3 Replies Latest reply on Jan 11, 2011 4:05 PM by dcwebman

    Firewall rule for IIS 7.5 in Windows 7?

      This one has to have been answered before but I can't find any reference to it. I do web development and need some other machines in my network to access my computer by its computer name. In XP SP3, I eventually found out I needed to create a Firewall rule to allow TCP ports for inetinfo.exe to be permitted. However in Windows 7 Enterprise, inetinfo.exe isn't used anymore.The Activity Log says:

       

      Event:         Traffic
      IP Address/User: xx.xx.xx.xx
      Description:     NT Kernel & System (ntoskrnl.exe)
      Path:         C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE

      Message:     Blocked Incoming TCP -  Source xx.xx.xx.xx :  (1569)  Destination xx.xx.xx.xx : http (80) (Block System TCP Incoming)

       

      I have been unable to find out how to create a rule that allows the website to work. I have tried NTOSKRNL.EXE, W3WP.EXE, etc. with no luck. Disabling the firewall completely allows it to work so it's definitely McAfee blocking it.

       

      How can I create a rule that allows this to work?

      Thanks!

       

       

      Message was edited by: dcwebman EDIT: 32 bit Windows 7. on 1/11/11 3:16:23 PM CST
        • 1. Re: Firewall rule for IIS 7.5 in Windows 7?
          Kary Tankink

          Try creating a firewall rule in the ePO policy like:

           

          Direction: IN

          Network Protocol: IP

          Remote Address: ANY

          Transport protocol: TCP

          Local Service: 80    From the event, this is the Destination for an incoming packet.

          Remote service: 1024-65535  (high random ports are probably used here)   From the event, this is the Source for an incoming packet.

          Application: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE (no hash)

           

           

          Oh, and also, you've already got a firewall rule that is blocking this traffic.  The rule name is at the end of the event.  Block System TCP Incoming

           

           

          Message was edited by: Kary Tankink on 1/11/11 3:29:30 PM CST

           

           

          Message was edited by: Kary Tankink on 1/11/11 3:30:02 PM CST
          1 of 1 people found this helpful
          • 2. Re: Firewall rule for IIS 7.5 in Windows 7?

            > Oh, and also, you've already got a firewall rule that is blocking this traffic.  The rule name is at the end of the event.  Block System TCP Incoming

             

            That explains it then because I did create a rule similar to what you had before. Unfortunately in our IT's wisdom, they created a bunch of rules including the one you identified and I just found buried under a collapsed item. I can't remove that item and any rule I create goes to the bottom of the list, so I assume McAfee handles the rules in the order in the list, hence being blocked.

             

            IT is unwilling to help since they do not want to support Windows 7 yet but we need it for development. Any idea how I can get my rule to be the one used or remove the one they added? If there's no way to do that, having some way to disable the Firewall completely would also be acceptable. I tried that but in 15 minutes, they turn it all back the way it was.

             

            If it matters, it's McAfee Host Intrusion Prevention 7.0.0.1159 (patch 8).

            Thanks.

            • 3. Re: Firewall rule for IIS 7.5 in Windows 7?
              Kary Tankink

              Firewall rules are processed from top to bottom in the ePO policy.  This cannot be overridden locally on client.