Description
Adds persistent WFP outbound-block rules (IPv4 + IPv6) for a specific executable path, preventing it from making any outbound network connections.
Overview
This script calls Block-WfpProcess to install two persistent Windows Filtering Platform outbound-block rules — one for IPv4 and one for IPv6 — for the specified executable. Unlike Add-WfpBlock which targets known EDR processes automatically, this script lets you block any arbitrary executable by full path.
The rules are persistent and survive reboots. Use Remove-WfpFilter with the returned FilterIdV4 and FilterIdV6 values, or Remove-WfpBlock to remove all rules at once.
Pre-Requisites
- High integrity (Administrator) process
Dependencies
- Firewall
Parameters
| Parameter | Type | Description |
|---|---|---|
| Path | string | Full Win32 path to the executable to block (e.g. C:\Windows\System32\curl.exe). |
Example Output
FilePath : C:\Windows\System32\curl.exe
FilterIdV4 : 65541
FilterIdV6 : 65542
ErrorCodeV4 : 0
ErrorCodeV6 : 0
AppIdError : Success