A Program Removed from the Exceptions List Keeps Working

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Typically, you see this behavior when you remove a program from the exceptions list and then run the program. Although the program is not on the exceptions list, it runs as though it is still listed in the exceptions list.

Cause

This can occur for several reasons.

  • The program might not listen for unsolicited traffic all of the time. Some programs listen for unsolicited incoming traffic only when you enable certain options or use certain program features.

  • There might be another exception on the exceptions list that opens a port used by the program. In this case, the program will still run normally even though it is not listed in the exceptions list.

  • The program might use the Windows Firewall application programming interface (API) to add a required port to the exceptions list without notifying you.

Solution

You cannot prevent a program from using the Windows Firewall API to add a port to the exceptions list. If you need to prevent this, contact the program vendor or read the program documentation to see if there is a way to disable the feature that listens for incoming traffic. This might prevent the program from using the Windows Firewall APIs.

If the program consists of several components or features, and only one of those components or features is responsible for handling unsolicited incoming traffic, you can try to disable the feature or the component. The program vendor might be able to provide with a registry modification to do this.

If the program is using a port that is already listed in the exceptions list, contact the program vendor or read the program documentation to determine which ports the program uses. If you cannot determine this, run the program and then use the tasklist and netstat commands to determine which ports the program is using. To do this, you might need to contact the program vendor or read the program documentation to determine which program features you need to use or which program options you need to enable to force the program to listen on a port.

To determine the ports used by a program

  1. Start the program that you want to evaluate.

  2. At the command line, type tasklist, and then press ENTER.

  3. Look up the process ID (PID) that is associated with the program you are evaluating. If the program relies on more than one .exe file, be sure to look up the PID for each .exe file that the program is using.

  4. At the command line, type netstat -a -o -n, and then press ENTER.

  5. Use the program’s PID to determine the ports on which the program is listening.

After you identify the port that the program uses, see if the port is already listed on the exceptions list.

To identify ports that are enabled in the exceptions list

  • At the command line, type netsh firewall show state, and then press ENTER.

    Ports that are designated as open are enabled in the Windows Firewall exceptions list.

Finally, if the port is in the exceptions list, you need to determine whether you can remove the port without causing other programs or system services to stop running. Removing a port from the exceptions list might prevent other programs and system services from running properly.