From 732a9871f6f0269ff49d683b1318051e7d262beb Mon Sep 17 00:00:00 2001 From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 4 Dec 2024 09:55:19 +0100 Subject: [PATCH 1/5] Learn Editor: Update rules.md --- .../network-security/windows-firewall/rules.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index 3daf29314ed..2d6c97aa0d4 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -30,19 +30,21 @@ When first installed, network applications and services issue a *listen call* sp :::row::: :::column span="2"::: - If there's no active application or administrator-defined allow rule(s), a dialog box prompts the user to either allow or block an application's packets the first time the app is launched or tries to communicate in the network: + If there's no active application or administrator-defined allow rule(s), a dialog box prompts the user to either allow or block an application's packets the first time the app is launched or tries to communicate in the network: + +- If the user has admin permissions, they're prompted. If they respond *No* or cancel the prompt, block rules are created. Two rules are typically created, one each for TCP and UDP traffic +- If the user isn't a local admin and they are prompted, block rules are created, no matter what option they chose. - - If the user has admin permissions, they're prompted. If they respond *No* or cancel the prompt, block rules are created. Two rules are typically created, one each for TCP and UDP traffic - - If the user isn't a local admin, they won't be prompted. In most cases, block rules are created +To avoid this, **disable** the notification prompt. This can be done using [PowerShell or command prompt](/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line) or in the Windows Firewall with Advanced Security console on the 'Customize Settings' tab of each profile. + In either of these scenarios, once the rules are added, they must be deleted to generate the prompt again. If not, the traffic continues to be blocked. + :::column-end::: :::column span="2"::: :::image type="content" source="images/uac.png" alt-text="Screenshot showing the User Account Control (UAC) prompt to allow Microsoft Teams." border="false"::: :::column-end::: :::row-end::: -In either of these scenarios, once the rules are added, they must be deleted to generate the prompt again. If not, the traffic continues to be blocked. - > [!NOTE] > The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from non-Microsoft software should be determined by trusted app developers, the user, or the admin on behalf of the user. From 0547f5e2ec93b7992e2251c6ca2e8aa28ff459a2 Mon Sep 17 00:00:00 2001 From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 4 Dec 2024 09:55:35 +0100 Subject: [PATCH 2/5] Learn Editor: Update rules.md From 5b958c6c0b8e0a6288d1d5bb81db7702a24e9857 Mon Sep 17 00:00:00 2001 From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 4 Dec 2024 10:09:15 +0100 Subject: [PATCH 3/5] Update rules.md Correcting the description for non-admin users and adding information how to avoid the block rules being created. --- .../network-security/windows-firewall/rules.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index 2d6c97aa0d4..97ae8e2f470 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -36,8 +36,6 @@ When first installed, network applications and services issue a *listen call* sp - If the user isn't a local admin and they are prompted, block rules are created, no matter what option they chose. To avoid this, **disable** the notification prompt. This can be done using [PowerShell or command prompt](/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line) or in the Windows Firewall with Advanced Security console on the 'Customize Settings' tab of each profile. - - In either of these scenarios, once the rules are added, they must be deleted to generate the prompt again. If not, the traffic continues to be blocked. :::column-end::: :::column span="2"::: @@ -45,6 +43,8 @@ To avoid this, **disable** the notification prompt. This can be done using [Powe :::column-end::: :::row-end::: +In either of these scenarios, once the rules are added, they must be deleted to generate the prompt again. If not, the traffic continues to be blocked. + > [!NOTE] > The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from non-Microsoft software should be determined by trusted app developers, the user, or the admin on behalf of the user. From ed9d46c9fb1d059ed927c06e9540267fa8ac091c Mon Sep 17 00:00:00 2001 From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 4 Dec 2024 13:35:12 +0100 Subject: [PATCH 4/5] Update windows/security/operating-system-security/network-security/windows-firewall/rules.md Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> --- .../network-security/windows-firewall/rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index 97ae8e2f470..c8d1b08b144 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -33,7 +33,7 @@ When first installed, network applications and services issue a *listen call* sp If there's no active application or administrator-defined allow rule(s), a dialog box prompts the user to either allow or block an application's packets the first time the app is launched or tries to communicate in the network: - If the user has admin permissions, they're prompted. If they respond *No* or cancel the prompt, block rules are created. Two rules are typically created, one each for TCP and UDP traffic -- If the user isn't a local admin and they are prompted, block rules are created, no matter what option they chose. +- If the user isn't a local admin and they are prompted, block rules are created. It doesn't matter what option is selected To avoid this, **disable** the notification prompt. This can be done using [PowerShell or command prompt](/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line) or in the Windows Firewall with Advanced Security console on the 'Customize Settings' tab of each profile. From 89c95ececa7f7ab08f81b141288344ed6510b0cd Mon Sep 17 00:00:00 2001 From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 4 Dec 2024 13:35:37 +0100 Subject: [PATCH 5/5] Update windows/security/operating-system-security/network-security/windows-firewall/rules.md Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> --- .../network-security/windows-firewall/rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index c8d1b08b144..64b6580098b 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -35,7 +35,7 @@ When first installed, network applications and services issue a *listen call* sp - If the user has admin permissions, they're prompted. If they respond *No* or cancel the prompt, block rules are created. Two rules are typically created, one each for TCP and UDP traffic - If the user isn't a local admin and they are prompted, block rules are created. It doesn't matter what option is selected -To avoid this, **disable** the notification prompt. This can be done using [PowerShell or command prompt](/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line) or in the Windows Firewall with Advanced Security console on the 'Customize Settings' tab of each profile. +To disable the notification prompt, you can use the [command line](/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line) or the **Windows Firewall with Advanced Security** console :::column-end::: :::column span="2":::