Skills MatrixSkills Matrix
Technology Skill Objective Domain Skill Domain #Understanding Windows Firewall
Troubleshoot Windows Firewall issues
2.3
Configuring Windows Firewall
Troubleshoot Windows Firewall issues
2.3
Configuring Windows Firewall Basic Settings
Configure system exceptions
2.3
Configuring Windows Firewall with Advanced Security and Group Policy Settings
Configure system exceptions
2.3
Skills MatrixSkills Matrix
Technology Skill Objective Domain Skill Domain #Understanding Windows Defender
Troubleshoot Windows Defender issues
2.4
Using Windows Defender Troubleshoot Windows Defender issues
2.4
Configuring Windows Defender Options Locally
Troubleshoot Windows Defender issues
2.4
Skills MatrixSkills Matrix
Technology Skill Objective Domain Skill Domain #Using Software Explorer Troubleshoot Windows
Defender issues2.4
Scanning Your System Manually
Troubleshoot Windows Defender issues
2.4
Configuring Windows Defender Group Policy
Troubleshoot Windows Defender issues
2.4
A firewall is a device that limits inbound (and sometimes outbound) data connections in an attempt to strengthen security.
Windows Firewall is a host firewall that can run on each computer in a network to help prevent attacks.
Understanding Windows Firewall
Understanding Windows FirewallUnderstanding Windows Firewall
The following are some new features for Windows Firewall in Windows Vista.
Windows Firewall with Advanced Security Snap-in
IPSec integration
Outbound filtering
Expanded authenticated bypass
Support for Active Directory users, computers, and groups
Understanding Windows Firewall (cont.)
Understanding Windows FirewallUnderstanding Windows Firewall
You can configure the most basic settings for Windows Firewall through the Windows Firewall Settings dialog box.
More advanced settings can be configured by using the Windows Firewall with Advanced Security Snap-in and Group Policy.
Configuring Windows Firewall
Configuring Windows FirewallConfiguring Windows Firewall
Configuring Windows Firewall General Settings
Configuring Windows FirewallConfiguring Windows Firewall
The General tab enables you to turn Windows Firewall on or off and to block all inbound connections.
Configuring Windows Firewall Exceptions
Configuring Windows FirewallConfiguring Windows Firewall
Exceptions tab of the Windows Firewall Settings dialog box
Unblocking a Program in Windows Firewall
Configuring Windows FirewallConfiguring Windows Firewall
There are three ways to create an exception for an inbound connection request from a program.
Click Unblock on the Windows Security Alert dialog box when Windows Firewall blocks a program.
Configure a program exception on the Exceptions tab.
Unblocking a Program in Windows Firewall (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
There are three ways to create an exception for an inbound connection request from a program (cont.).
Open the appropriate port on the Exceptions tab. This method is not recommended for individual programs.
Unblocking a Program in Windows Firewall (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
Select one of the following:
Any computer (including those on the Internet) – Select this option to unblock the specified program for all computers.
My network (subnet) only – Select this option to unblock the specified program for your subnet.
Custom List – Select this option to specify the IP addresses of the computers for which you want to unblock the specified program.
Unblocking a Port in Windows Firewall
Configuring Windows FirewallConfiguring Windows Firewall
To add a port that is not in the list box, click Add port. The Add a Port dialog box appears.
Configuring the Advanced Tab in Windows Firewall
Configuring Windows FirewallConfiguring Windows Firewall
Do one of the following:
To enable Windows on a network connection – Select the check box for the network connection for which you want to enable Windows Firewall.
To disable Windows on a network connection – Clear the check box for the network connection for which you want to disable Windows Firewall.
Configuring the Advanced Tab in Windows Firewall (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
Do one of the following (cont.):
To restore Windows Firewall default settings – Click Restore Defaults. In the Restore Defaults Confirmation warning box, click Yes to continue.
Configuring Windows Firewall with Advanced Security
Configuring Windows FirewallConfiguring Windows Firewall
Windows Firewall with Advanced Security Snap-in
Creating and Configuring Firewall Rules
Configuring Windows FirewallConfiguring Windows Firewall
Firewall Rules are the building blocks of exceptions.
You can configure Firewall Rules for both inbound and outbound connections.
Creating and Configuring Firewall Rules (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
In the Action menu, click New Rule. The New Inbound/Outbound Rule Wizard appears.
Creating and Configuring Firewall Rules (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
Select one of the following:
Apply to all programs and services – Applies the rule to all processes
Apply to services only – Applies the rule only to services
Creating and Configuring Firewall Rules (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
Select one of the following (cont.):
Apply to this service – To select the service in the associated list box to which you want to apply the rule
Apply to service with this service short name – To select the service to which you want to apply the rule by specifying its short name
Creating and Configuring Firewall Rules (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
Protocol and Ports page of the New Inbound Rule Wizard
Creating and Configuring Firewall Rules (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
Scope page of the New Inbound Rule Wizard with example settings
Creating and Configuring Firewall Rules (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
Action page of the New Inbound Rule Wizard
Creating a Program Inbound or Outbound Rule
Configuring Windows FirewallConfiguring Windows Firewall
Program page of the New Inbound Rule Wizard
Creating a Port Inbound or Outbound Rule
Configuring Windows FirewallConfiguring Windows Firewall
Protocol and Ports page of the New Inbound Rule Wizard
Creating a Predefined Inbound or Outbound Rule
Configuring Windows FirewallConfiguring Windows Firewall
Possible choices for predefined rules with Windows Meeting Space selected
Creating a Predefined Inbound or Outbound Rule (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
Predefined Rules page for the Windows Meeting Space predefined rule
Browsing Rules in Windows Firewall with Advanced Security
Configuring Windows FirewallConfiguring Windows Firewall
In the console tree, select one of the three rules nodes.
Inbound Rules
Outbound Rules
Connection Security Rules
Browsing Rules in Windows Firewall with Advanced Security (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
In the action pane, there are three filters with which you can filter the list (two for Connection Security Rules).
Filter by Profile – To limit the list according to what profile the rules affect
Filter by State – To show all of the rules that are enabled or disabled
Browsing Rules in Windows Firewall with Advanced Security (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
In the action pane, there are three filters with which you can filter the list (two for Connection Security Rules) (cont.).
Filter by Group (Outbound Rules and Inbound Rules only) – To view all of the rules in a particular group
Configuring Windows Firewall Group Policy Settings
Configuring Windows FirewallConfiguring Windows Firewall
Windows Firewall Group Policy settings allow you to configure settings that control Windows Firewall behavior for many computers simultaneously through Group Policy.
Configuring Windows Firewall Group Policy Settings (cont.)
Configuring Windows FirewallConfiguring Windows Firewall
Domain profile – The affected computers are connected to a network where domain controllers (in which the computer’s domain account resides) are available.
Standard profile – The affected computers are not connected to a network where domain controllers (in which the computer’s domain account resides) are available.
Disabling Windows Firewall Through Group Policy
Configuring Windows FirewallConfiguring Windows Firewall
Protect all network connections Properties dialog box with Disabled selected
Understanding Windows Defender
Understanding Windows DefenderUnderstanding Windows Defender
Windows Defender is Vista’s front-line defense against spyware and other unwanted software.
Spyware includes programs from pop-up advertisements to applications that gather data from your computer and send it across the Internet.
Configuring Windows Defender Options Locally
Using Windows DefenderUsing Windows Defender
Tools and Settings page of Windows Defender
Configuring Windows Defender Options Locally (cont.)
Using Windows DefenderUsing Windows Defender
You can configure the following sets of options on the Options page of Windows Defender.
Automatic scanning
Default actions
Real-time protection options
Advanced options
Administrator options
Configuring Default Actions
Using Windows DefenderUsing Windows Defender
Select one of the following options in the High alert items, Medium alert items, and Low alert items drop-down lists.
Default action (definition based) – Does what the virus definition recommends doing. This is the recommended setting.
Ignore – Ignores the detected program. This is not recommended, especially for high and medium alert items.
Configuring Default Actions (cont.)
Using Windows DefenderUsing Windows Defender
Select one of the following options in the High alert items, Medium alert items, and Low alert items drop-down lists (cont.).
Remove – Removes the detected item automatically
Configure Real-Time Protection Options
Using Windows DefenderUsing Windows Defender
Real-time protection options on the Options page of Windows Defender
Configuring Advanced Options
Using Windows DefenderUsing Windows Defender
Configure the following check boxes: Scan the contents of the archived files and folders
for potential threats
Use heuristics to detect potentially harmful or unwanted behavior by software that hasn’t been analyzed for risks
Create a restore point before applying actions to detected items: Select if you may need to roll back a change made by Windows Defender.
Configuring Administrator Options
Using Windows DefenderUsing Windows Defender
Open the Options page of Windows Defender.
• Scroll to the Administrator options section.
• If you want to turn on Windows Defender, select the Use Windows Defender check box.
• To limit Windows Defender use to Administrators, clear the Allow everyone to use Windows Defender check box.
Using Software Explorer
Using Windows DefenderUsing Windows Defender
Software Explorer is a component of Windows Defender that enables you to view detailed information and control software (including configuring startup options) on your computer that may have a negative impact on performance, privacy, or security.
Using Software Explorer (cont.)
Using Windows DefenderUsing Windows Defender
You can explore the following categories of software in Software Explorer.
Startup programs – Programs that run automatically with or without your knowledge when you start Windows
Currently running programs – Programs or processes currently running
Using Software Explorer (cont.)
Using Windows DefenderUsing Windows Defender
You can explore the following categories of software in Software Explorer (cont.).
Network-connected programs – Programs or processes that can connect to the Internet or to your home or office network
Winsock service providers – Programs that perform low-level networking and communication services and often have access to important areas of the operating system
Exploring Software Using Software Explorer
Using Windows DefenderUsing Windows Defender
Software Explorer in Windows Defender
Scanning Your System and Taking Action with Windows Defender
Using Windows DefenderUsing Windows Defender
Quick Scan – Select this option to scan the most likely areas where unwanted software resides.
Full Scan – Select this option to scan the entire computer.
Scanning and Taking Action with Windows Defender (cont.)
Using Windows DefenderUsing Windows Defender
Custom Scan – Select this option to specify the files and folders that you want to scan. You can use this option if you suspect a particular piece of undesirable software and know where it usually resides.
Scanning and Taking Action with Windows Defender (cont.)
Using Windows DefenderUsing Windows Defender
Reviewing example scan results in Windows Defender after a full system scan
Configuring Windows Defender Group Policy
Using Windows DefenderUsing Windows Defender
Windows Defender Group Policy settings are located in the Computer Configuration > Administrative Templates > Windows Components > Windows Defender folder of GPOs.
Accessing Windows Defender Group Policy Settings
Using Windows DefenderUsing Windows Defender
Open the Group Policy object for which you want to configure Group Policy.
• In the Group Policy Object Editor console tree, expand Computer Configuration > Administrative Templates > Windows Components, and then select Windows Defender.
Accessing Windows Defender Group Policy Settings (cont.)
Using Windows DefenderUsing Windows Defender
• In the details pane, right-click the policy setting that you want to configure, and then click Properties.
SummarySummary
Windows Firewall is a host firewall that can run on each computer in a network to help prevent attacks.
You learned how to configure basic Windows Firewall settings through the Windows Firewall Settings dialog box and to configure more advanced settings by using the Windows Firewall with Advanced Security Snap-in, whether locally or in Group Policy.
You Learned
SummarySummary
You learned how to create Firewall Rules, which are the building blocks of exceptions and can be configured for both inbound and outbound connections.
The purpose of Windows Defender is to block, find, and remove malicious software, including spyware.
You learned how to schedule scanning and launch manual scans in Windows Defender.
You Learned (cont.)