Author Topic: Challenge: Firewall Exception  (Read 170 times)

AW

  • Member
  • *****
  • Posts: 1826
  • Let's Make ASM Great Again!
Challenge: Firewall Exception
« on: March 13, 2019, 10:04:25 PM »
This challenge is:
What is the simplest and shortest way to make an exception for my program (assuming it is running as Administrator) through the Windows Firewall.

Anyone?

felipe

  • Member
  • *****
  • Posts: 1147
  • Eagles are just great!
Re: Challenge: Firewall Exception
« Reply #1 on: March 13, 2019, 11:55:55 PM »
if exception here means to allow the program to accept incoming traffic from the internet and you are running as admin, the simple way i think it will be just to run the program. then windows will prompt you (at least 8.1) if you want to allow this program in the firewall to accept this incoming traffic, you reply yes (clicking 1 button) and that's all... :idea:

Maybe if the session is from a non admin user, even if you are running the program in "admin mode", after clicking the yes button, you will have to type the admin password. but i'm not sure if this is the case... :idea:
Felipe.

AW

  • Member
  • *****
  • Posts: 1826
  • Let's Make ASM Great Again!
Re: Challenge: Firewall Exception
« Reply #2 on: March 14, 2019, 01:09:47 AM »
if exception here means to allow the program to accept incoming traffic from the internet and you are running as admin, the simple way i think it will be just to run the program. then windows will prompt you (at least 8.1) if you want to allow this program in the firewall to accept this incoming traffic, you reply yes (clicking 1 button) and that's all... :idea:

Maybe if the session is from a non admin user, even if you are running the program in "admin mode", after clicking the yes button, you will have to type the admin password. but i'm not sure if this is the case... :idea:

Sure, lots of things work by clicking buttons when the user is asked to.
Now, imagine that in addition you want to remove the firewall exception when the programs ends execution. Sure, you can open Control Panel, look for the Firewall applet, look for the program, elevate permissions and remove it. But programmers are not expected to do things this way and are not expected to tell the users to bother doing it that way if they want to use programs (of course, some don't care  :biggrin:).


felipe

  • Member
  • *****
  • Posts: 1147
  • Eagles are just great!
Re: Challenge: Firewall Exception
« Reply #3 on: March 14, 2019, 02:13:51 AM »
i see, ok let me think a little bit on this.
Felipe.

Vortex

  • Member
  • *****
  • Posts: 1921
Re: Challenge: Firewall Exception
« Reply #4 on: March 14, 2019, 06:31:38 AM »
Exercising the Firewall using C++

Quote
The following code example exercises the Windows Firewall profile; displays the current profile, turns off the firewall, turns on the firewall, and adds an application.

https://docs.microsoft.com/en-us/previous-versions//aa364726%28v=vs.85%29

AW

  • Member
  • *****
  • Posts: 1826
  • Let's Make ASM Great Again!
Re: Challenge: Firewall Exception
« Reply #5 on: March 14, 2019, 10:23:01 PM »
Exercising the Firewall using C++

Quote
The following code example exercises the Windows Firewall profile; displays the current profile, turns off the firewall, turns on the firewall, and adds an application.

https://docs.microsoft.com/en-us/previous-versions//aa364726%28v=vs.85%29

I think most of this approach does not work properly with recent versions of Windows (I mean Windows Vista and later  :icon_rolleyes:).
They have other complicated and obscure approaches, but I meant a really simple and straightforward approach.

fearless

  • Member
  • ***
  • Posts: 371
    • LetTheLightIn
Re: Challenge: Firewall Exception
« Reply #6 on: March 14, 2019, 11:15:55 PM »
Write to firewall registry location directly maybe?
Code: [Select]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
Code: [Select]
Z:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe REG_SZ Z:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
fearless

CM690II Case, HX1000 PSU, Asus Z97, Intel i7-4790K, Seidon 120v Cooler, 16GB DDR3, MSI GTX 980TI

www.LetTheLight.in  My Github  Twitter

AW

  • Member
  • *****
  • Posts: 1826
  • Let's Make ASM Great Again!
Re: Challenge: Firewall Exception
« Reply #7 on: March 15, 2019, 12:29:14 AM »
@fearless

I can see that entry on a XP machine. Probably, is not being used anymore because I could not spot it in Windows 7 or 10.

Vortex

  • Member
  • *****
  • Posts: 1921
Re: Challenge: Firewall Exception
« Reply #8 on: March 15, 2019, 04:39:59 AM »
Hi AW,

Thinking about other possible methods. I know it's not a very elegant method but maybe one could extract and run an embedded .vbs script \ batch file to make an exception in the firewall. Just a quick and practical attempt.

AW

  • Member
  • *****
  • Posts: 1826
  • Let's Make ASM Great Again!
Re: Challenge: Firewall Exception
« Reply #9 on: March 15, 2019, 06:06:32 AM »
Hi Vortex,

Not elegant, but works, using the function system.
The following 2 are outdated but still work in Windows 10.
fwAppAdd db "netsh firewall add allowedprogram ""%s"" MyApp ENABLE>NULL",0
fwAppDisable db "netsh firewall add allowedprogram ""%s"" MyApp DISABLE>NULL",0

We have also these:
fwAppRemove db "netsh firewall delete allowedprogram ""%s"">NULL",0
fwFirewallOff db "netsh Advfirewall set allprofiles state off>NULL",0
fwFirewallOn db "netsh Advfirewall set allprofiles state on>NULL",0
fwStatus db "netsh Advfirewall show allprofiles",0