My service sometimes starts before Windows Firewall and all network traffic is blocked even though there is a program exception RRS feed

  • Question

  • I need my service to start after the firewall service so the network traffic isnt blocked. I know I could set the firewall service as a dependency but this will not work if the firewall service is disabled? Is there another service I should set as a dependency? I already use RPC.

    I dont see many topics related to this issue so I think I may be doing something wrong? Are there techniques I could use so ports are not opened until the firewall has started that are commonly employed by developers?
    Tuesday, November 24, 2009 8:49 PM

All replies

  • Assuming that you'r the service programmer, you could try to start the firewall service from your service initialization code and wait until the firewall service/driver is up and running before trying to open any ports. Because the Service Control Manager (SCM) also loads some of the drivers, you can use the SCM's standard API.
    Tuesday, December 1, 2009 12:54 PM
  • As Mitochondrion suggested, you can use the SCM APIs (OpenSCManager(), OpenService(), and QueryServiceStatus()) to see if MPSSvc (the Windows Firewall service) is started.

    Also of note, you can use WFP APIs ( to plumb in a filter that allows your traffic, and remove it once you detect Windows Firewall comes up.

    Hope this helps

    Dusty Harper [MSFT]
    Microsoft Corporation
    This posting is provided "AS IS", with NO warranties and confers NO rights
    Thursday, December 3, 2009 2:20 AM