How to add exceptions to Windows 11 and Windows 10 firewall

When having problems connecting a program to the Internet, some users turn off the Windows Firewall completely, but this is not the best solution from a security point of view. It may be preferable to add such a program to the list of allowed programs.

This step-by-step tutorial details the ways to add exceptions to the Windows 11 or Windows 10 firewall (the ways will also work for earlier versions of the system). Also useful: How to reset Windows Firewall.

Add a program to firewall exceptions in the Windows Security window or through Control Panel

The first method is to use the new Windows Firewall management interface in the Windows Security window or Control Panel.

The steps to add a program to the firewall exceptions would be the following:

  1. Open the Windows Security window, you can do this by using the Microsoft Defender icon in the notification area or Options (path in Windows 11: Privacy and Security – Windows Security – Open Windows Security service.
  2. Open “Firewall and network security”.
  3. Click on “Allow the app through the firewall” below the list of network profiles.
  4. Instead of doing steps 1-3, you can open Control Panel, open “Windows Defender Firewall”, and then click the link “Allow interaction with an application or component of Windows Defender Firewall” .
  5. In the window that opens, click "Change settings" (this requires administrator rights).
  6. If the required app is not listed (if it is, simply check the boxes for the required networks to allow it to work with the network), click “Allow another app”.
  7. Press the "Browse" button and specify the path to the desired application.
  8. Click the “Network Types” button and check the networks that the software should be able to work with.
  9. Click the "Add" button.

The program will be added to the list of allowed programs in the firewall, just click "OK" for the settings to be applied.

Add a port or program to exceptions in the Windows Firewall Defender firewall monitor in high security mode

Another way to add programs and ports to Windows 10 and Windows 11 firewall exceptions is Firewall Monitor in high security mode.

  1. Press the keys Ctrl + R, enter wf.msc and press Enter, or open “Windows Firewall Protector” in Control Panel and then click “Advanced Settings” in the left panel.
  2. In the left pane, select "Rules for incoming connections" or "Rules for outgoing connections" (often you need to configure both).
  3. In the right panel, click on “Create rule”.
  4. Specify for which program or port the rule should be created and click "Next".
  5. Specify the program path or protocol and port numbers for the rule. Click Next".
  6. Select "Allow connection" so that the connection is not blocked for the selected port or program. Click Next".
  7. Select which network profiles the rule will apply to.
  8. Specify a name and, if necessary, a description for the created rule. Click the "Done" button.

This will allow traffic for the selected port or program; if necessary, create a similar rule for another type of connection (for incoming instead of outgoing or vice versa).

Add Firewall Exceptions Using the Command Line

If you run the command line as an administrator, you can use the following commands to allow network access for a program or to open a specific port.

For a program. The first command allows incoming connections and the second allows outgoing connections, in both cases for all network profiles:

netsh advfirewall firewall add rule name="Rule_name" dir=in action=allow program="path_to_program" enable=yes netsh advfirewall firewall add rule name="Rule_name" dir=out action=allow program="path_to_program" enable=yes

For the port. The first command is for incoming connections and the second for outgoing connections:

netsh advfirewall firewall add rule name="Rule_name" dir=in action=allow protocol=TCP localport=port_number
netsh advfirewall firewall add rule name="Rule_name" dir=out action=allow protocol=TCP localport=port_number

Help for adding firewall rules using the command line can be obtained using the command

netsh advfirewall firewall add rule ?

If you still have doubts about the subject, you can ask them in the comments of this article, I will try to find a solution.