question

AbhirupGupta-7020 avatar image
0 Votes"
AbhirupGupta-7020 asked LimitlessTechnology-2700 answered

Exception policy for Windows Defender Firewall

Hello Team,

I believe you all are doing good and keeping safe.

I'm using an RPA tool to send emails to business. Sending email to business via tool is happening for more than 6 months. But all of sudden it has stopped working. We investigated the issue & found access is getting blocked by the global windows defender firewall policy.

This policy is applied through GPO to block all Outbound SMTP( Port:25) access from workstations. So the problem is that the application connect to the Global SMTP Relays on Port 25 that means that we need to be able to connect to the Global SMTP Relays on Port 25 and this connection is what Defender is NOT allowing We can't change the SMTP port of the Global SMTP Relays because we have 1000s of applications connecting to us.

Isn't there any way to limit it to only some workstations that are identified so it is not enabled for all?

windows-10-network
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @AbhirupGupta-7020 ,

Yes you can limit the action of windows defender by creating a inbound and outbound port rule

  1. https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule

  2. https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule


Hope this Answers all your queries , if not please do repost back .
If an Answer is helpful, please click "Accept Answer" and upvote it : )

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @AbhirupGupta-7020

I will recommend to run the firewall block to the specific group of computer by linking them to a new GPO, for example "Block 25"

First you will need to allow the execution of scripts via GPO:

In the GPO editor, select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows PowerShell.
Right-click "Turn on script execution", then select "Edit".
In the window that appears, click the "Enabled" radio button.
In the "Execution Policy" drop-down, select Allow local scripts and remote signed scripts.
Click "OK" to accept the changes.

Then create a .PS1 script with your desired settings as in:
https://docs.microsoft.com/en-us/powershell/module/netsecurity/new-netfirewallrule?view=windowsserver2019-ps
For example: PS C:\> New-NetFirewallRule -DisplayName "Block Outbound Port 25" -Direction Outbound -LocalPort 25 -Protocol TCP -Action Block
And save it on a accessible share for that group of computers. In the security settings of the file properties, you need to add the group "Domain Computers" for Read and Read and Execute permissions.

Then configure the execution in the policy configuration:
Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup / Shutdown) and add your PS Script .

Hope this helps!

--do not forget to vote if helpful or mark as Answer if it resolved your query--

Best regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.