Windows 10: Why are there multiple entries of a program in my Windows Firewall Inbound Rules?

Discus and support Why are there multiple entries of a program in my Windows Firewall Inbound Rules? in Windows 10 Ask Insider to solve the problem; [ATTACH] Hello, I was attempting to figure out why my Windows Defender - AntiMalware Service Executable has been using more ram than normal which... Discussion in 'Windows 10 Ask Insider' started by /u/Yamistewie, Mar 2, 2020.

  1. Why are there multiple entries of a program in my Windows Firewall Inbound Rules?


    Why are there multiple entries of a program in my Windows Firewall Inbound Rules? sN1CSvPx423Sl-9aYwWkzMa5pzT-_7iA7b8I8Cl1BLs.jpg

    Hello,

    I was attempting to figure out why my Windows Defender - AntiMalware Service Executable has been using more ram than normal which led me into my Windows Firewall settings. I noticed for my Inbound Rules, there are several entries for a specific process related to (1) game. At least 2 of each entry aren't even enabled. I noticed it's specifically for "Domain" entries. Should I enable those entries?

    Also, if anyone happens to know why my Windows AntiMalware Service under my task manager has been using over 100 MB of ram - only 1.6%. Not a big deal but usually it operates under 100 MB unless an update is pending. No updates, virus scans or errors are pending so I'm not entirely sure.

    I attached a screenshot to provide a visual representation.

    Thank you.

    https://preview.redd.it/46cvkxi5n7k...bp&s=0ba205b4a88c1bd769f8ebebcba0d8962763f720

    submitted by /u/Yamistewie
    [link] [comments]

    :)
     
    /u/Yamistewie, Mar 2, 2020
    #1
  2. alan93 Win User

    Firewall no longer allowing "Allowed" program on Inbound Rule

    Using Windows 10 and trying to allow a program to access my computer remotely through a specified port.

    This used to work by allowing it in the firewall settings and turning on both public and private firewalls.

    Now I have to turn off the public firewall to allow it to access my computer remotely even though it is in the inbound rules list with :

    Profile: Private, Public

    Enabled: Yes

    Action: Allow:

    Program: [path to program]

    Everything else : any

    This allowing used to work but now it doesn't.
     
    alan93, Mar 2, 2020
    #2
  3. Inbound Firewall Rule that Blocks

    Code:
    Please help me understand how the 2 Inbound Rules created by MMC actually operate.
    
    Action, Enabled, Service, Program,                     Protocol
    
    Block,  Yes,     Any,     C:\windows\system32\mmc.exe, TCP
    
    Block,  Yes,     Any,     C:\windows\system32\mmc.exe, UDP
    If these 2 rules were Outbound Rules, I'd say that client process 'mmc.exe' is blocked.
    
    But applying equivalent logic (that 'mmc.exe' is blocked) to Inbound Rules doesn't make sense -- why would 'mmc.exe' (which created these Rules) block itself?
    
    What (somewhat) makes sense is that 'mmc.exe' is a requester, and that these rules block all TCP & UDP datagrams & all processes.
    
    If so, then there's quite a difference between Outbound & Inbound Rules.
    
    In Outbound Rules, 'Program' specifies the target (the process that's blocked), whereas in Inbound Rules, 'Program' specifies the requester (the process that provokes blocking).
    
    This is crucial reasoning because, if correct, then, as a consequence, every process is the target of Inbound Rules that Block.
    
    What about Inbound Rules that Allow? I've always assumed that an Inbound+Allow means the specified 'Program' installs a listener (i.e., has handler(s) for the specified socket(s)).
    
    I think that's pretty straightforward.
    
    I've read what Microsoft provides and it's grossly inadequate -- what a surprise, eh?
    
    Microsoft documentation presents only trivial explanation of how to complete the fields (example: "Type the path to the program in the text box"), or the tutorial's scope is limited (example: "On the Action page, select Allow the connection, and then click
     Next" -- no mention of "Block the connection").
    
    Other web hits are just plain wrong (examples: "Program – Block or allow a program"; "Program - creates rule that controls connections for an app or program"; "if you are downloading a file through BitTorrent, the download of that file is filtered through an
     inbound rule" -- Rules control connections, not streams) or show ridiculous cases (example: "I want to block all outgoing connections on port 80").
    Does anyone know of an architectural reference or guidebook that explains how Firewall Rules are implemented in a running system?
    Warm Regards -- Mark.
    
    
     
    MarkFilipak.Windows, Mar 2, 2020
    #3
  4. maxwelwp Win User

    Why are there multiple entries of a program in my Windows Firewall Inbound Rules?

    Valid inbound rule in windows firewall?

    Yesterday I was bitten by an alert that windows defender had stopped an attack however I should not do anything before contacting MICROSOFT CERTIFIED HELP DESK SUPPORT and absolutely do not shutdown the computer as data loss and an unbootable system could
    be the result. My screen was frozen and computer beeping so after trying a couple things i called the number (855-335-7701). Long story short they were trying to pass themselves off as SkyService247 and wanted to protect my computer for an annual fee. Never
    did find out how much. When they added a syskey password I pulled the plug. Luckily I had a restore point set earlier in the day so when my computer failed to reboot, I was able to restore it and it works OK now.

    However, I see an entry in the inbound rules for windows firewall that simply has a name of G, no properties info, and the program is noted as C and they affect either the TCP or ICMPv4 protocol. 36 of these in the inbound rule for the firewall.

    My question is are these valid and should they be allowed? I cannot seem to locate any information on these so any feedback will be most appreciated.
     
    maxwelwp, Mar 2, 2020
    #4
Thema:

Why are there multiple entries of a program in my Windows Firewall Inbound Rules?

Loading...
  1. Why are there multiple entries of a program in my Windows Firewall Inbound Rules? - Similar Threads - Why are multiple

  2. Windows firewall Predefined Inbound Rules Server 2016 vs 2019

    in Windows 10 Gaming
    Windows firewall Predefined Inbound Rules Server 2016 vs 2019: On my systems there seems to be a larger set of predefined inbound rules in server 2016 vs 2019 for File and Print sharing. Also those extra rules seem to be enabled by default. Is this some extra hardening on server 2019?For some reason on my 2016 build I had the file and...
  3. Windows defender firewall Advance Security Inbound outbound Rules Settings

    in Windows 10 Gaming
    Windows defender firewall Advance Security Inbound outbound Rules Settings: How to? Windows security setup inbound, outbound for Blocking Mostly Advertisers. https://answers.microsoft.com/en-us/windows/forum/all/windows-defender-firewall-advance-security-inbound/5eb780cc-610d-421f-bd3f-b7ea49c7fb6b
  4. Right Click - Add Inbound/Outbound Firewall Rule?

    in Windows 10 Ask Insider
    Right Click - Add Inbound/Outbound Firewall Rule?: Hi guys, I've always wondered why isn't there an option to quickly add an inbound/outbound firewall rule to an application straight from the app by, say, right click menu, add instantly? Wouldn't this be a great feature to have? Why the need to go to that Windows Defender...
  5. Defender Firewall changing inbound and outbound rules on its own

    in AntiVirus, Firewalls and System Security
    Defender Firewall changing inbound and outbound rules on its own: window 10 version 1909 (OS Build 18363.1443) First of all I block most of Windows Defender Firewalls rules to keep security to a maximum. I regularly check Windows Defenders Firewalls advanced rules and find that the program regularly changes its own rules. It enables the...
  6. Firewall inbound/outbound rules not working well on windows 10

    in Windows 10 Ask Insider
    Firewall inbound/outbound rules not working well on windows 10: So I decided to block internet access to a "launcher" application that updates regularly before starting my video game. It will connect to the internet and give me latest news about the game etc, which I don't want. I went to firewall advanced settings and made a new rule to...
  7. Inbound Firewall Rule Ignored - Does capitalization and / or unicode matter?

    in AntiVirus, Firewalls and System Security
    Inbound Firewall Rule Ignored - Does capitalization and / or unicode matter?: Hi All, I have an application specific Inbound Connection firewall rule configured in Windows 10 x64. The application is 32-bit and installed in regular "Program Files x86". The firewall rule is configured to allow: - For all profiles Domain, Private, Public, - Allow...
  8. Windows Firewall Not Accepting A New Outbound/ Inbound Rule

    in AntiVirus, Firewalls and System Security
    Windows Firewall Not Accepting A New Outbound/ Inbound Rule: Hello Folks, I tried doing everything right from the complete computer scan to the system file check using command prompt to dism check to even using the firewall troubleshooter available at this link:...
  9. windows 10 1803 - How to prevent programs to create inbound rules in firewall

    in AntiVirus, Firewalls and System Security
    windows 10 1803 - How to prevent programs to create inbound rules in firewall: Hello, I'm using windows 10 1803 and I have a problem : some programs create automatically inbound rules in windows firewall at startup. How to prevent this incredible and incomprehensible possibility ? for example ccleaner, steam, etc. I use local policy but it dont...
  10. Inbound Firewall Rule that Blocks

    in Windows 10 Customization
    Inbound Firewall Rule that Blocks: Please help me understand how the 2 Inbound Rules created by MMC actually operate. Action, Enabled, Service, Program, Protocol Block, Yes, Any, C:\windows\system32\mmc.exe, TCP Block, Yes, Any, C:\windows\system32\mmc.exe, UDP If these...