Share via

Why does Windows Firewall let inbound traffic from an IP get thjrough to MalwareBytes?

Charles Brauer 61 Reputation points
2021-02-18T16:28:59.243+00:00

Hello,

I am trying to block all incoming network traffic from an IP address.

I’m running on Windows 10 Professional (version: 20H2) and MalwareBytes 4.3.0.98).

My concern is that after defining an Inbound Rule on Windows Firewall, traffic is getting through to MalwareBytes. How can this be? Why doesn’t the firewall block the traffic? Here is a screen capture that shows the problem:

69691-image.png

Here is what I have done to define the Inbound Rules. Below are the screens that defined the rule:

  1. The rule type is custom:

69672-image.png

  1. Program:

69711-image.png

  1. Protocol and Ports: 69712-image.png
  2. Scope 69731-image.png
    1. Action:
    69722-image.png
    1. Profile:
    69692-image.png
    1. Name:

69741-image.png

And my Inbound rule is now defined.

Any suggestions will be greatly appreciated.

Charles

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
0 comments
Accepted answer
  1. Anonymous
    2021-02-19T04:36:59.827+00:00

    Hi,

    Thanks for posting in Q&A platform.

    I have tested in my lab, and found that the method you provided worked well in my lab. I added a new rule in Inbound rules to block the traffic from specific IP. And then I initiated ping and access to the shared folder on local machine from the remote machine with the specific IP, all these actions were failed which means the rule in Inbound rules in Windows firewall was taken effect.

    Based on my knowledge, the traffic can be detected is a normal behavior. The traffic from the specific IP can send to our local machine and our machine can receive this traffic, but since we have enabled inbound rule in windows firewall to block traffic from this IP, this traffic will be dropped by the rule in firewall.

    If we need the specific IP cannot sent the traffic to our local machine, I would suggest you located to the device with the specific IP and block the outgoing traffic from its side.

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Antonio Arias Sánchez 6 Reputation points
    2023-09-13T12:08:31.64+00:00

    Hello, we are expericiencing the same issue.

    On Sunny Qi response, the question is not wether Windows Firewall manages to block the incoming connections, but why, in the first place, Malwarebytes continues to see them coming thru. This could only means that Malwarebytes is sitting before Windows Firewall, which is not what I would expect!

    0 comments
  2. matteo di stefano 0 Reputation points
    2023-09-21T13:53:53.45+00:00

    Same problem for me.

    Is possible to put Malwerbytes behind the Windows Firewall in packet analysys flow ?

    Thanks

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.