Windows 11 is Microsoft’s most secure OS, but it’s also very noisy out of the box. Telemetry, background updates, and third-party apps frequently connect to the internet without your permission. Privacy is one thing, but that’s not the only concern here; it’s the control. You can actually perform a complete Windows security audit, and you will be surprised by how much Windows does behind our backs.
While searching for the best security apps to prevent Windows from uploading my data behind my back, I discovered Simplewall. A tiny open-source Windows application that manages and controls the Windows Filtering Platform (WFP), which handles network traffic.
- OS
-
Windows
- Developer
-
henrypp
Simplewall is a lightweight, open-source firewall tool that masters the Windows Filtering Platform (WFP). It lets you block telemetry, whitelist apps, and harden security without the bloat, giving you absolute control over every connection leaving your PC.
What is Simplewall?
Hint: It’s not just another firewall
Simplewall is a major innovation, but we need to understand that it is not just a barebones firewall. It is a lightweight interface for the Windows Filtering Platform (WFP). WFP is the underlying tech baked into Windows that processes network traffic, but Microsoft’s native interface for it (Windows Defender Firewall) is clunky and buried in legacy menus.
WFP defaults to always Allow all outbound traffic for every app on your PC. Microsoft assumes you want all apps to connect to the internet freely to ensure convenience and automated background updates. Simplewall assumes the opposite. It thinks that you want absolutely no apps to connect to outbound traffic.
By hooking directly into the WFP, Simplewall lets you choose exactly which apps or services connect to the internet via a strict whitelist or blacklist. It removes the complex menus and toggles of Windows Firewall and presents you with a clear, real-time visual list of the apps and services requesting an internet connection.
Simplewall demystifies the fear of users who never interact with WFP, since it sounds like terrifying sysadmin territory. This app proves that you don’t have to be a paranoid nerd just to configure enterprise-grade packet filtering; you just need a tool that recognizes your intelligence.
Simplewall is the must-have for Windows security
Before I installed Simplewall, I thought Windows Defender Antivirus was enough to defend me against what’s coming, but after understanding how Microsoft uses Telemetry services, installing Simplewall became a must on every Windows PC I use. It changes how Windows interacts with the internet. And with some of its features that come out of the box, it ensured that no data was uploaded behind my back and made me more aware of the OS I was using.
The whitelist model
Windows Firewall operates on a blocklist model; it allows almost everything to connect to the internet unless you block it in the firewall settings. Simplewall works on a whitelist model. It only allows the apps and services you allow to connect to the internet.
You might think you will need to visit the app every time you install or launch a new app or service. Instead, after installing Simplewall, each time you run a new app or one you haven’t opened before, you’ll be asked whether you want it to connect to the internet.
If you hit yes, it adds the apps to the whitelist. And this process is one-time only, so once you add something to the whitelist, you won’t need to fiddle with the settings just to let it connect to the internet again.
Yes, it’s a bit tedious, but in the long run, the return on investment is massive. You are essentially severing the communication channels of malicious apps and services that try to install bloatware, run scripts, or, worst of all, infest your PC with malware.
Blocking Windows telemetry
Simplewall includes an internal blocklist specifically designed to gag chatter in the backend that sends user diagnostic data to Microsoft servers, even when you have toggled it off. It can block Microsoft’s telemetry IP ranges and spying domains at the packet level.
This goes beyond just asking Windows not to track you; it physically prevents the data packets from leaving your computer. The result is a muted Windows experience that actually respects the hardware you paid for.
The Windows hardening feature
Beyond basic app filtering, Simplewall offers system-hardening features that typically require complex PowerShell scripts. Using simple checkboxes, you can enable filters to block port scanning and restrict access to specific IP ranges.
For example, you can block all packet download requests system-wide while continuing to allow packet uploads from your whitelisted apps. It creates a setting where your PC is invisible to packet analyzers while remaining fully functional for daily tasks. It’s the kind of hardening that usually requires a paid enterprise security suite, delivered in a free, open-source package.
But isn’t Windows Defender enough?
This isn’t a replacement but an addition
Some users frequently claim that the combination of Windows Firewall + Windows Defender is already enough for 99% of users. And messing with Windows’ internal rules might break the apps. The skepticism is real, since Windows is known to throw a blue screen of death even with the tiniest mishap.
Additionally, Windows Defender has evolved into a genuinely excellent antivirus for stopping incoming threats. But it still can’t protect you from many threats. The Defender fails when we examine outbound traffic. It’s great to keep the guys out, but it fails when Windows itself uploads your private data to the servers in the name of improving user experience.
I stopped paying for antivirus after I learned about these 5 Windows Security features
Stop paying for expensive antivirus software. Instead, use these 5 features in Windows Security.
If a zero-day exploit manages to take root on your PC, Defender might fail to recognize it. Without a strict outbound firewall, the exploit can easily exfiltrate the data. Simplewall closes this gap. It is never meant to replace Windows Defender; it was always meant to accompany it to make your system much more secure.
As for the fear of breaking apps, Simplewall’s notification system makes this a non-issue. If an app breaks, you immediately see a notification that it was blocked. You click Allow, and it works. You aren’t digging through logs; you are making instant choices. It creates a layer of friction, yes, but that friction is exactly what prevents data exfiltration.
Simplewall is not optional anymore
We live in an era where software is getting increasingly hostile every passing day to the user’s privacy. Windows 11, despite its sleek UI, is part of that problem. Relying solely on default settings is a choice to trust Microsoft with every byte of data that leaves your computer.
Simplewall offers a powerful alternative. It’s a 2MB download that transforms your PC from a leaky sieve into a digital fortress. It forces you to be intentional about your connectivity and, in exchange, gives you total sovereignty over your network traffic.
