Did an update reset XP firewall settings to default?

[fragbert]

Every so often after a patch tuesday, I have XP workstations that all of the sudden drop all the allowed applications in the XP firewall (including file and print sharing, VNC, etc) and really puts me in a bind because I no longer have remote access to these machines until I manually put VNC back on the allowed list.

What gives? This affects machines in domain and stand alone environments, and no GPO or other outside enforcement that would touch the firewall, so that's why I'm assuming it's a stupid MS update issue. What is a good method to universally insure this wont happen again (other than disabling XP firewall )

[JedMeister]

Sorry I know this is not a real answer to your question but.... Assuming your workstations are behind a NATed router, I think that Windows Firewall is probably worse than useless. If you feel the need for a software firewall, try an aftermarket one.

If you do that and you have a server onsite, you can set it up to always allow LAN traffic, even if the problem occurs again you could reliably RDP into the server and access the workstations from there. I guess the same would apply to Windows firewall but it doesn't sound like you could trust it to maintain its settings.

[PC_LOAD_LETTER]

my guess is it was SP3 that did it

http://www.msfn.org/board/The-compiled-FAQ...968#entry785968

Q: I had the Windows Firewall service set to disabled before SP3 and now I cant VNC to a machine after installing SP3.

A: SP3 sets the Windows firewall Service to Automatic during install. before you restart after installing SP3, be sure to re disable it.

[fragbert]

Sorry I know this is not a real answer to your question but.... Assuming your workstations are behind a NATed router, I think that Windows Firewall is probably worse than useless. If you feel the need for a software firewall, try an aftermarket one.

Hi,

You are correct that this is not a real answer to my question and the waste of space above is in itself "worse than useless".

Windows firewall is very useful for identifying and blocking rogue applications attempting to send outgoing data. Of course it is not a real "traditional" firewall, but no software firewall on windows is for that matter. Leave that job to a dedicated hardware firewall/nat/router with SPI.

[fragbert]

my guess is it was SP3 that did it

http://www.msfn.org/board/The-compiled-FAQ...968#entry785968

Q: I had the Windows Firewall service set to disabled before SP3 and now I cant VNC to a machine after installing SP3.

A: SP3 sets the Windows firewall Service to Automatic during install. before you restart after installing SP3, be sure to re disable it.

I knew about SP3's meddling - but this has happened on machines that are still SP2.

[submix8c]

my guess is it was SP3 that did it

http://www.msfn.org/board/The-compiled-FAQ...968#entry785968

Q: I had the Windows Firewall service set to disabled before SP3 and now I cant VNC to a machine after installing SP3.

A: SP3 sets the Windows firewall Service to Automatic during install. before you restart after installing SP3, be sure to re disable it.

I knew about SP3's meddling - but this has happened on machines that are still SP2.

SP3, being cumulative, obviously has one or more updates (for SP2) in it specifically doing that. Find the list of SP3 Updates and find the culprit if you need to, although I don't really see how that will rectify your situation. Just thank MS for changing your settings rather than retaining them .

[JedMeister]

Windows firewall is very useful for identifying and blocking rogue applications attempting to send outgoing data.

I strongly disagree with that statement. I would say in the hands of a seasoned professional it is somewhat "useful for identifying and blocking rogue applications attempting to send outgoing data."

If I had a $1 for every infected PC I have worked on that had Windows Firewall (and the system tray warning tool tip) disabled by malware I would be a wealthy man. Once informed of how sick their PCs were, most of those customers told me "but the Windows Firewall was on..." (with the exception of a couple that noticed it was disabled in Security Centre but were concerned because they couldn't re-enable it). These people were under the illusion that Windows Firewall was protecting them, and it is this false sense of security that makes it "worse than useless" in my eyes. I am not so naive to think that aftermarket software firewalls are immune from that sort of rogue activity too, but just by virtue of Win Firewall being included free with the OS, it is more prevalent and thus has had a lot more work put into cracking it. Same can be said for IE and MS products in general, often their popularity is what makes them insecure, not necessarily the quality of their security systems.

Anyway, it sounds as though you are happy with Win Firewall, so good luck resolving your issues.