How can I whitelist Google Update Exe

How can I block everything (all inbound and outbound Internet access) except those applications that are on the firewall whitelist?

Is it possible to automatically block all incoming / outgoing Internet connections from applications except Firefox with the standard Windows firewall?

I want to block everything, including Windows updates and other software updates.
I only want to allow a web browser like Firefox, Chrome or Opera.
How can I set up such a configuration in the Windows Firewall? I am looking for the application blocking but it seems you need to add one at a time and it is a tedious task.

What I want to achieve is a " Whitelisting "- which means I've set up a rule on a firewall that says" block everything "(where
" deny "= do not let anything through,
" all "= all types of traffic).
" any / any "= any source, any destination).

Then I judge the " White list "a - that is, the list of good goals that I want to allow.
A list of applications that I want to give network access to. Only applications on this list can communicate.
Note that whitelisting is different from blacklisting in that whitelisting blocks everything and later allows some things. With this definition in mind, everything is automatically blocked and cannot be used.

I want there to be an option or button that I can use to manually edit, add, or delete the application in this list.

I am not an expert. Please provide a detailed answer as I don't know anything about ports and some other expressions I came across while googling.
Many Thanks,


By default, Windows Firewall works as follows:

  • Incoming - block all except in the list (whitelist)
  • Outgoing - Allow all, if not in the list (black list)

You want all incoming by default and block all outgoing connections.

You can do this with the firewall built into Windows. The way to do this (albeit a little hidden) is to change the settings as follows in these 3 easy steps:
  1. Go to: Control Panel \ System and Security \ Windows Firewall

  2. Right click there as shown in the screenshot to get the properties:

  3. Change outgoing connections to Block for each profile Now you can only add the programs you want to the list.

You can import / export rules by right-clicking the option shown above and selecting Export Policy. It imports / exports the whole thing. So you can experiment, turn off rules, and make your computer more secure. For example, my settings are as follows (excluding my programs):

Inbound - there is not a single rule here!

Outgoing - only "Core Networking - DNS (UDP-Out)" is activated

Also, if you're using OpenVPN, you'll need to add two more outbound rules:

Core network - Dynamic Host Configuration Protocol (DHCP-Out)
and a rule to allow openvpn.exe

Do in an elevated shell window

Set all profiles to block incoming / outgoing traffic:

Remove all rules:

Allow basic outbound rules for ports 80,443,53,67,68

And to reset the firewall to the default values

** All changes take effect immediately

Another very useful, powerful and of course free one here:

TinyWall takes a different approach than traditional firewalls. There are no pop-ups "asking users to allow". In fact, you will not be notified of any blocked actions at all.
Instead of displaying popups, TinyWall allows you to whitelist or unblock applications in a number of different ways.
For example, you can just initiate the whitelist with a hotkey and then click on a window you want to allow. You can also select an application from the list of running processes.

Of course, the traditional way of selecting an executable file works as well. This approach avoids pop-ups, but the firewall remains very easy to use.

Most importantly, with the no-pop-up approach, the user will only notice that a program has been denied internet access when they can no longer use it.
As a result, users only unlock the applications they actually need and no more, which is optimal for security reasons.

Function overview

  • Multiple and easy ways to whitelist programs
  • Automatic learning mode
  • Firewall tamper protection
  • Password lock of the settings
  • Quick modes like Normal Protection, Allow Outgoing, Block All, Allow All, and Learning Mode
  • Support for temporary / scheduled firewall rules
  • Port and Domain Block Lists
  • Hosts file protection
  • Option to always allow communication in the LAN
  • Option to restrict an application to the LAN
  • Recognition of Safe Software and Scammers
  • Full IPv6 support
  • Lists established and blocked connections
  • View open ports on your computer
  • 100% free and clean software. No fees, no ads, no paid upgrades.

You can see the white list in the picture below:

Firewall app blocker

WhiteList mode: everything but the items on the white list will be blocked. To enable this, check the "Enable WhiteList" box in the lower right corner.
The whitelist mode denies access to all network interfaces. After enabling the WhiteList mode, drag an application (s) onto the “Firewall Application Blocker” interface to allow them. This was the most wanted function:

If you want to use Komodo Internet Security (KIS) or Comodo Free Firewall (CFF): The
Comodo firewall whitelists will help you by including all of the items listed below and nothing else is allowed in the system:

  • Web pages
  • Networks
  • People / devices
  • Software applications

White List Creation Instructions:
You should block all but and web browsers. To do this, go to and check "DO NOT show pop-up warnings" and change the drop-down list to. This blocks anything for which no rule has been created.

Now create the rules for your applications.
1- Go to.

2- Next, add another rule, then click.

3- To allow your browser,
add the browser you want to access. Add a new rule and give it the permission or rule set.

4- With Windows Update, I'm not sure which processes need access to the internet. Maybe someone else can give us some insight.
I think the main exe is under, but it also uses.

The process is the same if you add another application that you want to allow access to.

Important: Firewalls work in a hierarchical structure, so from to way, so to enable rules, must always be added before (higher) than the block - ALL - rule !!

You can now see the configuration of the Comodo Firewall as follows:

For importing / exporting and managing personal configurations

I examined the Windows firewall and found that the outbound filter module only works in blacklist mode. In other words, the connection is compared against all the rules. If no matching rule is found, the connection is allowed.

While your question is only about Windows Firewall, it might be helpful to know that there are third party personal firewalls that can actually run in whitelist mode. Comodo Internet Security, ESET Internet Security and ZoneAlarm can be configured to operate in whitelist mode.

When I say "configured" you should change the default configuration. For example, in the case of Comodo Internet Security, you need to switch to policy-based mode. Comodo Internet Security also allows Windows Store apps to have Internet access by default. However, you can also revoke this.

Evorim Free Firewall

You can use Evorim and put it in "Paranoid Mode" to block everything but what you want to allow.

Paranoid fashion
Do not trust anyone! In paranoid mode, no software can access the internet or network without your prior consent. Only applications that you trust can access the internet.

The problem with disabling all outbound connections is that Windows Firewall doesn't notify you when processes try to make outbound connections. This means you'll need to check the logs to find out or use the free Windows Firewall Control for better control.

You can also use a third party firewall product that allows for better control, such as Comodo Free Firewall.

To disable all outbound rules using Microsoft firewall:

  1. Call the applet Windows Firewall with Advanced Security
  2. click with the right click Windows Firewall with Advanced Security on the local computer
  3. Choose Properties
  4. In the dialog box that appears, choose your profile: Domain, Private, or Public.
  5. Set Outbound Connections to Block and click OK
  6. click on Outgoing rules
  7. Select the rules you don't want to allow and disable them by clicking rule click deactivate. You can also type + first to select all of the rules. After deactivating all rules, you can activate or add the allowed rules.

Blumental's software surf blocker

With Surfblocker you can easily restrict internet access at certain times or on request.
You can allow and block websites and restrict the programs and features that can access the Internet. For example, you can only allow email and edit or study related websites.
You can also simply protect the Internet connection with a password or set it to be automatically deactivated after a certain period of time. Of course, you can also automatically block harmful and dangerous content.

Allow work-related content only Allow work-related websites and Programs, while everything else is blocked

To only allow certain services or programs such as email

You can block Internet access while only allowing certain Internet services or programs. To do this, please proceed as follows:

  1. Start Surfblocker, enter your Surfblocker password (if required).
  2. Turn on Block everything.
  3. Click on Exceptions and under Allowed Services, check the services that you want to allow.
  4. Click Exceptions and under Allowed Programs, add the programs you want to allow.


Simple tool to configure Windows Filtering Platform (WFP), which can be used to configure network activity on your computer.

The lightweight application is smaller than a megabyte and compatible with Windows Vista and higher operating systems.
You need administrator rights to work correctly.


  • Free and open source
  • Simple interface without annoying popups
  • Rule editor (create your own rules)
  • Internal blacklist (lock windows spy / telemetry)
  • Discarded package information with notification and logging in a file function (win7 +)
  • Package information allowed when logging to a file function (Win8 +)
  • Windows Subsystem for Linux (WSL) support (win10)
  • Windows Store support (Win8 +)
  • Windows services support
  • Localization support
  • IPv6 support


Windows firewall control

is a powerful tool that extends the functionality of Windows Firewall and provides new additional features that improve Windows Firewall.
It runs in the system tray and allows the user to easily control the native firewall without wasting time by navigating to a specific part of the firewall.

This is a tool for managing the native firewall under Windows 10, 8.1, 8, 7, Server 2016, Server 2012. The Windows firewall control offers four filter modes that can be switched with just one click of the mouse: High filtering - All outgoing and incoming connections are blocked. This profile blocks all attempts to connect to and from your computer.

Medium filtering - Outgoing connections that do not match any rule are blocked. Only the programs you allow can initiate outbound connections.

Low filtering - Outgoing connections that do not conform to any rule are allowed. The user can block the programs for which he does not want to make outgoing connections.

No filtering - The Windows firewall is deactivated. Use this setting only if your computer is running a different firewall.

The Windows Firewall control does not filter packets and either blocks or does not allow a connection. This is done by the Windows firewall itself based on the existing firewall rules.

I use @Hames' answer which is excellent. On my Windows 7 I had to change it a little to make it work (when copying / pasting in cmd.exe it didn't work)

also allow me as opposed to the linked answer not the ports 80/443 by default for all programs, but I list them one by one (e.g. Firefox, Chrome, etc.).

We use cookies and other tracking technologies to improve your browsing experience on our website, to show you personalized content and targeted ads, to analyze our website traffic, and to understand where our visitors are coming from.

By continuing, you consent to our use of cookies and other tracking technologies and affirm you're at least 16 years old or have consent from a parent or guardian.

You can read details in our Cookie policy and Privacy policy.