Something is changing my firewall settings!

TheMSsForum.com: The Microsoft Software Forum

Hello,

I posted this already in microsoft.public.windows.networking.firewall
but haven't heard anything, thought maybe this group would be
appropriate -- this seems like a big deal, security-wise(?):

I unchecked the "file and printer sharing" exception in XP SP2's
firewall. (This exception is enabled by default)

Somehow it re-checks itself! I can't tell when it happens but
eventually (not necessarily just a reboot) it gets checked.

A similar issue was posted in this item:

http://groups-beta.google.com/group/microsoft.public.windows.networking.firewall/msg/7b293705ef8a35d2
But there didn't seem to be any resolution.

How can this happen? How can i tell what is re-checking this?
Thanks!
Ed

postscript: I loaded up the Regmon utility, and filtered on
"FirewallPolicy". I caught the change occuring when I accessed shared
files on my PC from a second PC on my *un-firewalled* LAN -- i have a
second wireless LAN which is the one I want to protect. According to
regmon, the process doing this was explorer.exe (which doesn't really
tell me much).
I say I "caught" it: I caught it once, and now I can't reproduce it
!#$%^
For the curious, the registry keys are at:
HLM\SYSTEM\ControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
Top

Re: Something is changing my firewall settings! by Bigbruva

Bigbruva
Wed Dec 22 09:40:28 CST 2004

Hi Ed

This is a rather interesting "feature". I haven't been able to repro this
issue but I wondered if you could work around this problem if you left the
exception in place but used a Custom list in the Scope listing the computers
on your trusted LAN.

Select "Edit" from the "Exceptions" tab on the "File and Printer Sharing"
Service.
Click "Change scope"
Select the "Custom" radio button and enter the IP address of the PC on your
trusted LAN.

At this point the exception will only work for the IP addresses in the list.
I know it isn't fixing the "feature" but it might be an acceptable
workaround. Let us know if this works for you.

BB

"ed b" <ebeighe@msn.com> wrote in message
news:1103667539.174435.262620@c13g2000cwb.googlegroups.com...
> Hello,
>
> I posted this already in microsoft.public.windows.networking.firewall
> but haven't heard anything, thought maybe this group would be
> appropriate -- this seems like a big deal, security-wise(?):
>
> I unchecked the "file and printer sharing" exception in XP SP2's
> firewall. (This exception is enabled by default)
>
> Somehow it re-checks itself! I can't tell when it happens but
> eventually (not necessarily just a reboot) it gets checked.
>
> A similar issue was posted in this item:
>
> http://groups-beta.google.com/group/microsoft.public.windows.networking.firewall/msg/7b293705ef8a35d2
> But there didn't seem to be any resolution.
>
> How can this happen? How can i tell what is re-checking this?
> Thanks!
> Ed
>
> postscript: I loaded up the Regmon utility, and filtered on
> "FirewallPolicy". I caught the change occuring when I accessed shared
> files on my PC from a second PC on my *un-firewalled* LAN -- i have a
> second wireless LAN which is the one I want to protect. According to
> regmon, the process doing this was explorer.exe (which doesn't really
> tell me much).
> I say I "caught" it: I caught it once, and now I can't reproduce it
> !#$%^
> For the curious, the registry keys are at:
> HLM\SYSTEM\ControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
>


Top

Re: Something is changing my firewall settings! by Bob

Bob
Wed Dec 22 09:45:39 CST 2004

Does it happen if you are not running as an administrator on that box?

--
Bob McCoy
* This posting is provided "AS IS" with no warranties, and confers no
rights.
* Please note I cannot respond to email questions. Please use these
newsgroups.


"ed b" wrote in message ...
> Hello,
>
> I posted this already in microsoft.public.windows.networking.firewall
> but haven't heard anything, thought maybe this group would be
> appropriate -- this seems like a big deal, security-wise(?):
>
> I unchecked the "file and printer sharing" exception in XP SP2's
> firewall. (This exception is enabled by default)
>
> Somehow it re-checks itself! I can't tell when it happens but
> eventually (not necessarily just a reboot) it gets checked.
>
> A similar issue was posted in this item:
>
> http://groups-beta.google.com/group/microsoft.public.windows.networking.firewall/msg/7b293705ef8a35d2
> But there didn't seem to be any resolution.
>
> How can this happen? How can i tell what is re-checking this?
> Thanks!
> Ed
>
> postscript: I loaded up the Regmon utility, and filtered on
> "FirewallPolicy". I caught the change occuring when I accessed shared
> files on my PC from a second PC on my *un-firewalled* LAN -- i have a
> second wireless LAN which is the one I want to protect. According to
> regmon, the process doing this was explorer.exe (which doesn't really
> tell me much).
> I say I "caught" it: I caught it once, and now I can't reproduce it
> !#$%^
> For the curious, the registry keys are at:
> HLM\SYSTEM\ControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
>


Top

Re: Something is changing my firewall settings! by ed

ed
Thu Dec 23 13:20:37 CST 2004


Bigbruva wrote:
> ... I wondered if you could work around this problem if you left the
> exception in place but used a Custom list in the Scope listing the
computers
> on your trusted LAN.
>

Actually, i tried that -- i put in a bogus IP address on one of the
ports. Whatever is doing the deed just when ahead and overwrote it
(back to the defaul scope which is subnet only). The rascal!

In answer to the next post about Administrator vs. Limited account:
Everything is administrator mode accounts :-(
I actually went through the exercise of trying to set limited accounts
and only use those but i have some oddball stuff i use, as well as an
apparently unusual setup in Outlook Express that is prohibiting me from
running in limited at the present time.

I also haven't been able to reproduce the issue since I made my
original posting a couple of days ago -- so i'm kindof perplexed now.
Thanks for the ideas.
Ed

Top

Re: Something is changing my firewall settings! by ed

ed
Tue Jan 18 09:09:39 CST 2005

[i got a reply to my query in another newsgroup -- it seems germane
here]

Thanks. that was baffling me -- so at least now i know!
I guess the theory behind this is that if a user is adding a share,
he/she *must* be wanting to punch a hole through the firewall. But this
logic fails for a system with multiple network adapters(say, for
example, a WAN which is firewalled, and a LAN where firewall is
disabled). It seems like the os should at least ask if the user wants
to do this.


Dusty Harper {MS} wrote:
> Any time you try to create a share, then this setting will get
rechecked.
[automatically creating a firewall exception for file/printer sharing]
> You can list all your shares using net share.
>
> If you aren't sharing anything out, then you should only have the
hidden
> shares ( IPC$, <DriveLetter>$, ADMIN$, print$ )
>
> You should remove all other shares ( including print shares ) if you
don't
> intend to use them.
> --
> --
> Dusty Harper
> Microsoft Corporation
>
----------------------------------------------------------------------------
> This posting is provided "AS IS", with NO warranties and confers NO
rights
>
----------------------------------------------------------------------------
>

Top