Firewall blocking system files

System info:
Windows 10 pro x64 1809
CFW proactive config
Windows Defender default settings

I am getting firewall blocks from:
sometimes other processes

Windows firewall is disabled.
Nothing special or unusual was running on the system at the time of the blocks.

Because you have application rules for those applications which is set to block certain connections.

But I have only the default application rules.

Then global rules or you have do not show alerts block requests and it was automatically blocked when an inbound connection was made. Without seeing the other blocked events for the other applications and how you have your global rules set up, it is hard to figure out why the firewall is blocking connections. But it most likely is a configuration that is causing these blocks.

There are no custom rules for applications, except for a few applications that I added to the trusted list, but they don’t have application rules.
The global rules are all default, and I don’t get any blocks other than these occasional, quirky network blocks.
The only thing I did to tweak the config was to turn on embedded code detection for all processes on the default list. I also disabled website filtering.
I saw this behavior only on win10 1809.
I tried CFW 10 and CFW 11, same result.

In autocontainment, I set unknown processes to run limited, instead of the default setting of partially limited. But I don’t think that should affect processes running outside of containment.
What else did I tweak? Let me think… I set firewall to not show alerts, and to block. Maybe that’s the problem?

Fully virtualized is the default, PL hasn’t been the default since version 7. Default proactive global firewall rules is set to ask incoming connections, and as I said before if you have do not show popup alerts: block requests enabled, any incoming connection request will automatically be blocked.

FYI it seems the win10 1809 bug that I am reporting in this thread only affects Proactive config, not Firewall config.
I can’t say conclusively because I didn’t run Firewall config long enough, but that’s the way it looks :slight_smile:

It is not a bug if it is blocking inbound connections due to a config change of automatically blocking requests without showing an alert. The default global rules for the proactive and firewall configuration is set to ask for incoming connections. If you change the global rules by running the stealth ports task and select block incoming connections, you won’t see blocked events because it will silently block the connections and not log the block.