Install Clash for Windows on Windows 10: Download and First Subscription Import (Step-by-Step, 2026)

Why a Windows 10–specific page exists

Search traffic splits in a predictable way: some users type “Clash Verge Rev Windows 11,” others type “CFW Windows 10.” Mixing every desktop story into one article usually hides the details that decide whether day-one setup succeeds—SmartScreen habits, legacy port defaults, and the exact proxy semantics Win32 applications expect. We already publish a Clash Verge Rev first-setup guide for Windows 11 with TUN and UWP edge cases; here the protagonist is Clash for Windows on hardware that has not moved to Windows 11 yet.

Be honest about project status before you invest an afternoon: the wider Clash ecosystem shifted toward Clash Meta (Mihomo) and maintained GUIs. Our Clash ecosystem in 2026 article maps what still receives fixes. If you are starting fresh and only want a supported path, compare this tutorial with Verge Rev on Windows 11 and your own upgrade timeline—but if your goal is literally “get CFW running on Win10 today,” the steps below match that search intent.

What you need before opening the installer

Collect four facts up front so you do not blame the GUI for environmental issues: a clean subscription URL copied from your provider (not a screenshot of nodes), administrator access only when Windows demands it, accurate system time with automatic synchronization enabled, and a network that allows HTTPS to public CDNs. Corporate TLS inspection sometimes breaks subscription fetches; students on dorm Wi-Fi see the same symptom when captive portals block background requests.

If you wonder why links stop working after a week or return “too many requests,” read subscription links for Clash: why they expire and how to refresh before rotating passwords or reinstalling. Terminology such as proxy-groups and rules is easier after skimming the Clash tutorial on this site; CFW is a shell around the same policy model, even when the YAML stays invisible at first.

Download Clash for Windows safely on Windows 10

The highest-risk step is rarely clicking “Install”—it is downloading an unverifiable re-upload. Prefer this site’s Clash download page as the editorial entry point, then follow through to the artifact you intend to audit. If you chase random mirrors, compare checksums when the upstream project publishes them and keep notes for family members who should not “Google the EXE name and click the first ad.”

Most current readers want 64-bit desktop Windows; if you operate older 32-bit installs, confirm the release page still lists an x86 build before you assume compatibility. After download, pause if Windows SmartScreen flags an unknown publisher—that is common for niche open-source tools. SmartScreen is not a moral judgment; it is a reputation signal. Respond by verifying distribution path, signatures where available, and organizational policy—not by disabling every security gate blindly.

Microsoft Visual C++ runtimes occasionally matter for Electron-based bundles. If the app fails silently on first launch, install the latest supported VC++ redistributable from Microsoft, reboot once, and retry before assuming the proxy core is broken.

Install and first launch without feeding superstition

Run the installer with defaults unless you have a reason to relocate program files—changing paths without updating shortcuts confuses less technical users later. When User Account Control appears, read which binary requests elevation; CFW may need admin rights for future TUN driver work even if your first session only uses system proxy.

On first open, watch the status area or log panel (labels vary by skin) for “core started” style messages. If the interface stays empty, confirm outbound HTTPS is possible without Clash first; a machine that cannot reach GitHub or provider CDNs cannot hydrate remote configs. Antivirus suites sometimes quarantine helper DLLs—check their quarantine list before posting “blank screen” threads.

Import your first subscription (the flow people screenshot wrong)

Providers ship an HTTPS URL that expands into a YAML profile. You want the URL string, not a local file you hand-edited unless you deliberately self-host. CFW typically stores remote sources under Profiles with actions named along the lines of Download, Update, or Refresh depending on localization.

1. 1

   Open Profiles and create a remote source

   Launch Profiles from the sidebar or top navigation. Choose to add a new profile from URL. Paste the subscription link exactly—trailing spaces break signatures on some providers.

2. 2

   Pull the configuration and wait for nodes

   Trigger a download or update. A progress spinner should finish within seconds on healthy networks. If parsing fails, open the log: malformed YAML, HTTP 403, or TLS handshake errors each imply different fixes.

3. 3

   Activate the profile as current

   Select the profile you imported so the main dashboard references that file. Until activation, toggles like system proxy may point at an empty policy surface.

After nodes appear, pick an entry in the primary select group (many templates label it Proxy or a provider-specific nickname). If group behavior still confuses you, our proxy-groups guide explains how selection interacts with rules ordering.

Enable system proxy and align ports on Windows 10

System Proxy in CFW asks Windows to route WinINET-aware traffic through the local listener CFW publishes—typically 127.0.0.1 paired with an HTTP or mixed port shown on the home screen. The famous 7890 default appears often in older community templates but is not a law of physics; verify the numbers your build displays.

Open Settings → Network & Internet → Proxy after enabling system proxy inside CFW. You should see manual proxy entries that mirror the client’s stated port. If they mismatch, toggle system proxy off and on inside CFW first; if inconsistency persists, another tool may be rewriting Windows proxy settings—some security products do this aggressively.

Command-line developers should export HTTPS_PROXY or ALL_PROXY to the same localhost port for curl, git, or package managers. Define NO_PROXY for corporate registries and localhost services so you do not leak internal names through the tunnel accidentally.

Optional: TUN mode on Windows 10 and when it deserves caution

TUN installs a virtual adapter and pushes more traffic through Clash even when applications ignore proxy environment variables. It solves stubborn Electron apps and some games at the cost of overlapping with other VPN stacks. Expect stronger antivirus scrutiny and more frequent UAC prompts when drivers update.

If you enable TUN because “forums say it fixes everything,” read Clash TUN mode explained first so fake-ip, DNS coupling, and double-VPN conflicts are conscious choices rather than accidents. On Windows 10, TUN behavior is closer to Windows 11 than to macOS—kernel network stacks differ—but you still want only one default tunnel at a time.

Windows 10 specifics worth naming explicitly

Windows 10 omits some Windows 11 shell polish, but proxy fundamentals match: WinHTTP and WinINET semantics, Chrome and Edge honoring system proxy unless policies override, and legacy Win32 binaries sometimes needing explicit environment variables. Microsoft Store apps still sit in the awkward bucket—some honor system proxy inconsistently, which is why symptoms look like “Chrome works, Store does not” even when nodes are healthy.

If you parallel our Windows 11 UWP loopback article, remember loopback exemption tooling targets a different generation of packaging; on Windows 10, treat UWP oddities as a signal to test TUN or accept per-app limits rather than assuming CFW failed.

Hardware maintenance matters: spinning disks and heavy background scanners delay Electron cold start; give CFW ten extra seconds before declaring the core dead. Sleep and resume cycles occasionally stale DNS caches—ipconfig /flushdns remains a boring but effective first aid.

Troubleshooting the first hour like a support engineer

Work through layers instead of reinstall loops:

• Subscription fetch fails: Refresh the provider URL, fix clock skew, pause other VPNs, and retry on a clean network path.
• Nodes list populates but browsers stay local: Confirm system proxy is enabled inside CFW and reflected under Windows proxy settings; compare listener ports with browser extensions that might force direct mode.
• Some sites load, others time out: Inspect which rules path the log attributes—often a DIRECT rule or GEOIP bucket you did not notice.
• DNS looks “half broken” with fake-ip profiles: Temporarily disable browser Secure DNS during testing; re-enable once behavior is understood.
• Conflicts with corporate VPN: Run only one tunnel during triage; split tunnels are possible later, not during first import.

When you eventually migrate to a maintained GUI, our Clash for Windows → Clash Verge Rev migration guide preserves mental models—profiles, overrides, and port habits—while updating you to a supported stack.

Day-one validation checklist for Windows 10

Spend fifteen deliberate minutes now to avoid myth-driven debugging later:

• Two browsers: Test Edge and, if installed, Firefox; extension-specific proxy settings love to contradict the OS.
• An IP or leak check page: Confirm the egress matches the selected node country or ASN when your threat model cares.
• One CLI tool: Run curl with explicit proxy flags or exported environment variables to match CFW’s port.
• Logs: Keep verbosity readable; silent failure is harder to diagnose than verbose noise you trim later.

Frequently asked questions

Is Clash for Windows still maintained in 2026?

Core development for legacy Clash lines ended; CFW itself is effectively archival software. You can still operate it with eyes open—verify installers, isolate machines if you worry about inactive codebases, and plan a path to Clash Verge Rev or another Mihomo-backed GUI when you want ongoing fixes.

Why does my subscription show zero proxies after import?

Rate limits, stale URLs, MITM proxies, DNS failures, and wrong system time all produce empty lists. Read CFW’s log for HTTP status codes before swapping profiles randomly.

Should I start with system proxy or TUN?

Start with system proxy for predictable browser workflows. Escalate to TUN when evidence shows specific binaries ignore OS proxy, not when a random comment says TUN is “always better.”

What localhost port should I trust?

Trust the numbers printed in CFW’s own UI for this version and profile, not a screenshot from 2021. Align developer tools and scripts with that single source of truth.

From legacy CFW to a maintained desktop home

Many traditional proxy clients either hide routing logic behind opaque wizards or push you into manual configuration files for every minor tweak, which is workable for engineers and brittle for everyone else. Clash for Windows earned its reputation by exposing logs, profiles, and policy toggles in one place—yet archival status means you trade cutting-edge fixes for familiarity.

A maintained Clash Meta stack—whether through a current GUI or the curated builds on this site—keeps subscription formats, rule providers, and security expectations aligned with 2026 networks. If you want that longevity without giving up structured rule modeling, move toward actively supported clients when your schedule allows and use Download Clash as the editorial front door pick installers deliberately rather than chasing stale mirrors.