Geek Rewind

Enable Shield Up in Windows Firewall on Windows 11

Richard

·

The article details how to enable or disable the “Shield up” mode in Windows Firewall on Windows 11 to block all incoming connections, overriding allowed apps. It outlines methods using the Windows Security app, Control Panel, and Windows Registry, allowing users to customize security settings for different network profiles easily.

This article explains how to enable or disable “Shield up” in Windows Firewall to “Block all incoming connections, including those in the list of allowed apps” on Windows 11.

The Windows Firewall blocks everything by default unless an exception rule is created. An important Windows Firewall feature you can use to mitigate damage during an active attack is the shields up mode.

The shield up option overrides the exceptions.

Shields up can be achieved by checking the “Block all incoming connections, including those in the list of allowed apps” setting in either the Windows Settings app or Control Panel.

For example, the Remote Desktop feature automatically creates firewall rules when enabled. However, suppose there’s an active exploit using multiple ports and services on a host. In that case, you can use the shields up mode instead of disabling individual rules to block all inbound connections, overriding previous exceptions, including the rules for Remote Desktop.

The steps below walk you through turning on or off Windows Firewall “shield up” mode.

Turn on or off “Shield up” mode in Windows Firewall

As mentioned, users can enable or disable a Windows Firewall feature to block all incoming connections.

Here’s how to do it.

First, open the Windows Security app.

Alternatively, select Start > Settings > Update & Security > Windows Security > Open Windows Security.

In the Windows Security app, select “Firewall & network protection.”

Windows Firewall in Windows Security app

Select the “Private network” profile.

Windows Firewall private profile

Then, check the box next to “Blocks all incoming connections, including those in the list of allowed apps” to enable Windows Firewall “Shield up” mode.

To disable it, uncheck the box.

When prompted, click the Yes button to confirm the changes.

Close the Windows Security app when done.

Use the Control Panel to block all incoming connections in Windows Firewall

The same settings above can be applied using the Windows Firewall feature in the Control Panel in Windows.

First, open the Control Panel.

Then, select System and Security > Windows Defender Firewall.

Control Panel > System and Security > Windows Defender Firewall

Click the “Turn Windows Firewall on or off” link on the Windows Defender Firewall settings page.

Windows Defender Firewall in Control Panel

Check/uncheck the box next to “Block all incoming connections, including those in the list of allowed apps” to enable or disable it.

Windows Defender Firewall block all incoming connections

Close the Control Panel when you are done.

Turn on or off Shield Up Mode using the Windows Registry

Another way to enable or disable the “Shield up” feature in Windows is to use the Windows Registry editor.

First, open the Windows Registry and navigate to the folder key path below.

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

Right-click StandardProfile > New > DWORD (32-bit) Value and name the new DWORD DoNotAllowExceptions.

Double-click DoNotAllowExceptions and change the value 1 to block all incoming connections within the “Private network” profile.

Enter 0 to turn it off and allow all connections.

Windows Defender Firewall block all incoming connections registry

Use the registry path below to do the same for the “Public network” profile.

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile

Then, block or unblock all incoming connections using the “DoNotAllowExceptions” value name and 1 or 0.

The “Domain network” profile is at:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

Then, block or unblock all incoming connections using the “DoNotAllowExceptions” value name and 1 or 0.

Save your changes and restart your computer.

That should do it!

Reference:

Microsoft

Conclusion:

Enabling or disabling the “Shield up” mode in Windows Firewall is a straightforward process that enhances your system’s security. You can effectively mitigate risks during active threats by blocking all incoming connections. Here are the key takeaways:

  • Versatile Options: You can enable or disable “Shield up” mode through the Windows Security app, Control Panel, or Windows Registry.
  • Complete Protection: Activating this mode overrides allowed app exceptions, providing a higher level of protection against potential attacks.
  • User-Friendly Process: The steps involved are simple and can be completed in just a few minutes.
  • Versatile Profiles: The settings can be applied to various network profiles (Private, Public, Domain), allowing customization based on your security needs.
  • Reversible Changes: You can quickly revert the settings, giving you control over your firewall’s behavior.

Following the steps outlined in this article, you can ensure that your Windows 11 device remains secure and less vulnerable to unauthorized access.

Richard Avatar
Richard
Richard, the owner and lead writer at Geek Rewind, is a tech enthusiast passionate about simplifying complex IT topics. His years of hands-on experience in system administration and enterprise IT operations have honed his ability to provide practical insights and solutions. Richard aims to make technology more accessible and actionable. He’s deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions. He enjoys watching football, cheering for the Minnesota Vikings, and spending time with his family when he’s not writing or managing Geek Rewind.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *