Powershell Script to block a current folder and all subfolder exe files
Posted: Sat Nov 23, 2024 8:15 pm
Some apps and programs installed on a Windows 10 or 11 system have serious privacy issues. One of the most best tools to use is the windows explorer and search in a folder for all *.exe files, which works well. Then drop thm into Firewall App Blocker by CTRL+A all of the found exe files per folder and subfolder and then drop them into OUTGOING to block them and INCOMING as well (the interface of FAB has an outgoing and incoming button to show this).
The main problem is that after a few hundred files, it just slows to a crawl even on an NVME ssd. So, why not script windows to do the same thing? At first a script per folder for it's subfolders seems perfect, but then what if there are 5, 10 even 20 places with subfolders that should be blockd on windows firewall? Hard coding the folder address in a variable in powershell is possible but slow, and saving and running in Program Files or Program Files (x86) requires elevation each time.
So, instead, just make a dynamic on the fly "this folder and all it's subfolders" script. Here's an example I made:
This works well for adobe that snoops even on free programs. Then again everything they do is going to be online and have libraries and AI so this is just an example for older stuff you want to not constantly send data back and forth for no apparent reason via any company.
Imagine this for:
Program Files\Adobe
Program Files\Common Files\Adobe
Program Files (X86)\Adobe
Program Files (X86)\Common Files\Adobe
and the CC folders too and their subfolders. It's almost like running you get from them offline for original non ai work is an essential process the more and more .exe files are just dumped into the OS.
to save this into any folder you have to allow it as an administrator, and to edit it, same thing, run notepad++ or notepad as administrator before editing or saving what you do
Learn more about what the call to find the current folder the script is being run in here:
https://stackoverflow.com/questions/174 ... -i-execute
by Aaron Jensen
The main problem is that after a few hundred files, it just slows to a crawl even on an NVME ssd. So, why not script windows to do the same thing? At first a script per folder for it's subfolders seems perfect, but then what if there are 5, 10 even 20 places with subfolders that should be blockd on windows firewall? Hard coding the folder address in a variable in powershell is possible but slow, and saving and running in Program Files or Program Files (x86) requires elevation each time.
So, instead, just make a dynamic on the fly "this folder and all it's subfolders" script. Here's an example I made:
This works well for adobe that snoops even on free programs. Then again everything they do is going to be online and have libraries and AI so this is just an example for older stuff you want to not constantly send data back and forth for no apparent reason via any company.
Imagine this for:
Program Files\Adobe
Program Files\Common Files\Adobe
Program Files (X86)\Adobe
Program Files (X86)\Common Files\Adobe
and the CC folders too and their subfolders. It's almost like running you get from them offline for original non ai work is an essential process the more and more .exe files are just dumped into the OS.
to save this into any folder you have to allow it as an administrator, and to edit it, same thing, run notepad++ or notepad as administrator before editing or saving what you do
Code: Select all
# fw_current.ps1 v1.0 by kristoffe.brodeur. ©2024 All rights reserved.
# 11/23/2024
# firewall block all in current folder and subfolders without hardcoding it
#
# Set the path of the folder you want to scan
# $folderPath = "C:\Program Files\Adobe"
$folderPathCurrent=Split-Path -Parent -Path $MyInvocation.MyCommand.Definition
# Get all .exe files in the folder and its subfolders
$exeFiles = Get-ChildItem -Path $folderPathCurrent -Recurse -Filter *.exe
foreach ($file in $exeFiles)
{
# Block incoming traffic for the exe
New-NetFirewallRule -DisplayName "Block Inbound - $($file.Name)" -Direction Inbound -Program $file.FullName -Action Block -Profile Any
# Block outgoing traffic for the exe
New-NetFirewallRule -DisplayName "Block Outbound - $($file.Name)" -Direction Outbound -Program $file.FullName -Action Block -Profile Any
}
# Write-Output "Firewall rules applied for all .exe files in $folderPath and its subfolders."
Write-Output "Firewall rules applied for all .exe files in $folderPathCurrent and its subfolders."
Learn more about what the call to find the current folder the script is being run in here:
https://stackoverflow.com/questions/174 ... -i-execute
by Aaron Jensen