According to this
firewall’s global rules are checked first when someone tries to connect to a computer (extract below)
I have my home network zone configured in this way:
and one global rule like this:
Yet I still get prompted about incoming connections from devices connected to home network
(especially system connections - ports used by printer/file sharing, NetBIOS protocol).
Soft: Windows 7 Pro x64 / CIS Premium 5.10.228257.2253
Yes, global rules are like generalized rules.
What passes them ingoing has to pass the barrier of application rules then. Thats why you get a question if a related application rule is missing.
Thats good, because otherwise traffic which passed a “general” rule could allready act “specific” without question.
Especially (unrequested) ingoing traffic should be controlled/avoided if possible.
The alerts you see are likely for applications listening for that traffic. The applications are typically System and svchost.exe.
Thank you all. Previously I thought, when an incoming connection passes Global Rules, the firewall checks application rules no more. Seems like I was wrong.
All traffic, both incoming and outgoing, goes through both Global and Application Rules. The only difference is the order of which set traffic sees first.