Description
Technical & Comprehensive Documentation
Overview
WinMasterBlocker.bat is an administrative automation script written in Windows Batch (.cmd/.bat). It interfaces with Windows Advanced Firewall and PowerShell to recursively locate executable files within defined vendor directories and program metadata folders, creating rigorous inbound and outbound blocking rules.
System Requirements & Prerequisites
- Operating System: Windows 10 or Windows 11.
- Permissions: Elevated Administrator privileges are strictly required to manipulate the
netshfirewall infrastructure.
Core Architecture & Execution Flow
1. Privilege Elevation Check
Upon execution, the script verifies if it possesses administrative rights by testing access to net session. If authorization fails, it bypasses standard execution and forces a UAC (User Account Control) elevation prompt utilizing PowerShell’s Start-Process -Verb RunAs command to restart itself with elevated privileges.
2. Path Mapping Array
The script maps software vendors to their respective installation and application data directories using pseudo-arrays. The paths include system-wide installation folders, common shared utility repositories, and user-profile specific environments (%LocalAppData% and %AppData%) to capture dynamic background elements or licensing services:
- Adobe Environment: Covers standard
Program Files,Common Files,%ProgramData%system repositories, and user-specific local/roamingAppDatapaths. - Secondary Vendor Modules: Includes structural paths for Corel, Autodesk, Maxon, and Red Giant.
3. Deep Directory Inspection & Rule Injection
When a user selects a vendor directory, the script:
- Breaks down the semicolon-delimited paths into individual string targets.
- Verifies folder existence via
if existchecks. - Leverages
pushdto safely shift the execution root into the target directory. - Runs a recursive loop (
for /R) to find every single.exefile nested within the folder structure. - Hands the file paths off to the execution block.
4. Firewall Rule Generation
To prevent system bloat, the script cross-checks existing rules via a PowerShell query (Get-NetFirewallRule).
- If a rule matching the syntax
[Filename] [Vendor]-blockis discovered, it skips the file. - If no rule exists, it sequentially fires two
netsh advfirewallcommands to explicitly declare hard blocks:- Outbound Block: Prevents the application from initiating connections out to the web.
- Inbound Block: Prevents external servers from sending unsolicited data back into the application.
5. Rule Reversal & Deletion Architecture
If a user selects option 99, the script transitions to the deletion module. It queries the firewall via PowerShell to parse any rule containing the string -block. It then runs a standard loop utilizing netsh advfirewall firewall delete rule targeted at the in, out, or both connection directions to restore standard network functionality.
Script Menu Mapping Reference
| Option Code | Action Target | Description |
|---|---|---|
| 0 | Adobe Systems | Scans all standard installation paths, common files, and hidden user AppData directories for Adobe software packages. |
| 1 – 4 | Corel, Autodesk, Maxon, Red Giant | Standard target configurations for secondary suite deployment isolation. |
| 99 | Rule Deletion Protocol | Grants access to the removal sub-menu to clear rules by specific direction or wipe all script changes entirely. |
Scope of Operational Impact
Running this script on the Adobe directory will comprehensively disconnect Illustrator and its satellite components from the network.
Warning: Because it operates at the binary level across all sub-folders, it will forcefully restrict:
- Creative Cloud licensing checks and genuine validation pings.
- Live syncing features, Adobe Fonts sync, and cloud document saving.
- Server-side operations, including Firefly Generative AI utilities within the application.



