Completely disable internet connection except for browser and bittorrent

Windows itself can do this. Just set the default rule for outbound connections to Block instead of Allow in Windows Firewall with Advanced Security (When you open the menu, right click and go to Action->Properties on the dropdown menu).

enter image description here

Once you have set it to block just remove/disable all of the outbound and inbound rules. Then make program rules for the only programs you want to be set to Allow. After that all programs will be blocked except what the one or two programs you want.

(P.S. You are going to want to allow AVG to update it's virus definitions too or else you will quickly become vulnerable to viruses and whatnot (same for windows update))


Continuing where the other answer left off,

first of all, "Windows Firewall with Advanced Security" is a management console snap-in, so it can be started with running "mmc" and adding that snap-in. Also, when disabling the firewall note that there is similar rule in all "Domain profile", "Private profile" and "Public profile" tabs. Check them all.

I experienced that setting up outbound rules might not be that trivial. When setting the rule (though right-hand side "Actions" -> "New rule..."), it might not be that clear what executable your software is using when connecting. By default Windows Firewall does not tell you which software it has blocked so you'd know and could enable it if you'd want to.

One option is to enable firewall logs. However, that will only tell you connection information like this:

2017-08-14 11:48:09 DROP UDP 192.168.0.103 224.0.0.251 5353 5353 0 - - - - - - - SEND

To get information on which application was it, you need to enable audit logs for filtering platform:

  1. open cmd.exe as administrator
  2. run auditpol.exe /get /subcategory:"{0CCE9225-69AE-11D9-BED3-505054503030}" or auditpol.exe /get /category:* to get your localized name for the category you wish to set
  3. enable audit logs for blocked packets: auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:enable. subcategory name might be localized, hence the command above.
  4. set the firewall to block the connections and start application you have trouble with
  5. disable audit logs: auditpol.exe /set /subcategory:"Filtering Platform Packet Drop" /failure:disable
  6. find your software from event viewer -> Windows logs -> Security using Find
  7. make a firewall rule for it

Audit logs look something like this, and Find can be used for any word in it:

The Windows Filtering Platform has blocked a packet.

Application Information:
    Process ID:     10672
    Application Name:   \device\harddiskvolume2\program files (x86)\google\chrome\application\chrome.exe

Network Information:
    Direction:      Outbound
    Source Address:     192.168.126.1
    Source Port:        53939
    Destination Address:    239.255.255.250
    Destination Port:       1900
    Protocol:       17

Filter Information:
    Filter Run-Time ID: 699893
    Layer Name:     Connect
    Layer Run-Time ID:  48

Tags:

Networking

Windows 7

Firewall

Bittorrent

Recent Posts