🛡️ What is an Application Kill Switch?
An application kill switch ensures specific programs can ONLY connect to the internet through your VPN. If the VPN disconnects, the application is immediately blocked from using your regular internet connection, preventing IP leaks.
Why Use an App-Specific Kill Switch?
🔒 Torrent Protection
Ensure torrent clients never expose your real IP, even if VPN drops unexpectedly.
🎯 Selective Protection
Only specified apps use VPN while others use normal connection for better performance.
💼 Work Applications
Force sensitive work apps through VPN while keeping personal browsing unrestricted.
🌐 Prevent Leaks
100% guarantee that protected apps never connect without VPN active.
Windows Version Compatibility
| Windows Version | Firewall Support | Network Profiles | Recommended |
|---|---|---|---|
| Windows 11 | ✅ Full Support | ✅ Yes | ⭐⭐⭐⭐⭐ |
| Windows 10 | ✅ Full Support | ✅ Yes | ⭐⭐⭐⭐⭐ |
| Windows 8/8.1 | ✅ Full Support | ✅ Yes | ⭐⭐⭐⭐ |
| Windows 7 | ✅ Full Support | ✅ Yes | ⭐⭐⭐ |
| Windows Vista | ❌ Limited | ❌ No | Not Supported |
| Windows XP | ❌ No | ❌ No | Not Supported |
⚠️ Preliminary Security Considerations
- Antivirus Web Shields: Programs like Avast that proxy HTTP traffic may interfere. Consider adding exceptions.
- IPv6 Leaks: Windows IPv6 can leak your IP. Disable IPv6 for maximum security.
- Torrent Clients: Disable uTP, DHT, UPnP, Local Peer Discovery, and IPv6 in your torrent client.
- User Accounts: These rules apply per Windows user account.
- Administrator Access: You must be logged in as Administrator to configure firewall rules.
How It Works
This method uses Windows Firewall's network profiles to create rules:
VPN Connection
Profile: Public
✓ Apps ALLOWED
Traffic permitted through VPN
ISP Connection
Profile: Home/Private
✗ Apps BLOCKED
Traffic blocked without VPN
Domain Network
Profile: Domain
✗ Apps BLOCKED
Corporate networks blocked
Step-by-Step Configuration
1Connect to VPN
First, connect to your TorGuard VPN as you normally would. This is necessary to see both network connections.
2Open Network and Sharing Center
Right-click the network icon in your system tray and select "Open Network and Sharing Center":
3Configure Network Profiles
You should see two active networks. Configure them as follows:
VPN must be "Public" and ISP must be "Home Network"
⚠️ Critical Configuration
- VPN Connection: MUST be set to "Public network"
- ISP Connection: MUST be set to "Home network"
- Click each network to change if needed
4Access Windows Firewall
Navigate to Control Panel → System and Security:
Then click Windows Firewall:
5Open Advanced Settings
Click "Advanced Settings" on the left panel:
6Create Inbound Rule
In the Windows Firewall with Advanced Security window, click "Inbound Rules":
Click "New Rule" on the right panel:
7Configure the Rule
Rule Type
Select "Program" and click Next:
Program Path
Browse to select the application you want to protect (e.g., qBittorrent.exe, uTorrent.exe):
qBittorrent
C:\Program Files\qBittorrent\qbittorrent.exe
uTorrent
C:\Users\[Username]\AppData\Roaming\uTorrent\uTorrent.exe
Transmission
C:\Program Files\Transmission\transmission-qt.exe
Deluge
C:\Program Files\Deluge\deluge.exe
Action
Select "Block the connection":
Profile Selection
Check "Domain" and "Private". Leave "Public" UNCHECKED:
✅ Profile Logic
- Domain ✓ - Block on corporate networks
- Private ✓ - Block on home/ISP network
- Public ✗ - Allow on VPN (Public) network
Name the Rule
Give it a descriptive name like "Block [AppName] without VPN"
8Create Outbound Rule
Repeat the entire process for Outbound Rules:
- Click "Outbound Rules" in left panel
- Click "New Rule"
- Follow the same steps as Inbound
- Use the same program and settings
Testing Your Configuration
🧪 Test Procedure
-
With VPN Connected
- Open your protected application
- Start a download or connect to peers
- Verify it's working normally
-
Disconnect VPN
- Disconnect from TorGuard VPN
- The download should stop IMMEDIATELY
- Application should show no connection
-
Reconnect VPN
- Connect to VPN again
- Application should resume automatically
💡 Monitoring Tool
Use TCPView to monitor all network connections and verify no leaks.
Advanced Configuration
Multiple Applications
To protect multiple applications:
- Create separate Inbound and Outbound rules for each app
- Use consistent naming: "Block [AppName] without VPN"
- Test each application individually
PowerShell Alternative
For advanced users, create rules via PowerShell:
# Block qBittorrent without VPN (Inbound)
New-NetFirewallRule -DisplayName "Block qBittorrent without VPN" `
-Direction Inbound -Program "C:\Program Files\qBittorrent\qbittorrent.exe" `
-Action Block -Profile Domain, Private
# Block qBittorrent without VPN (Outbound)
New-NetFirewallRule -DisplayName "Block qBittorrent without VPN" `
-Direction Outbound -Program "C:\Program Files\qBittorrent\qbittorrent.exe" `
-Action Block -Profile Domain, Private
Torrent Client Hardening
For torrent clients, also disable these features to prevent leaks:
- uTP: Can bypass firewall rules
- DHT: Distributed hash table can leak IP
- PEX: Peer exchange can expose IP
- Local Peer Discovery: LAN announcements
- UPnP/NAT-PMP: Automatic port forwarding
- IPv6: If not properly routed through VPN
Troubleshooting
Application Still Connects Without VPN
- Verify network profiles are set correctly
- Check both Inbound AND Outbound rules exist
- Ensure correct program path is selected
- Restart the application after creating rules
- Check Windows Firewall is enabled
Application Won't Connect With VPN
- Confirm VPN connection shows as "Public network"
- Verify "Public" is UNCHECKED in firewall rule
- Try temporarily disabling Windows Firewall to test
- Check if antivirus has its own firewall blocking
Rules Don't Appear to Work
- Run Command Prompt as Administrator
- Execute:
netsh advfirewall show allprofiles - Verify firewall is ON for all profiles
- Check rule priority and conflicts
Alternative Methods
Other Kill Switch Options
1. TorGuard App Kill Switch
The TorGuard desktop app includes a built-in kill switch that blocks ALL internet if VPN drops.
2. Third-Party Tools
- VPNCheck: Closes specified apps if VPN drops
- VPN Watcher: Monitors and controls app connections
- NetGuard: Advanced firewall with VPN rules
3. Router-Level VPN
Configure VPN on your router for network-wide protection without software configuration.
Best Practices
✅ Security Recommendations
- Test kill switch regularly to ensure it's working
- Keep firewall rules updated after app updates
- Use strong VPN protocols (OpenVPN, WireGuard)
- Enable TorGuard's app kill switch as backup
- Monitor with tools like TCPView periodically
- Document which apps have kill switch rules
Need Help?
If you need assistance setting up your application kill switch:
Specify which application you're trying to protect for targeted assistance