Geek Rewind

How to Enable or Disable Shield Up in Windows Firewall on Windows 11

This article explains how to turn on or off “Shield up” in Windows Firewall. This feature blocks all incoming connections on Windows 11, even if you’ve allowed certain apps in the past.

The Windows Firewall blocks everything by default unless you create an exception rule. “Shield up” is an important Windows Firewall feature you can use during an active attack.

Why use Shield up? When someone attacks your computer, they might use multiple ports and services to get in. Instead of turning off individual firewall rules, you can turn on “Shield up” mode. This blocks all incoming connections and overrides any exceptions you’ve created.

What happens when you enable Shield up? All incoming connections get blocked. Even apps you’ve allowed before—like Remote Desktop—won’t be able to receive incoming connections.

How to Turn On or Off “Shield up” Mode in Windows Firewall

Enable or disable Shield Up in Windows Firewall by opening the Windows Security app, selecting Firewall & network protection, choosing your network profile, and toggling the “Block all incoming connections” option to activate maximum protection mode. Here’s how to enable or disable this feature:

  1. Open the Windows Security app.

    Alternatively, select Start > Settings > Update & Security > Windows Security > Open Windows Security.


  2. In the Windows Security app, select “Firewall & network protection.”
    Windows Firewall in Windows Security app


  3. Select the “Private network” profile.
    Windows Firewall private profile


  4. Check the box next to “Block all incoming connections, including those in the list of allowed apps” to turn on “Shield up” mode.

    To turn it off, uncheck the box.



  5. When prompted, click the Yes button to confirm the changes.
  6. Close the Windows Security app when done.

Use Control Panel to Block All Incoming Connections

You can also use the Control Panel to make these changes:

  1. Open the Control Panel.

    Then, select System and Security > Windows Defender Firewall.


  2. Click the “Turn Windows Firewall on or off” link on the Windows Defender Firewall settings page.
    Windows Defender Firewall in Control Panel


  3. Check or uncheck the box next to “Block all incoming connections, including those in the list of allowed apps” to turn it on or off.
    Windows Defender Firewall block all incoming connections


  4. Close the Control Panel when you are done.

Turn On or Off Shield Up Mode Using the Windows Registry

⚠️ Admin required: You need admin privileges to edit the registry.

Another way to enable or disable the “Shield up” feature is to use the Windows Registry editor.

  1. Open the Windows Registry and navigate to the folder key path below:

    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall\StandardProfile


  2. Right-click StandardProfile > New > DWORD (32-bit) Value and name the new DWORD DoNotAllowExceptions.
  3. Double-click DoNotAllowExceptions and change the value to 1 to block all incoming connections in the “Private network” profile.

    Enter 0 to turn it off and allow connections.


    Windows Defender Firewall block all incoming connections registry


  4. To do the same for the “Public network” profile, use this registry path:

    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall\PublicProfile


    Then block or unblock all incoming connections using the DoNotAllowExceptions value name and enter 1 or 0.


  5. For the “Domain network” profile, use this path:

    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall\DomainProfile


    Then block or unblock all incoming connections using the DoNotAllowExceptions value name and enter 1 or 0.

  6. Save your changes and restart your computer.

Summary

Enabling or disabling “Shield up” mode in Windows Firewall is a simple process that makes your computer more secure. Here are the key points:

  • Multiple ways to do it: You can enable or disable “Shield up” mode through the Windows Security app, Control Panel, or Windows Registry.
  • Complete protection: When you turn on this mode, it blocks all incoming connections. It overrides any apps you’ve previously allowed.
  • Easy to use: The steps are simple and take just a few minutes to complete.
  • Different network types: You can apply these settings to Private, Public, or Domain networks based on what you need.
  • Easy to change back: You can turn “Shield up” off anytime if you need to allow incoming connections again.

By following the steps in this article, you can keep your Windows 11 device safer and protect it from unauthorized access.

Frequently Asked Questions

What is Shield Up mode in Windows Firewall?

Shield Up mode in Windows Firewall is a feature that blocks all incoming connections, even those from allowed apps. It is useful during active attacks to enhance security by overriding existing firewall rules.

How do I enable Shield Up in Windows 11?

To enable Shield Up in Windows 11, open the Windows Security app, go to 'Firewall & network protection', select the 'Private network' profile, and check the box for 'Block all incoming connections, including those in the list of allowed apps'.

Can I disable Shield Up mode once it's enabled?

Yes, you can disable Shield Up mode by unchecking the 'Block all incoming connections, including those in the list of allowed apps' option in the Windows Security app or Control Panel, and confirming the changes.

Is there an alternative way to enable Shield Up mode?

Yes, you can enable Shield Up mode using the Windows Registry editor by navigating to the appropriate key path and modifying the settings. This method is more advanced and should be done with caution.

What happens to my allowed apps when Shield Up is enabled?

When Shield Up is enabled, all incoming connections are blocked, including those from apps that are usually allowed. This is a temporary security measure to protect your system during potential threats.

Reference: Microsoft

Categories:

Tags:

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *