A User Cannot Determine What to Add to the Exceptions List

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Typically, you have this problem when you try to add a program to the exceptions list, but you cannot find the program's executable (.exe) file or the program relies on secondary .exe files and dynamic-link library (.dll) files and you do not know which files to add to the exceptions list.

Cause

Some programs run as a system service and might not have an .exe file that you can add to the exceptions list. In addition, some programs rely on secondary .exe files or .dll files to process incoming traffic. In this case, adding the program's primary .exe file to the exceptions list will not open the port that the program needs because the program uses a secondary .exe file or .dll to process incoming traffic.

Solution

To fix this problem, ask the program vendor or read the program documentation to see which .exe file the program uses to listen for unsolicited traffic, and then add the .exe file to the exceptions list.

To add a program to the exceptions list

  1. Open Windows Firewall, and then click the Exceptions tab.

  2. On the Exceptions tab, click Add Program, and then follow the instructions that appear on your screen.

If you cannot determine which .exe file to add to the exceptions list, you might be able to use Event Viewer to determine which .exe file the program uses to listen for unsolicited traffic.

Note

You must configure audit policies to see Windows Firewall events. For more information, see Configuring a Computer for Windows Firewall Troubleshooting.

To view Windows Firewall notification events in Event Viewer

  1. Open Event Viewer.

  2. Click Security, and look for the most recent Failure Audit event type that has an Event identifier of 861.

  3. Double-click the event.

  4. The path and the name of the .exe file should appear next to Path.

  5. If there is no information next to Path, write down the number that appears next to Process Identifier.

If you know the process identifier (PID) for the .exe file that attempted to listen for unsolicited traffic, you can use the tasklist command to determine the name of the .exe file.

To determine which .exe file is associated with a process identifier

  1. At the command line type tasklist, and then press ENTER.

  2. Use the PID to identify the .exe file.

If you still cannot determine which .exe file is listening for unsolicited traffic, try using the tasklist and netstat commands to determine which ports the program uses, and then add those ports to the exceptions list.

To determine the ports used by a program

  1. Start the program that you want to evaluate.

  2. At the command line, type tasklist, and then press ENTER.

  3. Look up the PID that is associated with the program you are evaluating. If the program relies on more than one .exe file, be sure to look up the PID for each .exe file.

  4. At the command line, type netstat -a -o -n, and then press ENTER.

  5. Use the program’s PID(s) to determine the ports on which the program is listening.

To add a port to the exceptions list

  1. Open Windows Firewall, and then click the Exceptions tab.

  2. Click Add Port.

  3. In Name, type a friendly name for the port exception.

  4. In Port number, type the port number used by the program.

  5. Click either TCP or UDP to specify the type of port that corresponds to your port number.

  6. Repeat steps 2 through 5 if your program uses multiple ports and the ports are not enabled in the exceptions list.

Important

Adding a port to the exceptions list can lessen the security of your computer because the port will be open any time the computer is running. You should add ports to the exceptions list only when it is not possible to add a program to the exceptions list.