#Requires -RunAsAdministrator <# .SYNOPSIS Configures Windows Firewall rules to block SolidWorks telemetry executables. .DESCRIPTION Creates outbound firewall rules to block update and telemetry executables while allowing the main SOLIDWORKS application to communicate with licensing servers. .NOTES Author: Atomaste Solution Requires: Administrator privileges Windows Firewall must be enabled #> param( [switch]$Undo, # Remove all SOLIDWORKS firewall rules [switch]$ListOnly, # Only list executables, don't create rules [string]$InstallPath = "C:\Program Files\SOLIDWORKS Corp" ) $rulePrefix = "SolidWorks Privacy - " # Executables to BLOCK (update/telemetry) $execsToBlock = @( "SOLIDWORKS\swScheduler\dxttasks.exe", "SOLIDWORKS\swScheduler\DXTTask.exe", "SOLIDWORKS Installation Manager\sldIM.exe", "SOLIDWORKS Installation Manager\sldDownloader.exe", "SOLIDWORKS\swPDFPrinterHost.exe", "SOLIDWORKS\swScheduler\TaskScheduler.exe", "SOLIDWORKS\swScheduler\dxtTaskSvc.exe" ) # Executables to ALLOW (main app - needs licensing access) $execsToAllow = @( "SOLIDWORKS\SLDWORKS.exe", "SOLIDWORKS\swlmwiz.exe" # License wizard ) # Additional executables to search for $searchPatterns = @( "*Update*.exe", "*Downloader*.exe", "*Telemetry*.exe", "*Analytics*.exe", "*3DEXPERIENCE*.exe" ) function Test-IsAdmin { $currentUser = [Security.Principal.WindowsIdentity]::GetCurrent() $principal = New-Object Security.Principal.WindowsPrincipal($currentUser) return $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) } function Find-SolidWorksExecutables { param([string]$Path) $results = @{ ToBlock = @() ToAllow = @() Other = @() } if (-not (Test-Path $Path)) { Write-Host "[WARN] SolidWorks installation not found at: $Path" -ForegroundColor Yellow return $results } Write-Host "[INFO] Scanning: $Path" -ForegroundColor Cyan # Check known executables to block foreach ($exe in $execsToBlock) { $fullPath = Join-Path $Path $exe if (Test-Path $fullPath) { $results.ToBlock += $fullPath } } # Check known executables to allow foreach ($exe in $execsToAllow) { $fullPath = Join-Path $Path $exe if (Test-Path $fullPath) { $results.ToAllow += $fullPath } } # Search for additional update/telemetry executables foreach ($pattern in $searchPatterns) { $found = Get-ChildItem -Path $Path -Filter $pattern -Recurse -ErrorAction SilentlyContinue foreach ($file in $found) { if ($file.FullName -notin $results.ToBlock) { $results.ToBlock += $file.FullName } } } return $results } function Show-Executables { param([hashtable]$Execs) Write-Host "`n=== EXECUTABLES TO ALLOW (licensing) ===" -ForegroundColor Green if ($Execs.ToAllow.Count -eq 0) { Write-Host " (none found)" -ForegroundColor Gray } else { foreach ($exe in $Execs.ToAllow) { Write-Host " [ALLOW] $exe" -ForegroundColor Green } } Write-Host "`n=== EXECUTABLES TO BLOCK (update/telemetry) ===" -ForegroundColor Red if ($Execs.ToBlock.Count -eq 0) { Write-Host " (none found)" -ForegroundColor Gray } else { foreach ($exe in $Execs.ToBlock) { Write-Host " [BLOCK] $exe" -ForegroundColor Red } } } function Remove-SolidWorksRules { $rules = Get-NetFirewallRule -DisplayName "$rulePrefix*" -ErrorAction SilentlyContinue if ($rules) { $count = ($rules | Measure-Object).Count $rules | Remove-NetFirewallRule Write-Host "[OK] Removed $count firewall rule(s)" -ForegroundColor Green } else { Write-Host "[INFO] No SolidWorks firewall rules found" -ForegroundColor Yellow } } function New-BlockRule { param([string]$ExePath) $exeName = Split-Path $ExePath -Leaf $ruleName = "$rulePrefix Block $exeName" # Check if rule already exists $existing = Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue if ($existing) { Write-Host "[SKIP] Rule already exists: $exeName" -ForegroundColor Yellow return } try { New-NetFirewallRule ` -DisplayName $ruleName ` -Description "Blocks outbound connections for SolidWorks update/telemetry" ` -Direction Outbound ` -Action Block ` -Program $ExePath ` -Enabled True ` -Profile Any ` -ErrorAction Stop | Out-Null Write-Host "[OK] Created block rule: $exeName" -ForegroundColor Green } catch { Write-Host "[ERROR] Failed to create rule for $exeName : $_" -ForegroundColor Red } } function New-AllowRule { param([string]$ExePath) $exeName = Split-Path $ExePath -Leaf $ruleName = "$rulePrefix Allow $exeName" # Check if rule already exists $existing = Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue if ($existing) { Write-Host "[SKIP] Rule already exists: $exeName" -ForegroundColor Yellow return } # Note: Windows Firewall cannot filter by domain easily # We'll create an allow rule for the main app # The hosts file handles domain-level blocking try { New-NetFirewallRule ` -DisplayName $ruleName ` -Description "Allows SolidWorks main app (licensing required)" ` -Direction Outbound ` -Action Allow ` -Program $ExePath ` -Enabled True ` -Profile Any ` -ErrorAction Stop | Out-Null Write-Host "[OK] Created allow rule: $exeName" -ForegroundColor Green } catch { Write-Host "[ERROR] Failed to create rule for $exeName : $_" -ForegroundColor Red } } function Show-CurrentRules { $rules = Get-NetFirewallRule -DisplayName "$rulePrefix*" -ErrorAction SilentlyContinue Write-Host "`n=== CURRENT SOLIDWORKS FIREWALL RULES ===" -ForegroundColor Cyan if (-not $rules) { Write-Host " (no rules configured)" -ForegroundColor Gray return } foreach ($rule in $rules) { $actionColor = if ($rule.Action -eq "Block") { "Red" } else { "Green" } $enabledStatus = if ($rule.Enabled -eq "True") { "[ON]" } else { "[OFF]" } Write-Host " $enabledStatus " -NoNewline Write-Host "$($rule.Action)" -ForegroundColor $actionColor -NoNewline Write-Host " - $($rule.DisplayName -replace $rulePrefix, '')" -ForegroundColor White } } # Main execution if (-not (Test-IsAdmin)) { Write-Host "[ERROR] This script requires Administrator privileges." -ForegroundColor Red exit 1 } Write-Host "========================================" -ForegroundColor Cyan Write-Host " SolidWorks Firewall Configurator" -ForegroundColor Cyan Write-Host " Atomaste Solution" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan if ($Undo) { Write-Host "`n[ACTION] Removing all SolidWorks firewall rules..." -ForegroundColor Yellow Remove-SolidWorksRules Show-CurrentRules } elseif ($ListOnly) { Write-Host "`n[INFO] Scanning for executables (no changes will be made)..." -ForegroundColor Yellow $execs = Find-SolidWorksExecutables -Path $InstallPath Show-Executables -Execs $execs Show-CurrentRules Write-Host "`n[TIP] Run without -ListOnly to create firewall rules" -ForegroundColor Yellow } else { Write-Host "`n[ACTION] Configuring firewall rules..." -ForegroundColor Yellow $execs = Find-SolidWorksExecutables -Path $InstallPath Show-Executables -Execs $execs Write-Host "`n[STEP] Creating firewall rules..." -ForegroundColor Cyan # Create block rules for update/telemetry executables foreach ($exe in $execs.ToBlock) { New-BlockRule -ExePath $exe } # Create allow rules for main application foreach ($exe in $execs.ToAllow) { New-AllowRule -ExePath $exe } Show-CurrentRules } Write-Host "`n[NOTE] Domain-level blocking is handled by the hosts file." -ForegroundColor Yellow Write-Host " Windows Firewall blocks at the executable level." -ForegroundColor Yellow Write-Host "`n[DONE] Script completed." -ForegroundColor Green