G
George Christian
I have a number of client machines that appear to have the firewall
running even though it has been disabled via Group Policy settings
(HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile
EnableFirewall is set to 0).
If detailed auditing is turned on the messages like this appear:
"The Windows Firewall has detected an application listening for incoming
traffic. Name: - Path: C:\WINDOWS\system32\svchost.exe Process
identifier: 1072 User account: SYSTEM User domain: NT AUTHORITY Service:
Yes RPC server: No IP version: IPv4 IP protocol: UDP Port number: 1364
Allowed: No User notified: No"
A netsh firewall show state, results in the following:
Firewall status:
-------------------------------------------------------------------
Profile = Domain
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Disable
Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
137 UDP IPv4 (null)
139 TCP IPv4 (null)
138 UDP IPv4 (null)
3389 TCP IPv4 (null)
445 TCP IPv4 (null)
Is the firewall really stopped, and if so what is causing those
messages, and it is not stopped how can I disable it?
George Christian
Cyence International
running even though it has been disabled via Group Policy settings
(HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile
EnableFirewall is set to 0).
If detailed auditing is turned on the messages like this appear:
"The Windows Firewall has detected an application listening for incoming
traffic. Name: - Path: C:\WINDOWS\system32\svchost.exe Process
identifier: 1072 User account: SYSTEM User domain: NT AUTHORITY Service:
Yes RPC server: No IP version: IPv4 IP protocol: UDP Port number: 1364
Allowed: No User notified: No"
A netsh firewall show state, results in the following:
Firewall status:
-------------------------------------------------------------------
Profile = Domain
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Disable
Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
137 UDP IPv4 (null)
139 TCP IPv4 (null)
138 UDP IPv4 (null)
3389 TCP IPv4 (null)
445 TCP IPv4 (null)
Is the firewall really stopped, and if so what is causing those
messages, and it is not stopped how can I disable it?
George Christian
Cyence International