I asked if it was hostile and asking is done because I don't know. I'm sorry that my wording upset you.

Windows firewall does not appear to have similar features. A vscode extension connecting to a host I run is okay, connecting to a random domain is not okay and I don't see anything at all in windows firewall to notify me about individual connections. Please advise me on where this functionality is if I'm just missing it.

And there's a lot about little snitch that I actively dislike, but its features are extremely useful. I'd love to have those on windows as well.

As others have linked me similar software, I will explore those.

Windows Firewall can allow or block domains.

It doesn't have "allow but notify," if that's what you're looking for.

Thanks, I'll look more into this.

With little snitch, I use "notify and I select allow or deny". And it works for ip addresses (4 and 6) as well as domains. It's a powerful system, but if I can get similar with domain allowlisting, that would be a worthwhile improvement.

I've never used little snitch but I'm betting Simplewall is what you probably want on Windows.

The problem is you used a https://en.wikipedia.org/wiki/Loaded_question

> The built in Windows Firewall does this. No need to pay for a 3rd party magic app.

I'm not a macOS user anymore, but when I was, Little Snitch did more than just block/allow all connections a program makes. You get a popup/window for each connection attempt, and can whitelist the process, domain, specific address, port and more.

Is this really how Windows Firewall works? Because I've used Windows for more than two decades, and I only remember a boolean "allow/disallow" based on the program itself, when it tries to make a connection, then you see nothing else unless you manually go and dig into the configuration/rules. Have I been missing out on something?

Windows Firewall Control, now owned by Malwarebytes, adds notification on connection attempt as a feature, while leaving windows firewall running intact.

I've never been fully satisfied with software firewalls, but WFC comes close.

Weird, why does a search show this is from https://www.binisoft.org/wfc. How is this associated with Malwarebytes except the use of their name and logo? I would trust this a lot more if it was hosted by Malwarebytes and not a link on their forum https://forums.malwarebytes.com/topic/296798-malwarebytes-wi...

It is absolutely not how Windows work.

It absolutely is, if you take a moment to set it up. By default outgoing connections that don't match a rule are allowed. It's very easy to change the settings to disallow by default, and to set up rules based on "process, domain, specific address, port and more".

In Windows Defender Firewall settings right click Outbound Rules, click New Rule. Choose the type of rule (Program, Port, Predefined, Custom). You can apply the rule to a program / set of programs, a service or globally. You can apply it by protocol, port, IP, specific network interfaces etc. The only thing I can't find that was mentioned in GP is rules based on domain/address - I'm not sure if this is a limitation of the firewall or I'm just too dumb to find it.

You skipped the "you get a popup" part, which is an important and missing feature. Windows firewall only does popups for opening ports.

You'll get a popup to allow it, but it's on/off. But you can manually create rules for each .exe as well.

Windows Filtering Platform does it. Windows Firewall barely taps WFP's potential and definitely does not do the whole "ZoneAlarm" style allow/deny thing.