I recently had a need to create local firewall rules for certain executables which would block all outbound traffic for those executables. Whilst not particularly difficult I thought it would be useful to be able to do so from a “right-click” option.
There seemed to be a lot of things on the web about this but as a little pet project I decided to write my own method. This is the end result.
Firstly created a directory to hold your scripts , in the following scripts the directory is :
C:\Scripts\FirewallBlockIn that directory create a file called BlockFile.ps1 , this is the script which creates the outbound firewall block rule for the selected executable. The script ensures the command is run from an elevated session. The contents of the script should be :
Function Check-RunAsAdministrator()
{
#Get current user context
$CurrentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
#Check user is running the script is member of Administrator Group
if($CurrentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator))
{
Write-host "Script is running with Administrator privileges!"
}
else
{
#Create a new Elevated process to Start PowerShell
$ElevatedProcess = New-Object System.Diagnostics.ProcessStartInfo "PowerShell";
# Specify the current script path and name as a parameter
$ElevatedProcess.Arguments = "& '" + $script:MyInvocation.MyCommand.Path + "'" + " " + $filetobeblocked
#Set the Process to elevated
$ElevatedProcess.Verb = "runas"
#Start the new elevated process
[System.Diagnostics.Process]::Start($ElevatedProcess)
#Exit from the current, unelevated, process
Exit
}
}
$filetobeblocked=$args
#Check Script is running with Elevated Privileges
Check-RunAsAdministrator
Write-Host "The file path that will be blocked is $($filetobeblocked)"
$filename = $filetobeblocked.split("\")[-1]
New-NetFirewallRule -DisplayName "Custom Outbound File Block - $filename" -Description "Custom Rule created from context menu" -Direction Outbound -Program "$($filetobeblocked)" -Action Block
start-sleep -seconds 2Next , In that directory create a file called UnBlockFile.ps1 , this is the script which deletes the outbound firewall block rule for the selected executable. The script ensures the command is run from an elevated session. This script makes use of the description added to the rule. Should you change the description in the “Block” script, you should change it to match in the “UnBlock” script. The contents of the script should be :
Function Check-RunAsAdministrator()
{
#Get current user context
$CurrentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
#Check user is running the script is member of Administrator Group
if($CurrentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator))
{
Write-host "Script is running with Administrator privileges!"
}
else
{
#Create a new Elevated process to Start PowerShell
$ElevatedProcess = New-Object System.Diagnostics.ProcessStartInfo "PowerShell";
# Specify the current script path and name as a parameter
$ElevatedProcess.Arguments = "& '" + $script:MyInvocation.MyCommand.Path + "'" + " " + $filetobeunblocked
#Set the Process to elevated
$ElevatedProcess.Verb = "runas"
#Start the new elevated process
[System.Diagnostics.Process]::Start($ElevatedProcess)
#Exit from the current, unelevated, process
Exit
}
}
$filetobeunblocked=$args
#Check Script is running with Elevated Privileges
Check-RunAsAdministrator
Write-Host "The file path that will be unblocked is $filetobeunblocked"
$matchingapprules = Get-NetFirewallApplicationFilter -Program "$($filetobeunblocked)" | Get-NetFirewallRule
$wantedrules = $matchingapprules | Where-Object Description -eq "Custom Rule created from context menu"
$x=0
foreach ($rule in $wantedrules){
$DisplayName = $rule.DisplayName
Write-Host "Removing Rule $DisplayName"
Remove-NetFirewallRule $rule.Name
$x++
}
Write-Host "$($x) rule(s) removed. "
start-sleep -seconds 5Finally, in a directory create a “reg” file, add_firewall_block_unblock.reg, which when imported in the registry (just double-click the file) will create the context menus. The contents of the reg file are:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\Outbound Firewall Block - Add]
[HKEY_CLASSES_ROOT\*\shell\Outbound Firewall Block - Add\command]
@="powershell.exe -ExecutionPolicy Bypass -File \"C:\\Scripts\\FirewallBlock\\BlockFile.ps1\" \"%1\""
[HKEY_CLASSES_ROOT\*\shell\Outbound Firewall Block - Remove]
[HKEY_CLASSES_ROOT\*\shell\Outbound Firewall Block - Remove\command]
@="powershell.exe -ExecutionPolicy Bypass -File \"C:\\Scripts\\FirewallBlock\\UnBlockFile.ps1\" \"%1\""And that is it. Once the directory and files have been created and the registry keys imported you should have two new context menus:
Just choose an executable, right click and select the “Add” option to create the outbound block rule and when finished select “Remove” to delete the rule.
The files as detailed above can be found at : Efforts/FirewallBlock at main · CluelessAtCoding/Efforts · GitHub
Should you modify any entry names, script name, file paths etc just make sure you modify all references.
13th August 2025: Edit – Updated both block and unblock scripts to handle paths with spaces.
Tech Babble 