Emergency recovery

Restore default DNS and remove CustosXI firewall blocks if something goes wrong or you need immediate network access.

Documentation › Emergency recovery

When to use this guide

Use these steps if DNS still points to CustosXI after you stopped protection, if a blocked IP prevents access to a service you need right now, or if the app or Worker is not responding.

CustosXI only removes rules it created (names starting with CustosXI Block ). It does not touch other Windows Firewall rules.

Quick checklist

  1. Try in-app recovery first (fastest when CustosXI is running).
  2. If the UI is unavailable, use the Helper command line (Administrator).
  3. As a last resort, restore DNS and delete rules manually in Windows.
  4. After recovery, run ipconfig /flushdns in an elevated Command Prompt if name resolution still looks wrong.

Part 1 - Restore default DNS

CustosXI saves your network adapter and default DNS settings before enabling the DNS sinkhole. Restore applies those saved values (or DHCP when configured).

Option A - From the CustosXI app

Try these in order. All require the CustosXI Worker service to be running (check the Dashboard status).

1. Settings → DNS

  1. Open CustosXI.
  2. Go to Settings (gear icon) → DNS in the left menu.
  3. Under Default DNS (Failsafe), confirm your preferred servers (or leave empty with Use DHCP if fields are empty checked).
  4. Click Restore DNS to Default NOW.
  5. Turn DNS Sinkhole off if you want DNS filtering disabled immediately.

2. Dashboard quick action

  1. On the Dashboard, open the DNS / protection badge menu (top area).
  2. Click Restore DNS NIC.

3. Stop protection on exit

  1. Close CustosXI from the window X button.
  2. When prompted, choose Stop protection and exit (not continue in background).
  3. CustosXI stops capture, restores default DNS, and shuts down the Worker.

4. Setup wizard (safe test)

  1. Settings → About → Run setup wizard again.
  2. On the DNS step, use Test DNS restore (safe) to verify restore works without changing other settings.

Option B - Helper command line (no UI)

Run as Administrator in Command Prompt or PowerShell:

"C:\Program Files\CustosXI\CustosXI.Helper.exe" restore-dns-default

Exit code 0 and output OK means success. The Helper reads:

  • C:\ProgramData\CustosXI\Data\dns_snapshot.json - adapter name captured at first sinkhole use
  • C:\ProgramData\CustosXI\worker.settings.json - your saved default DNS (IPv4/IPv6) or DHCP preference

If restore fails with dns_snapshot.json not found, use Option C below - CustosXI may never have enabled the sinkhole on this PC.

Option C - Restore DNS directly in Windows

Use this if CustosXI is not installed, the Helper fails, or you need to set DNS manually.

GUI (recommended for most users)

  1. Open SettingsNetwork & internetEthernet or Wi-Fi → your active connection.
  2. Click Edit next to DNS server assignment.
  3. Choose Automatic (DHCP) to let your router or ISP provide DNS, or Manual and enter known servers (for example Cloudflare 1.1.1.1 and Google 8.8.8.8).
  4. Save, then run ipconfig /flushdns in an elevated Command Prompt.

Command line (netsh)

Replace Wi-Fi with your adapter name from netsh interface show interface.

netsh interface ip set dns name="Wi-Fi" dhcp
netsh interface ipv6 set dnsservers "Wi-Fi" dhcp
ipconfig /flushdns

For static DNS instead of DHCP:

netsh interface ip set dns name="Wi-Fi" static 1.1.1.1 primary
netsh interface ip add dns name="Wi-Fi" 8.8.8.8 index=2

Part 2 - Unblock IPs added by CustosXI firewall

When CustosXI blocks an IP for enforcement (not monitor-only mode), it creates two Windows Firewall rules for the same target:

  • Inbound: CustosXI Block <target>
  • Outbound: CustosXI Block <target> (OUT)

In-app unblock and Helper cleanup remove both. If you clean up manually in Windows, check Inbound Rules and Outbound Rules.

Option A - From the CustosXI app

Unblock a single target

  1. Open Firewall in the main navigation.
  2. Find the row for the IP or target you need.
  3. Click Unblock on that row (available for active real firewall blocks, not virtual monitor-only blocks).

Emergency unblock (many rules at once)

  1. Open Firewall.
  2. At the top toolbar, use the red Emergency unblock button (shield icon) to remove all active CustosXI firewall rules at once.
  3. Or use the emergency button on a category group header to unblock only that category (for example Heuristic or DnsSinkhole).
  4. Confirm the dialog - both inbound and outbound rules are deleted immediately from Windows Firewall.

Option B - Helper command line

Removes all CustosXI firewall rules and restores DNS in one step (same as MSI uninstall cleanup hook):

"C:\Program Files\CustosXI\CustosXI.Helper.exe" uninstall-cleanup

This does not uninstall CustosXI - it only runs DNS restore plus firewall rule cleanup.

To list CustosXI rules before deleting, run in an elevated Command Prompt:

netsh advfirewall firewall show rule name=all | findstr /i "CustosXI Block"

Delete both rules for one target by exact name:

netsh advfirewall firewall delete rule name="CustosXI Block 203.0.113.10"
netsh advfirewall firewall delete rule name="CustosXI Block 203.0.113.10 (OUT)"

Option C - Windows Firewall directly

GUI

  1. Open Windows SecurityFirewall & network protectionAdvanced settings (or run wf.msc).
  2. Open Inbound Rules and delete every rule whose name starts with CustosXI Block (for example CustosXI Block 203.0.113.10).
  3. Open Outbound Rules and delete matching CustosXI Block … (OUT) rules for the same targets.
  4. Right-click each rule → Delete (or Disable if you prefer to keep a record).

Delete all CustosXI rules via netsh (PowerShell, Administrator)

netsh advfirewall firewall show rule name=all |
  Select-String "Rule Name:" |
  ForEach-Object { $_.Line.Split(":",2)[1].Trim() } |
  Where-Object { $_ -like "CustosXI Block*" } |
  ForEach-Object { netsh advfirewall firewall delete rule name="$_" }

Part 3 - Verify recovery

  1. DNS: run ipconfig /all and check DNS servers on your active adapter match what you expect (router DHCP or your chosen public DNS).
  2. Firewall: run netsh advfirewall firewall show rule name=all | findstr /i "CustosXI Block" - should return no inbound or outbound rules after cleanup.
  3. Connectivity: open a browser and reach a site that was previously blocked; ping the unblocked IP if appropriate.
  4. Re-enable protection: when ready, start CustosXI again and turn protection back on from the Dashboard.

Monitor mode vs real blocks

In Monitor preset, CustosXI logs would-block actions but does not create real firewall rules or enable the DNS sinkhole. If you see blocks in the UI with a virtual indicator, emergency firewall cleanup may not be needed - check Settings → Signals and your protection preset.

Still stuck?

  • Restart the CustosXI Worker service from Settings or Services (CustosXIWorker).
  • Run Helper repair to restart the Worker: "C:\Program Files\CustosXI\CustosXI.Helper.exe" repair
  • Check Log Center (in-app) or C:\ProgramData\CustosXI\Logs\ for DNS or firewall errors.
  • Contact support or security@custosxi.com with your log excerpt.