This article explains how to enable or disable “Shield up” in Windows Firewall to “Block all incoming connections, including those in the list of allowed apps” on Windows 11.
The Windows Firewall blocks everything by default unless an exception rule is created. An important Windows Firewall feature you can use to mitigate damage during an active attack is theĀ shields upĀ mode.
TheĀ shield upĀ option overrides the exceptions.
Shields up can be achieved by checkingĀ the “Block all incoming connections, including those in the list of allowed apps”Ā setting in either the Windows Settings app or Control Panel.
For example, the Remote Desktop feature automatically creates firewall rules when enabled. However, suppose there’s an active exploit using multiple ports and services on a host. In that case, you can use the shields up mode instead of disabling individual rules to block all inbound connections, overriding previous exceptions, including the rules for Remote Desktop.
The steps below walk you through turning on or off Windows Firewall “shield up” mode.
Turn on or off “Shield up” mode in Windows Firewall
As mentioned, users can enable or disable a Windows Firewall feature to block all incoming connections.
Here’s how to do it.
First, open the Windows Security app.
Alternatively, select Start > Settings > Update & Security > Windows Security > Open Windows Security.
In the Windows Security app, select āFirewall & network protection.ā
Select the “Private network” profile.
Then, check the box next to “Blocks all incoming connections, including those in the list of allowed apps” to enable Windows Firewall “Shield up” mode.
To disable it, uncheck the box.
When prompted, click the Yes button to confirm the changes.
Close the Windows Security app when done.
Use the Control Panel to block all incoming connections in Windows Firewall
The same settings above can be applied using the Windows Firewall feature in the Control Panel in Windows.
First, open the Control Panel.
Then, select System and Security > Windows Defender Firewall.
Control Panel > System and Security > Windows Defender Firewall
Click the “Turn Windows Firewall on or off” link on the Windows Defender Firewall settings page.
Check/uncheck the box next to “Block all incoming connections, including those in the list of allowed apps” to enable or disable it.
Close the Control Panel when you are done.
Turn on or off Shield Up Mode using the Windows Registry
Another way to enable or disable the āShield upā feature in Windows is to use theĀ Windows Registry editor.
First, open the Windows Registry and navigate to the folder key path below.
ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile
Right-clickĀ StandardProfileĀ >Ā NewĀ >Ā DWORD (32-bit) ValueĀ and name the new DWORDĀ DoNotAllowExceptions.
Double-clickĀ DoNotAllowExceptionsĀ and change the valueĀ 1Ā to block all incoming connections within the “Private network” profile.
EnterĀ 0Ā to turn it off and allow all connections.
Use the registry path below to do the same for the “Public network” profile.
ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile
Then, block or unblock all incoming connections using the “DoNotAllowExceptions” value name and 1 or 0.
The “Domain network” profile is at:
ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile
Then, block or unblock all incoming connections using the “DoNotAllowExceptions” value name and 1 or 0.
Save your changes and restart your computer.
That should do it!
Reference:
Conclusion:
Enabling or disabling the “Shield up” mode in Windows Firewall is a straightforward process that enhances your system’s security. You can effectively mitigate risks during active threats by blocking all incoming connections. Here are the key takeaways:
- Versatile Options: You can enable or disable “Shield up” mode through the Windows Security app, Control Panel, or Windows Registry.
- Complete Protection: Activating this mode overrides allowed app exceptions, providing a higher level of protection against potential attacks.
- User-Friendly Process: The steps involved are simple and can be completed in just a few minutes.
- Versatile Profiles: The settings can be applied to various network profiles (Private, Public, Domain), allowing customization based on your security needs.
- Reversible Changes: You can quickly revert the settings, giving you control over your firewall’s behavior.
Following the steps outlined in this article, you can ensure that your Windows 11 device remains secure and less vulnerable to unauthorized access.
Leave a Reply