//------------------------------------------------------------------- //-------------------------------------------------------------------
Windows VPS firewall hardening

Windows VPS Firewall Hardening and Defender

Securing a new server is essential; properly configuring Defender and Windows Firewall protects your system against threats and unwanted traffic. Establishing a clean baseline through Windows VPS firewall hardening helps reduce unnecessary exposure before you install applications, open ports, or start using the VPS for production work.

In this guide, you will learn to configure a security baseline for a new Windows server by updating Defender signatures, enabling important protection features, hardening firewall profiles, and allowing only the traffic your server actually needs.

The goal is a simple and effective setup that makes firewall hardening easy on any fresh Windows VPS hosting.

Prerequisites for Windows VPS Firewall Hardening

Before starting Windows VPS firewall hardening, ensure you have a fresh Windows VPS running Windows Server 2019 or 2022. If you need a reliable environment, you can quickly deploy a high-performance server through PerLod Hosting.

Also, you must be logged in to your server using the Administrator account.

Update Windows Defender Signatures

The first step is to update Defender to make sure your fresh VPS is using the latest security intelligence from Microsoft. For this purpose, you must run PowerShell as an Administrator and run the command below:

Update-MpSignature

This forces an immediate connection to Microsoft servers to download and install the latest threat intelligence.

Enable Real-Time Threat Protection

After updating Defender, you must enable its main protection features so the server can monitor and block threats in real time. To do this, you can run the command below:

Set-MpPreference -DisableRealtimeMonitoring $false -MAPSReporting Advanced -SubmitSamplesConsent SendAllSamples -DisableBlockAtFirstSeen $false
  • -DisableRealtimeMonitoring $false enables real-time scanning.
  • -MAPSReporting Advanced uses Microsoft cloud protection.
  • -SubmitSamplesConsent SendAllSamples sends suspicious samples automatically.
  • -DisableBlockAtFirstSeen $false helps block unknown threats immediately.

Enforce a Default-Deny Firewall Policy

A strict default-deny policy is the foundation of Windows VPS firewall hardening. You can configure the server to drop all unapproved incoming traffic across every network profile automatically.

To do this, you can run this command:

Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled True -DefaultInboundAction Block -DefaultOutboundAction Allow
  • Profile Domain,Private,Public: Applies rules to all network types.
  • -Enabled True: Enable firewall globally.
  • -DefaultInboundAction Block: Drops all incoming traffic without an allow rule.
  • -DefaultOutboundAction Allow: Permits outgoing connections for server updates.

Configure Inbound Firewall Rules

Now that the firewall is blocking everything by default, you need to open the specific ports required to manage your VPS remotely. To do this, you can run the command below:

New-NetFirewallRule -DisplayName "Allow RDP" -Direction Inbound -LocalPort 3389 -Protocol TCP -Action Allow

Block ICMP Ping Requests

Disabling ping replies hides your server from automated bots and scanners that sweep the internet looking for targets. You can disable ICMP Ping requests with the command below:

Disable-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)"

Run a Quick Scan on Windows VPS

Now that your network is locked down and real-time protection is active, you should run a quick scan, which validates your entire setup. Once the scan finishes, your VPS is completely secure and ready to use.

Run a quick scan with the command below:

Start-MpScan -ScanType QuickScan

This initiates a rapid check of critical system areas, the registry, and active memory.

FAQs

Is Windows Defender enough to protect my VPS?

Yes. Microsoft Defender offers excellent protection once you enable real-time scanning and cloud updates. Also, it uses fewer system resources than most third-party antivirus programs.

Why is my Windows VPS showing as Offline on ping monitoring tools?

This is normal because we blocked ping requests earlier to hide your server from bots and scanners. If your hosting provider needs ping for uptime tracking, you can turn it back on by running: Enable-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)"

What does Windows real-time protection actually do?

It makes Defender check files and activity in real time, so you do not have to wait for a manual scan. This gives your server constant protection in the background.

Conclusion

By applying this security baseline, your Windows VPS is now protected against common automated attacks from the moment it goes online. Microsoft Defender is actively monitoring for threats, and your strict firewall policy ensures only approved traffic can reach your server. With Windows VPS firewall hardening, you can safely install your applications and configure your production environment.

We hope you enjoy this guide. Subscribe to our X and Facebook channels to get the latest updates and articles.

For further reading:

Back up and Restore Windows Server VPS

Run Legacy Windows Apps on VPS

Post Your Comment

Perlod Logo White

PerLod delivers high-performance hosting with real-time support and unmatched reliability.

Facebook-f Twitter

Navigation

Useful Links

Contact us

  • Dubai, UAE
  • info[at]perlod.com

Payment methods

payment gateway
Perlod Logo
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.