This time using Nirsoft's LiveTcpUdpWatch since it has a nice flow view for tcp, but it doesn't know how to tie UDP messages into flows (udp and...
Some more questionable behavior by MS apps: download MSERT.EXE the Microsoft Support Emergency Response Tool, which does offline virus scanning....
After deleting the key Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices it...
I have never seen them mentioned anywhere. But I think they are the answer to the strange case, where data gets sent out by svchost despite there...
The curious part was that despite svchost wuauserv service had an allow rule, they were still getting blocked. Something not working quite right...
Trying out the Windows Server 2022 Eval and the log shows a lot of dropped outbound packets, for which I have allow rules in place. WFC is set to...
This is interesting, could you expand this a little? Why do tcp and udp need their own rules in order to accept incoming connections? I've really...
And related to rule security, because MS is unable to guarantee the evaluation order and acceptance of the rules (the "most specific" is supposed...
Found another bug/feature: make a new blank rule, enter 0.0.0.0/0 as (one part of) local/remote address. Click Create, poof, where did the rule...
This is a "forever old" bug which is still present in 6.4.0.0: -Make a firewall rule with the "windows defender firewall with advanced security"...
Is it possible to find out which firewall rule actually made the block, from the filter information? Filter Information: Filter Run-Time ID:...
I managed to realize the proper syntax for the custom view xml filter Tweaking that it's possible to have a view that only includes whatever one...
Is there a way to filter out broadcast packets in Event wiever custom view? It's hard to find important packet drops when most of it is broadcast...
