Help and Support

An exception may not show up in the Windows Firewall graphical user interface if you create the exception by modifying the registry

View products that this article applies to.
Article ID:897663
Last Review:November 14, 2007
Revision:4.5

Technical update, August 31, 2005

Microsoft has released a Microsoft Security Advisory about this issue for IT Professionals. The security advisory contains additional security-related information about this issue. To view the security advisory, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/advisory/897663.mspx (http://www.microsoft.com/technet/security/advisory/897663.mspx)
On This Page

SYMPTOMS

If you create an exception by modifying the registry on a computer that is running Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1), the exception may not show up in the Windows Firewall graphical user interface.

Back to the top

CAUSE

This behavior occurs if you do not specify a name when you add an exception by modifying the registry key. For example, this behavior occurs if you add a port to the registry and then set the registry value to 12345:TCP:*:Enabled. This value opens the TCP port 12345. However, the Windows Firewall graphical user interface does not show this port because the registry value does not contain a name. The following value is the correct value:
12345:TCP:*:Enabled:exception name

Back to the top

RESOLUTION

To resolve this issue in Windows XP Service Pack 2, install Update for Windows XP (KB897663). This update will make sure that a firewall exception created through the registry is listed in the Windows Firewall interface the same as if the exception was created in the interface itself. To download and install Update for Windows XP (KB897663), visit the following Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyId=478FD24B-B2C4-4207-B1B9-1C988698C888 (http://www.microsoft.com/downloads/details.aspx?FamilyId=478FD24B-B2C4-4207-B1B9-1C988698C888)

Prerequisites

Because of file dependencies, this update requires Windows XP Service Pack 2.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 (http://support.microsoft.com/kb/322389/) How to obtain the latest Windows XP service pack

Restart requirement

You do not have to restart the computer after you apply this software update.

File information

The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time   Version            Size    File name
   --------------------------------------------------------------
   04-Aug-2005  01:44  5.1.2600.2732      80,896  Firewall.cpl

Back to the top

STATUS

This behavior is by design.

Back to the top

WORKAROUND

To work around this behavior use one of the following methods.

Back to the top

Method 1: Append a name to the registry value

To work around this behavior, append a name to the registry value. For example, change 12345:TCP:*:Enabled to 12345:TCP:*:Enabled:exception name.

Back to the top

Method 2: Use the netsh firewall command

To work around this behavior, you can see the exceptions that you have created in the registry by using the netsh firewall command. To do this, follow these steps:
1.Click Start, click Run, type cmd, and then click OK.
2.Type netsh firewall show state verbose = enable, and then press ENTER.
3.Search the output text for the following text:
Ports currently open on all network interfaces
The ports and programs that are listed in the Ports currently open on all network interfaces section are unblocked. Additionally, these unblocked ports and programs represent enabled program or port exceptions.

Back to the top

MORE INFORMATION

For more information about how to configure Windows Firewall, visit the following Microsoft Web sites.

Back to the top

Windows Firewall Operations Guide

http://technet2.microsoft.com/windowsserver/en/library/c52a765e-5a62-4c28-9e3f-d5ed334cadf61033.mspx (http://technet2.microsoft.com/windowsserver/en/library/c52a765e-5a62-4c28-9e3f-d5ed334cadf61033.mspx)

Back to the top

Manually Configuring Windows Firewall in Windows XP Service Pack 2

http://technet.microsoft.com/en-us/library/bb877979.aspx (http://technet.microsoft.com/en-us/library/bb877979.aspx)
For more information about how to troubleshoot Windows Firewall settings, click the following article number to view the article in the Microsoft Knowledge Base:
875357 (http://support.microsoft.com/kb/875357/) Troubleshooting Windows Firewall settings in Windows XP Service Pack 2

Back to the top

APPLIES TO
Microsoft Windows Server 2003 SP1

Back to the top

Keywords: 
kbtshoot kbqfe kbfirewall kbsecurity kbhotfixserver kbsecadvisory KB897663

Back to the top

Article Translations

 

Other Support Options

  • Contact Microsoft
    Phone Numbers, Support Options and Pricing, Online Help, and more.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.