| Event Information | According to Microsoft :
Cause :
This event is logged when Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Resolution :
Check your network applications to ensure proper operation
The presence of this event at or near the start of the computer or for non-interactive system processes is normal, and typically does not indicate an error condition. Many network services run as non-interactive processes that cannot access the user session, and therefore cannot display the block notification.
The message in the event includes a Reason code. Refer to the following list for the possible values. - The application that was blocked is a system service.
- The application that was blocked is running in a non-interactive process.
- The firewall is off, and the application is allowed.
- The application is block listed.
- The session is inactive.
- An unknown error occurred.
- All inbound connections are disallowed.
- Inbound notifications are not enabled.
- All inbound connections are disallowed and inbound notifications are not enabled
If you turn inbound notifications off, Windows no longer automatically creates firewall rules after notifying you and getting permission. This means that you must manually enable or create firewall rules for all applications that require inbound unsolicited network traffic.
To turn off block notifications by using the Firewall Microsoft Management Console (MMC) snap-in: - Click Start , type wf.msc in the Start Search box, and then press ENTER.
- If the User Account Control dialog box appears, make sure that it is for an action you want, and then click Continue .
- In the navigation pane of the snap-in, right-click Windows Firewall with Advanced Security on Local Computer, and then click Properties .
- In the Properties dialog box, click the Domain, Private , or Public tab for the network location type that you want to modify.
- In the Settings section , click Customize .
- In the Firewall settings section, next to Display a notification , the current setting is displayed.
- Click No , and then click OK to close the dialog box.
- Close the MMC snap-in.
If you need to re-enable notifications, follow the same steps, but select Yes in step 7.
To turn off block notifications by using the netsh advfirewall command-line tool:- At a command prompt with administrator permissions, type the command:
netsh advfirewall setprofile settings inboundusernotification disable
where profile is one of the following values: allprofiles, currentprofile, domainprofile, privateprofile , or publicprofile .
If you need to re-enable notifications, follow the same step, but change disable to enable .
Verify :
By default, on Windows Server 2008, user notifications about blocked applications are disabled, and all notifications are made by using the security audit events only.
By default, on Windows Vista, Windows Firewall is configured to notify the user that an application has been blocked, and it prompts the user to take one of the following actions: "Keep Blocking," "Allow," or "Ask me later." The "Ask me later" option continues blocking the application, but causes the user prompt to display again the next time the application starts.
To verify the setting by using the Firewall Microsoft Management Console (MMC) snap-in: - Click Start , type wf.msc in the Start Search box, and then press ENTER.
- If the User Account Control dialog box appears, make sure that it is for an action you want, and then click Continue .
- In the navigation pane of the snap-in, right-click Windows Firewall with Advanced Security on Local Computer, and then click Properties .
- In the Properties dialog box, click the Domain, Private , or Public tab for the network location type that you want to modify.
- In the Settings section , click Customize .
- In the Firewall settings section, next to Display a notification , the current setting is displayed.
- 7.If you need to change the setting, click the button, select either Yes (default) or No , and then click OK to close the dialog box.
To verify the setting by using the netsh advfirewall command-line tool: - At a command prompt with administrator permissions, type the command:
netsh advfirewall show allprofiles settings - In the output section of each profile, look for the InboundUserNotification value. It will say Enable or Disable .
- If you need to change the setting, type the following command:
netsh advfirewall set profile settings inboundusernotification value where profile is one of the following values: allprofiles, currentprofile, domainprofile, privateprofile , or publicprofile , and value is either enable or disable . |