Windows XP SP2 firewall still not working right

From: Russell May (russmay_at_toastNotthis.net)
Date: 07/28/05 

Date: Thu, 28 Jul 2005 03:16:43 -0500

This is an update and maybe clarification of earlier messages.

My Windows XP Home SP2 firewall is not working as expected.
It ignores its checkboxes for network connections and exceptions.
Is there a way to repair it without uninstalling SP2?
For example, can just the Windows firewall be reinstalled?

Here is some history of what has happened and how it behaves.

I use a DSL gateway which includes a hardware firewall. There are no
other computers connected to the gateway.

I cloned my boot disk drive to a new disk drive, disconnected the
original drive, made the clone my boot disk drive, and defragged it.

I used the computer that way for a while with no significant problems
under Windows XP SP1. Firewall settings were: Firewire and Ethernet
(DSL) network connections were unselected but my rarely-used dialup
connection was selected. Default exceptions were used.

Then I installed SP2 via Windows Update. That went smoothly except my
modem was not recognized on the first reboot. It was automatically
reinstalled. Since then, the firewall has not worked as expected or
described anywhere. That is still true after I disabled my unused
firewire connection in BIOS, and made several changes required to get
SP2 to work right: reinstalled Windows Media Player, uninstalled two
versions of Java and installed the latest JRE, removed and reinstalled
the HP Laserjet 2300d PCL5e driver.

If the Windows firewall is ON: It ignores its checkboxes for network
connections (Control Panel - Windows Firewall - Network Connections
Settings). It also ignores its checkboxes for exceptions (Control
Panel - Windows Firewall - Advanced - Exceptions). It operates as if
all such checkboxes are marked regardless of whether they are actually
marked. Unmarking a checkbox has no effect.

If these two programs are not in its exceptions list, the Windows
firewall blocks them after I log into my user account of Windows:
  Java(TM 2 Platform Standard Edition binary (javaw.exe)
  HP SocketPing Server (hpbspsvr.exe)
The latter is only blocked if the Laserjet is in Standby. It has
always had a minor problem of trying to notify me about printer status
even it I selected nothing to be monitored and never to be notified.

If the two programs are in the exceptions list, they are not blocked
regardless of whether their checkboxes are marked.

Running "netsh firewall show state" and "netsh firewall show config"
show nothing that seems unexpected. Here are details with default
configuration except both network connections are deselected. The two
programs are blocked with this configuration.

Firewall status:
-------------------------------------------------------------------
Profile = Standard
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = None
Remote admin mode = Disable

Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
No ports are currently open on all network interfaces.

Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable

Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe

Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable

Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe

Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable

Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Disable

Dialup firewall configuration:
-------------------------------------------------------------------
Operational mode = Disable

Relevant Pages

  • Re: Users, Groups & Built-in Security Principles
    ... > Help Services Group ... > NETWORK SERVICE ... Windows XP is a multi-user OS, even when used by one person only, the ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Cannot access my network
    ... My Windows Live touble shooter ... firewall issue' (I've turned OFF my windows firewall and do not believe ... XX (home network name) is not accessible. ... Create identical user accounts and passwords on all machines. ...
    (microsoft.public.windowsxp.network_web)
  • wired-wireless-internet connection interference
    ... My Windows Live touble shooter ... firewall issue' (I've turned OFF my windows firewall and do not believe ... XX (home network name) is not accessible. ... Create identical user accounts and passwords on all machines. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Still cant connect to RWW or OWA remotely
    ... another program or service is running that might use the network address ... This sounds like a Windows Firewall problem. ... match the broadband connection, the two NIC firewall, the remote ...
    (microsoft.public.windows.server.sbs)
  • Re: Network settings ?
    ... The windows firewall is disabeled and file and print shareing are ... >>network it says i dont have permission and to contact the administrator. ... use the un-install procedure provided by the ...
    (microsoft.public.windowsxp.network_web)