You may want to occasionally reset Windows firewall settings or rules to clear any unused entries there in the aftermath of malware attack and removal, or when some of the networking features don’t work due to misconfiguration of the Windows Firewall.
Windows Firewall has predefined Inbound and Outbound connection rules for built-in programs and services. In addition, applications create additional custom firewall rules as necessary. But, over time, some of those custom firewall exceptions (rules) may become obsolete, as the user may uninstall the corresponding programs from the system.
This article tells how to backup your existing Windows Firewall rules, and then restore the default rules or settings — using Windows Firewall (with Advanced Security) console or using the Netsh.exe command.
Screenshots in this article are taken from a Windows 10 PC. However, the information in this article applies to all versions of Windows, from Windows Vista through Windows 11.
- Opening Windows Firewall (with Advanced Security) console
- Backup and Restore Windows Firewall Using GUI
- Backup and Restore Windows Firewall Using Netsh
- Reset Windows Firewall Using GUI
- Reset Windows Firewall Using Netsh
- Reset Windows Firewall Using PowerShell
- Unrecoverable Windows Firewall error (0x3) when resetting
- Firewall Error 0x6d9 “The snap-in failed to load” (opens new page)
You can start Windows Firewall (with Advanced Security) console by launching “wf.msc” from the Run dialog (Win + R).
In Windows Firewall (with Advanced Security) console, select the topmost item, “Windows Firewall with Advanced Security on Local Computer”, in the left pane.
Right-click on it and click “Export Policy…”. In the save dialog, mention the file name and save it. The file will have the extension .wfw (Windows Firewall – Policy file).
Likewise, you can use the “Import Policy…” option to import settings from an existing .wfw file.
To exports the current Windows Firewall settings to a file using command-line, open Command Prompt as administrator, and type:
netsh advfirewall export "c:\advfirewallpolicy.wfw"
The above command saves the current firewall settings to a file named “advfirewallpolicy.wfw” on your D:\ drive. Alter the file name and path as desired.
Similarly, to import the firewall rules from an existing .wfw firewall policy file, use the “import” parameter of Netsh.exe.
netsh advfirewall import "c:\advfirewallpolicy.wfw"
In the Windows Firewall (with Advanced Security) console, select the topmost item, “Windows Firewall with Advanced Security on Local Computer”, in the left pane.
Right-click on it, and click Restore Default Policy.
Click Yes when you see the following message.
Restoring the default policy will reset all changes to settings of Windows Firewall that you have made since Windows was installed. This may cause some programs to stop working. If you are remotely managing this computer, the connection will be lost when default policy is restored. Do you want to continue?
Open Command Prompt as administrator. Type the following command and press ENTER
netsh advfirewall reset
You should see the text “OK” in the output.
Quick Tip: Backup and Reset using a single command-line
To backup the existing Windows Firewall settings to a file and reset the Windows Firewall, use the following command:
netsh advfirewall reset export "c:\advfirewallpolicy.wfw"
Start PowerShell as administrator, and run the following command to reset the Windows Firewall:
(New-Object -ComObject HNetCfg.FwPolicy2).RestoreLocalFirewallDefaults()
After resetting, some programs will ask you to add firewall exceptions for them to work correctly. Here is a Windows Security alert screenshot showing the message “Windows Firewall has blocked some features of this app” when launching Google Chrome.
All you need to do is click “Allow access” if you want to let the program access the internet.
You may sometimes receive the following errors when resetting Windows Firewall:
The following error may be shown (in Windows Firewall with Advanced Security):
Could not restore the default policy. Error: 3
And the Netsh command-line shows a similar error when resetting the Firewall:
Fix for unrecoverable error 3 (0x3) when resetting Windows Firewall
The above error(s) occur if the registry key that stores the default Windows Firewall rules set is missing — malware may have wiped out the key. To restore the Windows Firewall rules template, download w10_firewall_default_rules.zip (for Windows 10), unzip, and run the enclosed REG file.
This restores the required entries under the following registry key:
After applying the REG file, try resetting the Windows Firewall again.
One small request: If you liked this post, please share this?One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!