Regularly some Windows Update packages silently re-enable firewall rules, both Inbound and Outbound, is there a way to disable a rule for good or to remove from Windows Update the right to alter firewall rules?
(deleting rules does no good, Windows Update will recreate them)
Exemple of "frivolous" rules that keep re-enabling themselves: Windows Reading List, MSN Sports, Solitaire Collection, Get Office etc.
This is for a Windows 10 machine on a semi-public network, and AllJoyn, cast servers or various XBox ports are never ever going to be anything but security liabilities.
Best Answer
TL;DR: It's not possible to stop programs with Administrator access from changing firewall rules. Windows Firewall Control is a program that will automatically delete or disable Windows Firewall rules that you didn't approve by using the Secure Rules functionality.
The problem is that any program that runs with Administrator privileges is allowed to silently change Windows Firewall rules. Windows Update is joined by Firefox, Chrome and many others that feel entitled to ensure that they can send and receive network traffic without asking your permission.
The best solution I've found has been to use Windows Firewall Control (WFC) which has been acquired by Malwarebytes as of 2018. While there are a number of other products that provide a better interface on top of the Windows Firewall, this is the only one I've found that solves the problem you raise. It has functionality that it calls "Secure Rules" which will automatically disable any rules that were not created by the specific authorized groups. I have it so just Windows Firewall Control is allowed to create rules. According to the user guide, the way it works is for Windows Firewall Control to be notified when new rules are created and it will disable them if they're not in the right group.
When Chrome is updated, it tries to add a rule. The rule is created but automatically disabled but WFC.
A few other notes: