When this happens, programs continue to operate as normal, except they connect to the Internet through your unprotected network. This means your Internet service provider (ISP) can potentially view your data and your true IP address is revealed to websites, peer-2-peer networks or any remote location to which you connect.
What Can You Do?
This flaw doesn’t need to be a deal breaker though. Using Windows Firewall, you can block a single program, or all programs, from accessing the Internet unless it’s done through a specified network type, such as a VPN’s Public network. That way, if the VPN disconnects, the program will fail to connect to the Internet, thereby preserving your privacy. After you reconnect the VPN, the program again accesses the Internet through the VPN.
However, for this approach to work, your home network (the connection to your ISP) and your VPN network must use different network types. Unless you’re on a domain, that means your VPN network should be Public, which it should already be, and your home network should be Private. If you’re unsure how your home network is configured or need to change it, see the previous article How to Configure Windows 8.1 Networks to be Public or Private.
Once you’ve verified the network types, you’ll need to block the program’s traffic through the Private network. Unfortunately, Windows Firewall uses separate rules for incoming and outgoing traffic, so you essentially need to follow the procedure twice: once to set up an Inbound Rule and once to set up an Outbound rule.
However, the procedure is relatively painless, so it’s no big deal unless you’re configuring a long list of programs.
Blocking a Program on Your Private Network
1. Open the Control Panel (Win-I > Control Panel) and select “System and Security,” “Windows Firewall” and then “Advanced Settings.”
2. Click “Outbound Rules” in the left panel and select “New Rule” in the right panel. When you run through the procedure the second time, you’ll need to select “Inbound Rules”; from there, the procedure is identical.
3. Select “Program” and click “Next.”
4. Choose “This Program Path,” click “Browse” to select the program you wish to block and click “Next.” Alternatively, choose “All Programs” to block all programs if the VPN disconnects.
5. Choose “Block the Connection” and click “Next.”
6. Deselect “Public,” but keep “Domain” and “Private” checked. This tells Windows Firewall to apply the block only on Private (your ISP) and Domain networks, but not to apply the block on Public (your VPN) networks. Click “Next.”
7. Enter a descriptive name for the new rule and click “Finish.” You should then see the new rule in the Outbound (or Inbound, as the case may be) Rules list.
8. Select “Inbound Rules” and choose “New Rule” to block incoming traffic if the VPN disconnects, following the same procedure as in steps 3 through 7.
9. After you’ve configured both, test the program by disconnecting the VPN and attempting to access the Internet with the program.