Windows 10: block inbound ftp connections on windows devices

I need to block inbound ftp connections for our endpoints using Microsoft Defender Firewall Rules in Microsoft Intune admin center. The basic requirement is that if a user installs an FTP server service locally using any FTP software FileZilla.IIS, etc.., no one should be connected to the ftp server locally or remotely. In our Microsoft Intune admin center, I configured the following two rules and assigned them to a specific group. I can still telnet to the local IP address.I'm seeking a solution for this.Thanks

:)

 

The Microsoft (Hotspot) wi-fi direct virtual adapter is blocking FTP

Hi Support,

I have encountered an unexpected problem when using the Windows 10 Hotspot feature. When I connect to the hotspot using another Win 10 system everything works as normal except it blocks the FTP protocol.

I have an application that connects to a website using FTP, it has run with no problems for 5+ years. I now have a situation where I am using a Win 10 laptop to boost the signal of a wi-fi router in another building. It is located to get the best signal and it works fine, it broadcasts a strong signal allowing other devices to use it.

However, when connecting to the Win 10 Hotspot the FTP protocol is blocked, everything else runs as normal
I have confirmed:

• I can FTP as normal if I connect to the same router as the Win 10 system that is step up with the hotspot.
• If I connect to the Win 10 hotspot FTP is blocked.

This is the first time I've used the hotspot feature in Win 10, I really like it and it's ideal for my situation but the FTP problem limits how much I can use it.

All other protocols work as normal, it's as if a rule somewhere is set to block FTP if passing through the Microsoft (Hotspot) wi-fi direct virtual adapter.

See attached images for the status of the hotspot adapters, they both have the following settings.

IPv4Connectvity: Internet
IPv6Connectvity: No network access

I can FTP from the system with the hotspot setup using the built-in wi-fi adapter with no problems, it's only when I connect via the hotspot that FTP gets blocked.

I've tried a few things to change the IPv6Connectvity but no success so far. Also, if this was the problem why only block FTP and allow all other protocols and why does the built-in wi-fi adapter allow FTP as normal yet it displays IPv6Connectvity: No network access?

It's easy to try and reproduce this condition, all you need is two Win 10 systems and an FTP account on the web.

• Setup Laptop1 to connect to Router1 and also set up a hotspot called Hotspot1.
• On Laptop2 connect to Router1 and use the command-line FTP client to log in to your FTP server.
• There should be no problems doing this.
• Next on Laptop2 connect to Hotspot1 and try to log in again to your FTP account.

If this fails then you will have reproduced the same failure.

Note:

• I am using ACER Win 10 laptops that are fully updated.
• All the ACER laptops use the built-in Windows Firewall and Security Centre.
• When connecting to the Hotspot both Outlook and OneDrive detect it as a metered connection and prompt you to confirm you wish to still connect. When you confirm you still want to connect everything runs as normal.
• This problem occurs at two different locations that use different laptops, routers, and broadband provider (UK: EE & Virgin)

I have not been able to try this on a non-ACER laptop so that would be useful to do but my testing so far has isolated the problem to only when connecting via the Hotspot.

So, in summary.

• When connecting to a Windows 10 Hotspot all other applications run as normal except for FTP.
• I have confirmed this on separate laptops (though they are all ACER) and two different routers and broadband providers at different locations.

It would be great if someone could test this on non-ACER laptops and another broadband provider. If the problem is present then it would suggest this issue is widespread but I've not been able to find anyone else who's experienced this problem.
thanks,Phill.

 

Windows 10 Defender blocking FTP connections to FileZilla Server

Hi, I am running Wnidows 10 with a FileZilla Server. I cannot connect to the server when inbound rules are set to default (no rule, no access). If I set inbound rules to "allow", i can connect to the FileZilla Server.

Inbound rules
Name Profile Enabled Action Override Program
FileZilla Server Interface.exe All Yes Allow No FileZilla Server Interface.exe
FTP Server (FTP Traffic-in) Private,Public Yes Allow No svchost.exe
FTP Server Passive (Traffic-in) Private,Public Yes Allow No svchost.exe
FTP Server Secure (SSL Traffic-in) Private,Public Yes Allow No svchost.exe

What could I be missing?

Thanks
Mike

 

Windows 10 Defender blocking FTP connections to FileZilla Server

Eagle51,
Then how is it working when I take down Defender for the public domain? Or if I change the default for inbound by make inbound always work.

My client is using port 21. So if there is a conflict with IIS FTP, wouldn't it still block Filezinna with Defender off for public domain?