CleanBrowsing Windows Desktop App

What the App Does

The CleanBrowsing Desktop App automatically configures DNS filtering on all your network interfaces. Instead of manually changing DNS settings through the command prompt or Windows Settings, the app handles everything with a single click.

When you enable a filter, the app:

• Sets your DNS servers to CleanBrowsing's filtered resolvers
• Installs a local DNS proxy (DNSCrypt) for encrypted DNS queries
• Monitors your network for changes and re-applies settings automatically
• Detects captive portals (hotel/airport Wi-Fi) and pauses filtering until you authenticate

The app runs on Windows 10 and Windows 11 (64-bit).

Three Built-in Filter Levels

The app comes with three pre-configured filter levels. Each one maps to a different CleanBrowsing DNS resolver:

• Family Filter — Blocks adult content, mixed content, malware, and phishing domains. Best for families with children.
• Adult Filter — Blocks adult content and malware. Allows mixed-content sites like Reddit and social media.
• Custom Filter — Uses your CleanBrowsing dashboard settings. Requires a paid plan. Lets you create your own allow/block lists and custom policies.

Enable any filter with a single click on the home screen. The app shows a green status indicator when filtering is active and red when it's not.

Paying customers can configure their custom filter through the CleanBrowsing Dashboard.

Browser and System Hardening

The Harden page provides three security features that prevent users from bypassing DNS filtering:

• Application Uninstall Protection — Prevents the app from being removed through Windows Add/Remove Programs. Requires your PIN to disable.
• Block Internet Options — Disables the Network and Sharing Center and Internet Options in Control Panel, preventing manual DNS changes.
• Browser Secure DNS Hardening — Disables DNS-over-HTTPS (DoH) in Chrome, Edge, Brave, and Firefox. This prevents browsers from bypassing your configured DNS filtering with their own encrypted DNS resolvers.

Each feature can be toggled on or off independently. Disabling a hardening feature requires your local PIN.

Captive Portal Detection

When you connect to a network that requires a login page (hotels, airports, coffee shops), the app automatically detects the captive portal and temporarily pauses DNS filtering so you can authenticate.

Once you complete the login and internet connectivity is restored, the app automatically re-enables DNS filtering. This happens in the background — you'll see a notification in the app when filtering is paused and when it resumes.

The detection works by probing standard connectivity endpoints (similar to how Windows itself detects internet connectivity). It checks every few seconds when a filter is active.

Password Protection

You can set a local PIN to prevent unauthorized changes to the app's settings. When a PIN is set:

• Changing filters requires the PIN
• Resetting to default settings requires the PIN
• Enabling or disabling hardening features requires the PIN
• Uninstalling the app requires the PIN (or a remote admin code from the CleanBrowsing dashboard)

This is useful for parents who want to ensure children can't disable filtering, or for IT administrators deploying the app across multiple machines.

Built-in Update Checker

The app checks for updates automatically and shows the result on the Updates page. If a newer version is available, you'll see a download link. The update checker shows your current version, the latest available version, and any error details if the check fails.

Download and Install

The app is a single installer for Windows 10 and 11 (64-bit):

1. Download CleanBrowsingClient v1.7.0
2. Run the installer — it will prompt for administrator permissions
3. If a previous version is installed, the installer will automatically clean up the old installation (reset DNS, remove browser hardening, stop services) before installing the new version
4. Launch the app and click on a filter to enable it

For detailed setup instructions, see our Windows App Setup Guide.

For manual DNS configuration without the app, see Windows DNS Setup or our Setup page.