Well, I have found out - through a lot of testing - that the firewall rules that apply to that profile (Domain, Private, Public) is shown in
Windows Defender Firewall... -> Monitoring -> Firewall
Our devices are Azure AD joined only. and when I was configuring the firewall rules, I was selecting all the network types (such as DOMAIN, PRIVATE, PUBLIC). Seemed like it didn't like the DOMAIN selection as the device is not joined to any DOMAIN (in a classic sense). When i removed the DOMAIN from the network types, it was successfully applied.
MMC does not display every Firewall rules, there are multiple stores like Local, GroupPolicy etc. use PowerShell to retrieve the Firewall rules for the "Active Store" and you will find your configured rules:
Thanks @Oliver Kieselbach you have helped me out (again) - would also add to help others that when filtering the results of the PowerShell query use $_.DisplayName not $_.Name as MDM gives the rule a generic string of characters as the name which isn't easy to spot.
I have been using Evernote for years and have had it running on this Windows computer for more than 3 years. I was recently forced to upgrade to version 10, not ideal, but hey, I'm working thought that issue. (I should have researched for another solution before now, so that's on me).
I am here today, because, for the first time ever, when launching Evernote 10 on my PC, I was prompted to add exceptions for it thought the Windows Defender Firewall. (I chose to not allow this). Evernote still seems to work just fine, but I am curious as to why I was prompted to do this in the first place.
Once again! When launching the Evernote app today, it processed an automatic update, and I was presented with this pop-up screen again. I have a screen shot this time. I have never added an exception to the Windows Firewall for Evernote before and it seems to work just fine.
For me it happened with a download from the Evernote website that I initiated myself. But it was only on one "micro-version" and it corrected itself a few days later wiht the next update. So, unfortunately, your issue may be different.
HELP!! ME TOO!! For the first time ever (in ten years of using Evernote!) the Windows Security (Firewall access) dialog box (which looks just like the screenshot posted by ADUTCHMAN above) also just appeared on my Evernote Windows Desktop upon Evernote updating automatically to version # 10.87.6. I am clueless as to why or even what box to uncheck on it -- I unchecked the "Public Networks" box, but it will not let me uncheck the "Private Networks" box (even when I try to access the settings through Windows Control Panel "Allow Apps to Communicate Through Windows Defender Firewall" -- it will not let me uncheck Private Networks.)
Does anyone know which boxes should be unchecked (or checked) to secure the highest level of security/safety for my Windows laptop PC (which is on my private home wifi network), yet allow Evernote to function properly?
If you follow that link you'll find a (surprisingly long) list of all apps with permissions, and on my system Evernote already has access to both public and private networks - as do many other apps that depend on online access like my mail client and installed browsers.
It is not transparent (not for an app dev, not for you, not for us) when and why a security software will treat a data flow differently. Most apply some "self learning" routines, and some heuristics (assumptions) to detect activities that may have escaped the AV database.
I disagree. When looking at the allowed apps in the Windows Firewall rules, evernote.exe was found. I never added it and I know that Microsoft will not just automatically add an app to the firewall rules.
I proceeded to manually remove the entry and the entry for evernote.exe was gone for a while. Subsequently, an update was silently pushed, and I was prompted to restart the app to allow the installation to proceed. Upon doing so, I got the security warning asking as previously posted. I chose not to allow it and re-checked the list of allowed apps in the firewall rules. Again, evernote.exe was showing up. That is a pretty strong indication that the installer for evernote is attempting to add itself to the windows firewall rules.
On my system, Outlook, Chrome and a dozen other web-related apps have all got access that I didn't (AFAIK) specifically authorise - it's not just Evernote's installer that seems to add exceptions to the firewall. If it's a concern then do ask Support about it.
Thank you for reaching out to the live community. I understand you would like to run Windows defender firewall along side Cortex XDR firewall, however, to avoid performance issues, Palo Alto Networks recommends that you disable or remove Windows Defender from endpoints and where the Cortex XDR agent is installed. There are also other potential performance issues with having both XDR and Defender running together on an endpoint as there will be conflicts. Thank you.
When Windows XP was originally shipped in October 2001, it included a limited firewall called "Internet Connection Firewall". It was disabled by default due to concerns with backward compatibility, and the configuration screens were buried away in network configuration screens that many users never looked at. As a result, it was rarely used. In mid-2003, the Blaster worm attacked a large number of Windows machines, taking advantage of flaws in the RPC Windows service.[1] Several months later, the Sasser worm did something similar. The ongoing prevalence of these worms through 2004 resulted in unpatched machines being infected within a matter of minutes.[1] Because of these incidents, as well as other criticisms that Microsoft was not being active in protecting customers from threats, Microsoft decided to significantly improve both the functionality and the interface of Windows XP's built-in firewall, rebrand it as Windows Firewall,[2] and switched it on by default since Windows XP SP2.
Security log capabilities are included, which can record IP addresses and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. This security log is not enabled by default; the administrator must enable it.[4]
Windows Firewall can be controlled/configured through a COM object-oriented API, scriptable through the netsh command,[5] through the GUI administration tool[6] or centrally through group policies.[7] All features are available regardless of how it is configured.
Windows Firewall was first introduced as part of Windows XP Service Pack 2. Every type of network connection, whether it is wired, wireless, VPN, or even FireWire, has the firewall enabled by default, with some built-in exceptions to allow connections from machines on the local network. It also fixed a problem whereby the firewall policies would not be enabled on a network connection until several seconds after the connection itself was created, thereby creating a window of vulnerability.[9] A number of additions were made to Group Policy, so that Windows system administrators could configure the Windows Firewall product on a company-wide level. XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones.
Windows Firewall turned out to be one of the two most significant reasons (the other being DCOM activation security)[10] that many corporations did not upgrade to Service Pack 2 in a timely fashion. Around the time of SP2's release, a number of Internet sites were reporting significant application compatibility issues, though the majority of those ended up being nothing more than ports that needed to be opened on the firewall so that components of distributed systems (typically backup and antivirus solutions) could communicate.
Users have an AD-joined local account with no admin permissions. They download and run the applet with the 6 digit pin as normal. I'm putting in the local admin password at the Rescue connect screen and elevating the session.
I can actually get connected to their screen, but the pop-up is generating questions from the users, and if they hit Allow it goes to their local machine's UAC which I can't see and it disrupts my connecting.
Question 2 is do you have any advice on deploying such rules through InTune in this case where the applet folder is particular to the user? I've had troubles in the past establishing those types of rules because InTune only wants to manage rules for known paths like Program Files and doesn't seem to have a way to vary the path with a local user account. %appdata% resolves to the InTune admin user, not each local user. (If this part is outside this scope I'll take it to a Windows InTune forum once I know the details of the rule I want.)
What's weird is it only happens once. If the user clicks Cancel, we close the session, and the user starts a new connection there's no prompt that time. Even weirder is that since it's a cancel, I'm not finding any LogMeIn related firewall permissions created as a result of this, so I'm back to wondering what entries should be created ahead of time.
Of course what would be ideal would be never getting this even the once. And I can't be sure it won't all happen again if I change out to a new copy of Calling Card - like if someone wants to change our corporate branding.
The most likely cause for the installation path change would be using InTune to deploy the software instead of an MSI or regular install through LMI. Is it possible to manually allow 'callingcard.exe' into the new path determined?
It is deployed with a standard MSI. I just wrap the MSI into a .InTuneWin package for distribution, it should be running the MSI on the target machine same as if it was downloaded there. Is there something in the calling card configuration that I missed that would set up the firewall?
03c5feb9e7