Hi, thanks in advance for your time; anyone reading this. I am running Windows 10 64-bit addition, version 22H2, build 19045.2604, feature pack 120.2212.419 0.0 installed on February 24th 2023 and have all the windows updates and everything done after a fresh install.
I then configured the Windows firewall how I would like it to be set up by deleting all the incoming connection exception rules and replacing them with a single "block all" rule I created from scratch. I also set up all three profiles in the options (domain, private and public) to "block all incoming connections" as well as to block outbound connections that don't match a rule on the list.
I then went to the outbound connection exceptions rule page and after deleting all of the pre-made rules in the list except for the "Core Networking DNS UDP-Out" rule for svchost.exe, proceeded to create a custom allow exception rule for Google Chrome.
Next, I left the PC for 5 minutes or so and came back to the same screen and just to double check that I had set up both rules correctly, clicked on the inbound rules tab again. I was surprised to see two new allow rules had been created in the inbound exceptions page. One for Windows search; accepting all inbound connections on every port and protocol from any IP address for that application package and the same for Microsoft Edge.
I immediately deleted both rules and clicked back to the outbound rules page to refresh it and sure enough both rules were also created in the outbound rules with similar characteristics for the same application packages. I deleted those as well, then decided to wait and see if it would happen again.
It did.
After waiting 5 minutes or so, all I had to do was refresh the page and the rules had reappeared. I had done nothing at all, not even moving the mouse during that time.
I decided at this point to disconnect my Ethernet cord from my computer. Then refreshed both pages to make sure that the rules were still not there after having physically disconnected the ethernet cable from my PC, and they weren't..... yet... ...
I should also clarify at this point that nothing about my computer or motherboard, or anything connected to it in any way, is wireless capable (WiFi, Bluetooth, etc.) so there is no other network connection besides the now disconnected ethernet cable...
I waited 5 to 10 more minutes, not touching the PC whatsoever during that time, and refreshed both pages. Sure enough both rules were re-created in their entirety exactly as they had been before.
This time I decided not to delete the rules, but instead changed both rules to the block configuration instead of allow and besides that one change to both rules, left everything else exactly the same. I then waited 5 to 10 minutes again before refreshing both pages.
Are you surprised to hear that something had changed both rules back to allow, or replaced the rules with the same allow rules it had before, leaving no trace of the changes I made? All this time, having been offline, with nothing going on in the background or any programs running etc, not even moving the mouse between reconfiguring both rules from allow to block and then refreshing the pages.
Next, I copied both rules so there was two of the same exact rule in both inbound and outbound pages for each individual re-created rule and then reconfigured both the copy and the original to block instead of allow. I waited 5 to 10 more minutes, refreshed both pages, and something had deleted the copies of the rules that I'd made, and replaced both the block rules with one allow rule for each again as it had before.
This is not the first time this has happened. In fact this has happened off and on every time I've installed Windows 10 and used Windows firewall. It's not always these two apps or programs or packages or whatever they call them these days that do this. Sometimes it's different ones randomly, like calculator, etc....or other apps that have no reason for, or even functions that require getting online in the first place.
I have also gone and disabled the windows search service and all services pertaining to that function, and the rules are still re-created. Even the services reactivate themselves shortly thereafter, without ever having reset the computer or doing anything. I've even deleted the services out of the registry using an elevated instance of regedit, running under authority of the trustedinstaller user account, because the administrator, system, and my own personal user account seemingly lacked the privileges to do so even though the group policy user writes assignment says they should have been able to. (Which I did check as well to make sure) The services repeatedly re-create themselves in the registry, and re-enable themselves as well shortly thereafter.
Why is this? Please, nobody answer with a generic response. I do appreciate your time, but please don't respond with anything like "is it affecting you negatively in some way" or "why is it a problem" etc etc?... I think there's a deeper issue here that needs to be addressed and I would like a serious answer from somebody that can give one of why this takes place in this manner. In fact, this operating system has many, many aspects of it, that these days, act more maliciously than any of the malware that I've ever been infected with. They waste more of my time than any virus or other malware ever has, even all of them combined and then some, guaranteed... cost me more data and precious time of mine (that I can't get back) being to be lost because of aspects like this programmed into the operating system for seemingly no purpose but to do just that.... act maliciously; waste my time having to repeatedly redo changes that I make specifically to stop them from happening. They serve me no purpose, and often, if not always, open my computer up unnecessarily to the possibility of any number of attacks by any number of ways that people would quite be easily be able to take advantage of these vulnerabilities that Microsoft, for some reason, forcefully overrides me trying to undo and secure against, every time wasting countless hours of my time over and over again.
Hoping for a serious response. So if you can't give one, please refrain from responding at all. Either way though, thanks again for your time if you read this entire thing. Hoping anyone who has read this far is doing well, and continues to be so.
Thanks again for your time,
Nick W.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
