How to prevent applications from modifying Windows 7 firewall policy
Yes, but the computer will not allow any local exceptions not set by group policy.
I am going to assume you are not on a domain but if you are it is very similar it will just be a domain policy instead of a local policy.
First, you must open the local group policy settings by opening MMC
going to File->Add/Remove Snap-In...
and adding the Group Policy Object Editor
for your local computer.
From there navigate to Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile\
and there are two settings you want to set to disabled
, Windows Firewall: Allow local port exceptions and Windows Firewall: Allow local program exceptions.
Once those are set you can no longer make any changes to the windows firewall using the Windows API, including going in by hand and editing it via advanced settings. If you want to enable an exception you will need to do it through the group policy now. You can set the rules up in Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security - Local Group Policy Object
. These rules will be the only rules in effect on your system.
If you are on a domain you just need to use the domain group policy tools instead of the local ones.