Firewall rules: how to get list of allow program through firewall?

Discussion in 'Windows Vista Security' started by Manoj Chanchawat, Symantec Corporation., Oct 18, 2006.

  1. Hey all,

    From the given list of all windows firewall, how can we extract the list of
    firewall rules which give me the exceptions (Program & Port allowed through
    firewall). How can we diffrentiate between exception firewall rules and other
    firewall rules.

    Just for information:
    1. the firewall rules can be found out at:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

    2. the exceptions rules are always have name in form of GUID. for ex:
    {78A1E056-FBC3-42D6-AE0B-22F8E019315E}

    Thanks,
    Regards,
    Manoj
     
    Manoj Chanchawat, Symantec Corporation., Oct 18, 2006
    #1
    1. Advertisements

  2. "Exceptions" is the old XP language that we're trying not to use anymore. The XP firewall had only exceptions, meaning rules that allow programs to listen for incoming connections. The Vista firewall has inbound and outbound rules, which you typically configure this way:
    a.. inbound rules allow programs and ports and users and computers to accept incoming connections
    b.. outbound rules prohibit programs and ports and users and computers from creating outgoing connections
    Because you're asking about exceptions, I assume that you're asking about all inbound rules? In the registry, these would be all rules that include "Action=Allow|Active=TRUE|Dir=In" in the rule text. You could also simply open the MMC, navigate to "Inbound Rules," and export the whole list.

    I have to say this here, of course... while you can see all the rules in the registry, editing them here is untested and unsupported. You should use only the MMC to make rule changes.

    ______________________________________________________
    Steve Riley

    http://blogs.technet.com/steriley
    http://www.protectyourwindowsnetwork.com


    Hey all,

    From the given list of all windows firewall, how can we extract the list of
    firewall rules which give me the exceptions (Program & Port allowed through
    firewall). How can we diffrentiate between exception firewall rules and other
    firewall rules.

    Just for information:
    1. the firewall rules can be found out at:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

    2. the exceptions rules are always have name in form of GUID. for ex:
    {78A1E056-FBC3-42D6-AE0B-22F8E019315E}

    Thanks,
    Regards,
    Manoj
     
    Steve Riley [MSFT], Oct 18, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.