Currently on my spare desktop I use as a server the firewall both version 3 and 4 is not detecting all applications. It is allowing me to remote desktop into the server with a rule set to block it.
I have tried reinstalling windows multiple times to make sure it wasn’t the OS. Also have tried both 3 and 4 multiple times with just the firewall active.
I am not sure why its doing this because about 6 months ago I was using 3 and it worked correctly but I installed SoftPerfect Bandwidth Manager 2.9.10 last week and it stopped working correctly. I haven’t been able to get it to work right even after wiping the drive multiple times and not installing SoftPerfect Bandwidth Manager.
Edit by EricJH: I made a basic paragraph structure to make it easier to understand while rereading it
CIS was never officially released for Windows Server versions. Even though I have seen a couple of reports that it could work on Server edition it was never officially developed for it.
Having said that. What do you mean with “both version 3 and 4 is not detecting all applications”? Do you mean that not all applications show up under Firewall → Advanced → Network Security Policy → Application Rules? Can you confirm that happen for both v3 and v4? For v4 that would be how the default settings behave but would be atypical for v3.
I mean if I removed all applications in “Firewall → Advanced → Network Security Policy → Application Rules” it will pop-up asking to allow filzilla server interface which is the app that controls filezilla server and for 1 other application I have installed, but it will not pop up for anything else I have running. So I manuallly added svchost.exe which is what handles remote desktop and set it to block everything, but I am still able to remote into my server from my other desktop. This is true on both version 3 and version 4 and after several OS wipe and reinstalls. Now if I go “Firewall → Advanced → Firewall Behavior Settings” and set it to block all it will block all traffic correctly. It is not seeing remote desktop connection or xampp apache or freesshd or the filezilla server itself connections in or out of the server.
Is this for v4 only or does it happen with v3 as well? With the default settings of v4 CIS will not make rules for safe applications. It will apply a standard outgoing only rule to all safe apps.
So I manuallly added svchost.exe which is what handles remote desktop and set it to block everything, but I am still able to remote into my server from my other desktop. This is true on both version 3 and version 4 and after several OS wipe and reinstalls.
What happens when you also block System?
Now if I go "Firewall --> Advanced --> Firewall Behavior Settings" and set it to block all it will block all traffic correctly. It is not seeing remote desktop connection or xampp apache or freesshd or the filezilla server itself connections in or out of the server.
It is acting the same on both 3 and 4. Everything the same. Not seeing most of my applications that I know for a fact have traffic going in and out of my computer. It will not display a pop-up for them or if I manually add the program and set it to block it does not block it. With the default settings of 4 what applications are automatically set to safe? Because I am not adding anything to my safe applications from a default install.
Currently I have 3 installed now and I manually added system and set it to blocked and it didn’t affect the computer. I still am remote into it and can still access the shares over the network from my other desktop.
If I go to the summary tab and under the traffic section to the right the only two programs there is Wuala and System which I have now blocked so I am unsure why it still shows it there, but the % is not going up while wuala is. Also if I open the active connections window it only shows wuala, GoogleDesktop, and System. It does not show xampp apache, filezilla or freesshd.