cancel
Showing results for 
Search instead for 
Did you mean: 
dcwebman
Level 7

Firewall rule for IIS 7.5 in Windows 7?

Jump to solution

This one has to have been answered before but I can't find any reference to it. I do web development and need some other machines in my network to access my computer by its computer name. In XP SP3, I eventually found out I needed to create a Firewall rule to allow TCP ports for inetinfo.exe to be permitted. However in Windows 7 Enterprise, inetinfo.exe isn't used anymore.The Activity Log says:

Event:         Traffic
IP Address/User: xx.xx.xx.xx
Description:     NT Kernel & System (ntoskrnl.exe)
Path:         C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE

Message:     Blocked Incoming TCP -  Source xx.xx.xx.xx :  (1569)  Destination xx.xx.xx.xx : http (80) (Block System TCP Incoming)

I have been unable to find out how to create a rule that allows the website to work. I have tried NTOSKRNL.EXE, W3WP.EXE, etc. with no luck. Disabling the firewall completely allows it to work so it's definitely McAfee blocking it.

How can I create a rule that allows this to work?

Thanks!

Message was edited by: dcwebman
EDIT: 32 bit Windows 7. on 1/11/11 3:16:23 PM CST
0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Firewall rule for IIS 7.5 in Windows 7?

Jump to solution

Firewall rules are processed from top to bottom in the ePO policy.  This cannot be overridden locally on client.

0 Kudos
3 Replies
McAfee Employee

Re: Firewall rule for IIS 7.5 in Windows 7?

Jump to solution

Try creating a firewall rule in the ePO policy like:

Direction: IN

Network Protocol: IP

Remote Address: ANY

Transport protocol: TCP

Local Service: 80    From the event, this is the Destination for an incoming packet.

Remote service: 1024-65535  (high random ports are probably used here)   From the event, this is the Source for an incoming packet.

Application: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE (no hash)

Oh, and also, you've already got a firewall rule that is blocking this traffic.  The rule name is at the end of the event.  Block System TCP Incoming

Message was edited by: Kary Tankink on 1/11/11 3:29:30 PM CST

Message was edited by: Kary Tankink on 1/11/11 3:30:02 PM CST
0 Kudos
dcwebman
Level 7

Re: Firewall rule for IIS 7.5 in Windows 7?

Jump to solution

> Oh, and also, you've already got a firewall rule that is blocking this traffic.  The rule name is at the end of the event.  Block System TCP Incoming

That explains it then because I did create a rule similar to what you had before. Unfortunately in our IT's wisdom, they created a bunch of rules including the one you identified and I just found buried under a collapsed item. I can't remove that item and any rule I create goes to the bottom of the list, so I assume McAfee handles the rules in the order in the list, hence being blocked.

IT is unwilling to help since they do not want to support Windows 7 yet but we need it for development. Any idea how I can get my rule to be the one used or remove the one they added? If there's no way to do that, having some way to disable the Firewall completely would also be acceptable. I tried that but in 15 minutes, they turn it all back the way it was.

If it matters, it's McAfee Host Intrusion Prevention 7.0.0.1159 (patch 8).

Thanks.

0 Kudos
McAfee Employee

Re: Firewall rule for IIS 7.5 in Windows 7?

Jump to solution

Firewall rules are processed from top to bottom in the ePO policy.  This cannot be overridden locally on client.

0 Kudos