Huntress uses Windows Filtering Platform or Windows Group Policy (GPO) as a fallback mechanism to manage the host firewall. The rules applied by Huntress block all inbound and outbound network connections unless the connection is destined for a Huntress service (the Huntress agent + updater) or other essential services (DNS + DHCP).
The Windows Filtering Platform (WFP) is a set of API and system services that provide a platform for creating network filtering applications. WFP is a development platform and not a firewall itself. The firewall application that is built into Windows Vista, Windows Server 2008, and later operating systems is implemented using WFP.
Huntress uses WFP API calls to manage the host firewall by creating filters to block traffic that is not destined to Huntress.io.
The WFP API consists of a user-mode API and a kernel-mode API. Currently Huntress leverages the user-mode APIs. Later this year we will implementing a kernel-mode driver that can take advantage of those kernel-mode APIs, making our host isolation solution even more robust!"
Note: Hosts that are joined to a Windows Domain may require a reboot to release a host from GPO based isolation.
Note: Windows Group Policy (GPO) will be used as fallback if WFP fails OR if the host does not support WFP isolation (Supported Operating Systems / System Requirements)