locked
I want to know the name of the blocked process. RRS feed

  • Question

  • Hi all, I'm making simple firewall using User-mode WFP.
    Except for some ip address, I was block all it.
    I want to inform USER that it's blocked with ProcessName.
    It is possible User-mode WFP ?, How do I?
    Friday, January 8, 2010 10:08 AM

Answers

  • This is not possible using only WFP's user mode components.  You would need to build a kernel mode callout so you can retrieve the PID from the Metadata.  Ideally in this scenario, you would have the callout be at the inspection sublayer.

    Hope this helps

     
    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Friday, January 8, 2010 8:39 PM
    Moderator

All replies

  • This is not possible using only WFP's user mode components.  You would need to build a kernel mode callout so you can retrieve the PID from the Metadata.  Ideally in this scenario, you would have the callout be at the inspection sublayer.

    Hope this helps

     
    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Friday, January 8, 2010 8:39 PM
    Moderator
  • Thank you so much.
    Sunday, January 10, 2010 6:52 AM