Windows Filtering Platform: What's new in Windows 7 RRS feed

  • General discussion

  • Hello Everyone,


    Based on your feedbacks since the introduction of the WFP APIs in Vista we had added many new features and enhancements in our Windows 7 release.


    The whitepaper published here gives a high level overview of the new/enhanced functionalities added in Windows 7.




    We encourage everyone here to review the documentation, download the Windows 7 beta, try out the new features, and give us additional feedbacks.


    Also free feel to post any questions you might have regarding the WFP release in Windows 7.


    Thanks in advance,


    Thursday, January 15, 2009 10:26 PM

All replies

  • I just went thru the doc and it seems that WFP in Win7 will have all the improvements that we all asked for!

    I have a couple of preliminary questions though:
    1. New MAC layers. It is noted that packet injection is not going to be supported at these layers, which I assume also implies that OOB inspection is not supported as well. We really need to be able to a) inspect packets OOB; b) inject new packets at the MAC layer. Please comment on how this can be achieved in Win7 using only the WFP technology, i.e. w/o having to write an NDIS LWF driver.

    2. I installed the latest WDK available from MSDN (7.0.6949.1), but the supplied documentation does not seem to refer to any of the new features nor the samples illustrate how we can use them. Where can we get an updated docs and some sample code? I suppose we can start developing thru the trial and error method, but there has to be a better way.

    Wednesday, January 21, 2009 1:17 AM
  • I am a bit new to the windows filtering platform, but my employer has suddenly gotten a great interest in adding firewall (basically WFP stuff) to our product.  One general issue is backward compatibility.  As it stands now, I have to deal with windows XP vs Vista.  Now with windows 7, whenever that comes out, will I have to deal with XP vs Vista vs Windows 7?  Can you see it in your heart, to bring this technology back to Vista as well?  Hopefully XP will be dead by then, but this dancing around non-backward compatibility is killing me.

    Once again stating that I am new to the vista WFP stuff, but I am intimately familiar with IPFW2 of the "nix" world.  Its API structure is horrible, but it lets you do a lot of stuff and you have absolute control over everything.  IF the current WFP stuff can not give me that kind of control, I would like you to make sure the Windows 7 WFP will.  IPFW2 has been around forever and there is no reason windows should have a weaker system then IPFW2.
    Thursday, February 19, 2009 3:50 PM
  • I had the some problems with the WFP / BFE.  After much work there was nothing that could be found to fix the problem.  nothing seemed to explain why windows blocked all traffic including connecting to the local loopback address.  Only way to fix this was by disabling BFE.

    What I was able to do is use netsh.


    The netsh wfp command showed what was really going on in the WFP filtering system.
    To use netsh open CMD as an administrator.

    type...   netsh wfp show filters file="c:\filters.cml"

    Note: the file can be anywhere.

    I looked in the xml file in notepad and found in the data fields some Symantec references.  Now I did not have Symantec installed in anyway I could see obviously.  So I used the removal tool.  Here is a good list of them:


    After rebooting these Symantec filters disappeared and it worked!

    I have to say I am really disappointed in the total lack of admin tools for WFP.  So what is there is a windows firewall tool when there might be other programs you don't even know exist messing with WFP.  There really needs to be better tools to manage this system.  If there is a tool like this please make sure it's listed in the first page of the MSDN documents for WFP as well as the standard windows product information page.  It was way too easy for an incomplete Symantec Uninstall to cause havoc.

    Wednesday, August 19, 2009 5:12 AM
  • To follow up:
    1. It is still necessary to use NDIS for this.
    2. The WDK's since the RTM (WDK 7.0.0. and more recently, 7.1.0) both include samples demonstrating new Win7 functionality.
    Thursday, March 18, 2010 12:58 AM
  • To follow up:

    *Anything you could do in XP, you can do in Vista and Win7.
    *Anything you could do in Vista, you can do in Win7.
    *It's just easier to do it in a newer version.

    WFP is new since Vista and significantly easier to work with.  The features mentioned here are only what's new in Win7, but all the important things have been in WFP since Vista.  So, target XP and Vista and you should be fine.
    Thursday, March 18, 2010 1:00 AM
  • To follow up:

    * netsh is pretty much the most functional admin tool for wfp and all other networking technologies.  The tool you are asking for, is netsh.
    * It is ALWAYS the case that misbehaving code running at kernel mode will break the system in new and exciting ways (well, maybe not exciting).  Dropped packets is the least of your worries.  There's very little that can be done about this, except having higher standards for the software you install, and communicating with the vendors at fault.
    * Note that you can try using the troubleshooting feature in Network and Sharing Center and it will track down specific firewall rules that are blocking connections.
    * For troubleshooting rogue filters and packet drops, you can use WFP logging to see exactly why traffic is being dropped.  http://the.techy.dstro.com/ikelogs

    Thursday, March 18, 2010 1:05 AM