Windows – If you block an .exe file in Windows Firewall, are you also blocking the .dll files it uses or it needs to be done separatly

firewallmalwareSecuritywindowswindows firewall

Let's consider this scenario:

There's some X software downloaded from the internet with one .exe file and several .dll files.
The .exe file is prevented from accessing the Internet by using Windows Firewall.
One of the program's .dll files is infected by malware.

By blocking the .exe file, is the executable code it calls from the .dll files also blocked? Or should I manually block every single file that looks like it has executable content? More generally, how does Windows Firewall work in cases like theses?

Thanks!

Best Answer

When Windows runs an executable, it may import some .DLL's. It may also import .DLL's later.

When you block an executable, you prevent it from importing any .DLL's that it would normally import.

HOWEVER, you do NOT prevent other applications from importing those .DLL's.

Some applications come with their own .DLL's, some instal shared .DLLs, and Windows has a plethora of .DLLs it makes available to any .exe as part of the Windows API.

Also, it is possible for a .DLL to practically be an executable and invokeable with rundll32.exe or through some other mechanism of the Windows API.

If you are whitelisting .exe's, you should whitelist .DLL's as well.

Best Answer

Related Solutions

Windows – Can’t block a specific application in Windows 7 Firewall

Windows – How to block Spotify with Windows Firewall

Related Question