Windows 10 Firewall Basic Features
All versions of Windows 10 ship with a decent and capable, but not foolproof, stateful firewall named Windows Firewall (WF). At the risk of oversimplifying a bit, a stateful firewall is an inbound firewall that remembers.
A stateful firewall keeps track of packets of information going out of your computer and where they’re headed. When a packet arrives and tries to get in, the inbound firewall matches the originating address of the incoming packet against the log of addresses of the outgoing packets to make sure that any packet allowed through the firewall comes from an expected location.
Stateful packet filtering isn’t 100-percent foolproof. And you must have some exceptions so that unexpected packets can come through. But a stateful firewall is a fast reliable way to minimize your exposure to potentially destructive probes from out on the big bad Internet.
The WF inbound firewall is on by default. Unless you change something, Windows Firewall is turned on for all connections on your PC. For example, if you have a LAN cable, a wireless networking card, and a 3G USB card on a specific PC, WF is turned on for them all. The only way Windows Firewall gets turned off is if you deliberately turn it off or if the network administrator on your Big Corporate Network decides to disable it by remote control or install Windows service packs with Windows Firewall turned off.
In extremely unusual circumstances, malware (viruses, Trojans, whatever) have been known to turn off Windows Firewall. If your firewall kicks out, Windows lets you know loud and clear with balloon notifications near the system clock on the desktop, toaster notifications from the right on the Start screen, and a crescendo from Ride of the Valkyries blaring on your speakers.
You can change WF settings for inbound protection relatively easily. When you make changes, they apply to all connections on your PC. On the other hand, WF settings for outbound protection make the rules of cricket look like child’s play.
WF kicks in before the computer is connected to the network. Back in the not-so-good old days, many PCs got infected between the time they were connected and when the firewall came up.