and this can be a real mess, so I think that any overlay (tiny, wcf, etc) of wf is a NO GO too.

I use the overbloated (free) Comodo firewall, that has HIPS too and a virtual container (kind of sandboxie).

 

I use Evorim - Free Firewall.

 

Same here, however with comodo and Kontakt6+ there are issues when daw is blocked (kontakt does not open at all, gets error).

 

It doesn't matter which fw you're using because kontakt needs a loopback (127.0.0.1) connection, so the same must be granted to daw.
Create a rule for that purpose.

 

SimpleWall. Been using it for years, very low CPU, super easy to configure and "set and forget". Also, it's free.

 

TinyWall is great too. You can easily configure the rules with it that you like. Unblocking local traffic is one click. You can easily allow/block traffic for Windows Update, DHCP, DNS etc. And it is also free.

Then again, if you are behind a router, you probably don't need another firewall, because your router acts as one already. If a hacker manages to gain access to your router, you are probably f'ed already.

A firewall IS needed when you connect your pc to unknown networks or if it is directly exposed to the internet. In a home network setting the security for incoming traffic is in most cases handled by the router and the additional firewall in the pc itself is basically unnecessary.

That said. If you know what you are doing, you can block outgoing traffic of applications that you don't want to have access to the internet. It is however not as trivial as it might seem, as programs can use different mechanisms to connect to the internet. If you want internet access for your local system browser, other programs can hijack that connection for example. Blocking the individual program might not be enough to stop it from connecting to the internet. If you happen to block the underlying system services, the programs that you want to access the internet might not work anymore.

 

It is a bad idea to attempt using Windows firewall by itself with "alternative" software.
That requires very close attention and effort to make sure one has properly blocked connections, because one must manually enter the information.

A whitelist-type firewall or a whitelist-type front-end for Windows firewall is really a necessary thing for most people using alternative software.
I use Windows Firewall Control set to "Medium Filtering", and set to notify me of actions.

 

my favorite is ZONEALARM PRO

 

I agree with @DoubleTake using Windows Firewall is just a bad idea and will allow all sorts of access in and out without you even knowing or giving you an option to accept or reject that connection. I used ZoneAlarm Free for over 10 years until it started making everything in Windows run slow like they'd introduced some kind of Ransomware rubbish (it was really bad) and took me a while to work out what was causing that issue. I then tried NetLimiter which I thought was great until it wouldn't let me into Windows like it was waiting for me to accept a notification but I couldn't get to that notification to accept it so I dumped that too for Malwarebytes Windows Firewall Control (WFC) and it's great and does exactly want I need set to "Medium Filtering" (Green) with Notifications (Enabled) and been using that a couple of years-ish now with no issues.

Spoiler: WFC

https://www.binisoft.org/wfc

 

Just use Win Firewall and that's it.
And there is no need for installing any third-party tools for checking your Active Connections, just using Windows Resource Monitor.
Click the Network tab and expand TCP Connections.
Or use CMD and type netstat -a -b.

Thank me Later!

Cheers

 

no matter what firewall you use i have learned... they still can get inside!

 

Jap that's right. Brain.exe should be up-to-date and working;)

 

Glasswire is the best-in-class firewall, and the closest to what Little Snitch does for Mac and OpenSnitch for Linux.

For example, you may want to block your DAW's plugin scanner from reaching the internet, but not it's core app which fetches DAW content...you have that option easily. You can be notified when an App or process tries to connect and given the choice to allow or deny. You can search your list of allow/bocked apps and quickly change permission. There are some nice graphical charts of realtime data flow. I have not seen a better 3rd party, and I have tried many.

 

Sound similar to WFC for methodology, but the charts sound interesting .
A whitelist-type seems to be the best as it blocks everything until you approve it, and it only takes a short while to do basic allowances.
So long as the pop-up notification is convenient it's very easy.
There are a couple of programs that it asks permission for on a regular basis, because they run from new folders named for the new versions.
It is so easy and automatic I forgot which programs... but every few weeks at least.
(In WFC make sure to set notifications ON or you might wonder why you are not connecting...same may be true for others)

 

@iswingwood Hi, are you using the free version?

 

Well. You'd probably think i'm trolling but i'm not. A couple of years ago i got this 2nd hand (like new though) for about 400euros, it was for my wife's small home biz and i get to use it too. Extensive management and a gazillion settings are its main perks. The Cisco Firepower 1010 Next Gen Firewall. It's been with us 2 yrs now, so far np whatsoever, seems fkn robust. For someone like me with no extensive knowledge in networking, it did have a learning curve, i had to bring over the friend who recommended it and specializes in networking to teach me a few thingies hehe. There are still things i haven't touched yet with it.

Y'all have a nice one.
PS: Talking 'bout soft fws, i really like Glasswire. Probably the most smart fw soft out there.

 

Simple Wall.

 

i dont get this kontakt loopback thing , since which version is kontakt in need of www mandatory ?

 

My network frontline tools of choice are Outpost 9.3 (yes, the web control has been fixed in that one) along with NetLimiter. This combination provides the best solution for a dual homed network config on win10. Outpost 9.3 will not work on win11, since agnitum doesn't exist anymore..

The windows defender firewall is a POS. One of the main reasons to use a FW is to make certain on dual homed machines that the internet interface is kept controlled and separate from the backend LAN. The defender FW cant seem to distinguish between interfaces. I have tried on numerous occasions to get the defender FW to govern a program or service to have LAN access but no Internet access or vice versa. Or even to govern a particular port or remote address. The result being, even after setting just a couple of rules, the stupid defender FW shuts down all access to my Local area network. I have no use for such a lame POS that cannot discern or deal with a dual homed network setup.