Firewall rule doesn't work

A

Armin Zingler

Hi,


my default setting for the firewall is to block all traffic. Exceptions are added if necessary. This strategy will not be changed for there is no clarity regarding all the traffic going on. For instance, two exceptions enable DNS and DHCP. This works well. Another one is svchost, service="Cryptographic services" (CryptSvc). The latter does not work. This means, the firewall still blocks these packets. I have verified my rule multiple times, even removed it and added it again.


As the normal firewall log file isn't speaking enough, I have enabled logging of dropped packets in the event log via group policies. I wrote a little program for live observation of these log entries. Thereby, I am able to lookup the services from the logged process ID.


f399ea64-c0f3-4d3c-b8bc-55f1ecb193c9?upload=true.png


The firewall rule exactly matches this case. Consequently, the packet should not be blocked. The rule is: Allow, Outgoing, program=svchost, service=CryptSvc, all profiles, all local ports, all IPs, protocol TCP, remote ports 80 and 443.


So my question is: Why does the firewall block packets even if a rule allows them? (There is no other rule denying it)


Win 10 x64 Pro


Thanks

Continue reading...
 
You must log in or register to reply here.

Similar threads

M
Can i exclude set of IP Address range from the Windows Firewall Rule?
Replies
0
Views
138
MujahithMuzamil
M
B
  • Article
Announcing Windows 11 Insider Preview Build 25992 (Canary Channel)
Replies
0
Views
75
Brandon LeBlanc
B
J
I create a new rule (Windows Defender Firewall) for outgoing and incoming traffic, a rule to block all protocols etc. for PowerShell.exe, will somethi
Replies
0
Views
276
Jan Nowak_423
J
B
Windows Defender Firewall + Windows FTP Server
Replies
0
Views
164
BANDWICHES
B
Y
How to block any incomming and outgoing ip traffic for given ip ranges with Windows 10 Firewall?
Replies
0
Views
237
-YB
Y
Back
Top Bottom