From your description it seems that the connection with the service was in faulted state at the deletion time and the delete was only visual from the data grid. If you restart wfc.exe the same happens ? WFC uses Windows Firewall API so it can delete, add, or modify any rule. Please go to Event Viewer (eventvwr.msc). Under "Applications and Service logs" category, there is a subcategory named WFC. Here are logged all errors from WFC. When you are there, on the right panel is a button named "Save all events as...". Use this button to export an *.evtx file and send it to email@example.com to check the log.