Windows Firewall

well i downloaded the new SP2 RC1 and like it so far

It adds a few new icons to your control panel
one is the security center where the install adds whatever antivirus you have to the security center and another icon is for the firewall only.
You can access both your Av and the built in firewall through the security center though.
With this new firewall you can allow or disallow programs to access the internet such as Yahoo AOL ect. You can add programs as you go.
After installing the new service pack , the first time i tried to start Yahoo Im, I got a firewall warning asking if I wanted to allow or not allow the program to access the internet.
You also get the choice to only allow the program on your LAN or not.
so this is all I have after the first 10 min of looking at it LOL
Oh yes I forgot to mention, when I started Firefox, I got no warning. Not sure why yet. I am also running Panda's firewall-Av along side of it .

 

It really isn't a good idea to run two firewalls at the same time. They compeat for sys resources, you might not be aware of the resourcse hit but it is there. Microsoft recomends that you disable ICF if you are running another firewall.

 

What i had read about SP2.RC1.2096- ICF, It only provides control over Applications acting as server.
If you block Application server rights then this Application isn't capable of receiving remotely started Incomings, am i wrong?

 

Here are the command line options:


Configuring Windows Firewall from the command lineAdvanced users can use the command line to configure Windows Firewall. You can use the netsh command line tool for this purpose.

The netsh commands in the following table are available for Microsoft Windows XP Service Pack 2 (SP2). Typing the command plus " /?" displays the Help for that command.

Group Command Description
Add netsh firewall add allowedprogram Adds allowed program configuration to Windows Firewall
netsh firewall add portopening Adds port configuration to Windows Firewall
Delete netsh firewall delete allowedprogram Deletes allowed program configuration from Windows Firewall
netsh firewall delete portopening Deletes port configuration from Windows Firewall
Reset netsh firewall reset Resets Windows Firewall configuration to default
Set netsh firewall set allowedprogram Sets allowed program configuration in Windows Firewall
netsh firewall set icmpsettings Sets ICMP configuration in Windows Firewall
netsh firewall set logging Sets logging configuration in Windows Firewall
netsh firewall set notifications Sets notification configuration in Windows Firewall
netsh firewall set opmode Sets operational configuration in Windows Firewall
netsh firewall set portopening Sets port configuration in Windows Firewall
netsh firewall set service Sets service configuration in Windows Firewall
Show netsh firewall show allowedprogram Shows allowed program configuration in Windows Firewall
netsh firewall show config Shows Windows Firewall configuration
netsh firewall show currentprofile Shows current profile of Windows Firewall
netsh firewall show icmpsettings Shows ICMP configuration in Windows Firewall
netsh firewall show logging Shows logging configuration in Windows Firewall
netsh firewall show notifications Shows notification configuration in Windows Firewall
netsh firewall show opmode Shows operational configuration in Windows Firewall
netsh firewall show portopening Shows port configuration in Windows Firewall
netsh firewall show service Shows service configuration in Windows Firewall
netsh firewall show state Shows current state of Windows Firewall

Notes

The Set machine, Set online, Set offline, and Dump commands are not supported in Windows Firewall. These commands do not do anything.
The Show commands usually only display locally configured settings. Group policy settings are not displayed except in Show state.

 

bigc73542

Yes I am aware of MS's warning about running two firewalls at the same time. So far I have not seen any conflicts for resources. I just installed it today so really don't know that much about it yet. i am still reading the help files.
I can tell you the install went very smoothly. After install there is 4 critical March updates that need to be done though.

 

Hello

as you can see from the screen shots, I still haven't figured out this Windows built in firewall yet. I turned off Sygate to look at it a bit.
from inside the firewall you should be able to check the options you want enabled. As you can see, i do not have Remote Assistance ticked but from the Show Configurations setting on the command line, it shows enabled.

 

Command Line Options:

 

I guess this behaviour is normal when you have "My network (subnet) only" checked on an Application.

 

You can simply check "Any computer (including those on Internet)".

 

&

 

But shouldn't the command

netsh firewall set service remoteadmin disable
shut it off no matter if you have all computers checked or not?
seems odd to me.

I still get the same results when checking subnet only

 

This appears to be how it’s designed, when “My Network (subnet) only” is checked it overrides “Programs and Services:” settings. Guess Microsoft didn’t think of possible threats on users Networks.

 

No, take it off that setting by simply checking "Any computer (including those on Internet)", but keep the check off that application in "Programs and Services:" Properties...

 

Phantom

I know you are very knowledgable with fiirewall and am happy for your help. thank You

So far i have tried always unchecking that options in the program section.
No checkmark in remote assistance.
and I have tried ticking the Any Computer ( Including those on the Internet )
and I have tried ticking My Network ( Subnet Only ) and the show config always shows enable remote assistant .
scratching head here again

 

Hmm Interesting, i guess re-booting may be needed after making modification in that way...

 

Nope rebooting don't seem to help

Even tried these settings which are suppose to even block
any you have ticked

 

complete:

 

Did you go to DOS and type

netsh firewall show config on your system yet?
and if so does yours show enable remote assistant?

thanks

 

I’m convinced! Appears making modification to that app doesn’t apply or apply fully.

* I'm in process of downloading but afterwards i'll see what i can find out about this...

 

ok here we go: might be onto something

 

Appears Standard and Domain profiles are different.

the ticks in the GUI must effect the domain and not the standard profiles.

 

I simply removed

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:Remote Assistance"

which is in the registry to fix that prob also

 

Ok now that is cheating LOL

but i really like the DOS command

netsh firewall show config verbose = enable

This command gives you the whole firewall configuration.

and looking down under allowed programs configration for standard profile it shows the default settin as DISABLE
but there is a ton of other info which is interesting




l

 

C:\Documents and Settings\controler>netsh firewall show config verbose = enable

Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable

Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Disable No File and Printer Sharing
Scope: LocalSubNet
Disable No UPnP framework
Scope: LocalSubNet
Disable No Remote Desktop
Scope: *
Disable No Remote Administration
Scope: *

Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Scope: *

Port configuration for Domain profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Disable NetBIOS Session Service
Scope: LocalSubNet
445 TCP Disable SMB over TCP
Scope: LocalSubNet
137 UDP Disable NetBIOS Name Service
Scope: LocalSubNet
138 UDP Disable NetBIOS Datagram Service
Scope: LocalSubNet
1900 UDP Disable SSDP
Scope: LocalSubNet
2869 TCP Disable UPnP framework over TCP
Scope: LocalSubNet
3389 TCP Disable Remote Desktop
Scope: *

ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Disable 2 Allow outbound packet too big
Disable 3 Allow outbound destination unreachable
Disable 4 Allow outbound source quench
Disable 5 Allow redirect
Disable 8 Allow inbound echo request
Disable 10 Allow inbound router request
Disable 11 Allow outbound time exceeded
Disable 12 Allow outbound parameter problem
Disable 13 Allow inbound timestamp request
Disable 17 Allow inbound mask request

Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Disable
Multicast/broadcast response mode = Enable
Notification mode = Enable

Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Disable No File and Printer Sharing
Scope: LocalSubNet
Disable No UPnP framework
Scope: LocalSubNet
Disable No Remote Desktop
Scope: *
Disable No Remote Administration
Scope: *

Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Disable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Scope: LocalSubNet

Port configuration for Standard profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Disable NetBIOS Session Service
Scope: LocalSubNet
445 TCP Disable SMB over TCP
Scope: LocalSubNet
137 UDP Disable NetBIOS Name Service
Scope: LocalSubNet
138 UDP Disable NetBIOS Datagram Service
Scope: LocalSubNet
1900 UDP Disable SSDP
Scope: LocalSubNet
2869 TCP Disable UPnP framework over TCP
Scope: LocalSubNet
3389 TCP Disable Remote Desktop
Scope: *

ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Disable 2 Allow outbound packet too big
Disable 3 Allow outbound destination unreachable
Disable 4 Allow outbound source quench
Disable 5 Allow redirect
Disable 8 Allow inbound echo request
Disable 10 Allow inbound router request
Disable 11 Allow outbound time exceeded
Disable 12 Allow outbound parameter problem
Disable 13 Allow inbound timestamp request
Disable 17 Allow inbound mask request

Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable

Port configuration for Local Area Connection:
Port Protocol Mode Name
-------------------------------------------------------------------
443 TCP Disable Secure Web Server (HTTPS)
80 TCP Disable Web Server (HTTP)
110 TCP Disable Post-Office Protocol Version 3 (POP3)
25 TCP Disable Internet Mail Server (SMTP)
21 TCP Disable FTP Server
3389 TCP Disable Remote Desktop
143 TCP Disable Internet Mail Access Protocol Version 4 (IMAP4)
220 TCP Disable Internet Mail Access Protocol Version 3 (IMAP3)
23 TCP Disable Telnet Server

ICMP configuration for Local Area Connection:
Mode Type Description
-------------------------------------------------------------------
Disable 3 Allow outbound destination unreachable
Disable 4 Allow outbound source quench
Disable 5 Allow redirect
Disable 8 Allow inbound echo request
Disable 10 Allow inbound router request
Disable 11 Allow outbound time exceeded
Disable 12 Allow outbound parameter problem
Disable 13 Allow inbound timestamp request
Disable 17 Allow inbound mask request

Log configuration:
-------------------------------------------------------------------
File location = (null)
Max file size = 0 KB
Dropped packets = Disable
Connections = Disable


C:\Documents and Settings\controler>