How do you block selected applications from accessing the internet (C++, Win32)
Solution 1
You can change both Vista and XP's firewall policies dynamically using the INetFwAuthorizedApplications interface from the Windows Firewall API.
Also see this question.
Solution 2
You'll have to write a device driver that filters traffic based on the executable requesting the traffic.
Solution 3
by limiting its access to internet using firewall. go to firewall setting advanced tab (win 7) and do that
Related videos on Youtube
23 : 54
06 : 38
03 : 23
02 : 56
04 : 53
02 : 46
02 : 43
01 : 59
Geraint
All around easy going person who loves software development, learning new things, good food and drink, and DIY. Intrigued by the maker movement. Fascinated by the art of graphic design. Like to get my hands dirty in other disciplines. Know enough about some things to be really good at it. In other cases, know enough to be dangerous. I sometimes ask dumb questions. Bare with me.
Updated on November 24, 2020Comments
-
Geraint over 3 years
I want to have an application or service that is running that, on some schedule, can disable access to the internet for all applications except for specific ones.
I'm trying to create a filter that can be turned on or off under programmatic control. Not just IP addresses and ports, but I want to be able to block specific applications as well, much like Zone Alarm and other software firewalls let you block.
For example, iexplore.exe, skype.exe, firefox.exe, aim.exe. But still need to allow other applications to connect as needed.
It has to work on Vista as well as XP, but I kind of expect that the method will be different on each of those platforms.
Basically, the filter has to tie the network communication back to the executable that is making the request and then allow or deny it.
Update:
On Vista at least, it looks like I want to use filters in the ALE layers of the WFP.
On XP, I'm still looking for the best way to do it. Do I really need to be writing device drivers and dealing with kernel stuff? I'm just a lowly application developer. Kill me now.
Update 2:
Currently looking at the PfCreateInterface and related Pf* API's for pre-Vista systems.
-
Geraint over 15 yearsIt has to run in limited and administrator accounts in Windows. I'm not trying to prevent all applications from executing. I just want the attempt to access the internet by the application to fail (ie, drop the packets or refuse the connection)
-
Jesse Pepper over 15 yearsA single application can be run as a different user than the currently logged in user. -
Jesse Pepper over 15 years... that is, if you know the programs that you're talking about, you can put the executables somewhere where the normal user doesn't have access to them, and then provide access to each locked-down application only through a shortcut that run's it as the locked-down user.
-
Geraint over 15 yearsI appreciate the suggestions. But I can't move apps around creating shortcuts, etc. "my app" will be installed on machines where it won't even know what apps will be trying to access the internet. Firefox could be up, with access now, but at 8pm, it no longer has access. Next http request blocked.
-
Head Geek over 15 yearsNice idea, but since Windows 2000, the OS has code to prevent that kind of thing, so malware can't replace system files. It could also cause problems with upgrades.
-
Geraint over 15 yearsNot to mention, if this was a good way to do it, then what's to stop another app from installing their version of winsock and essentially disabling mine.
