Windows Firewall -- Question About Security Popup
I received a popup form Windows Firewall:
I checked the Windows Firewal settings:
Inbound Rules:
Name
Akamai NetSession Interface
Akamai NetSession Interface
Akamai NetSession Interface
Akamai NetSession Interface
Group
Profile
Private
Public
Private
Public
Enabled
Yes
Yes
Yes
Yes
Action
Allow
Allow
Allow
Allow
Override
No
No
No
No
Program
<Path to program>
Any
<Path to program>
Any
Local Address
Any
Any
Any
Any
Remote Address
Any
Any
Any
Any
Protocol
TCP
TCP
UDP
UDP
Local Port
Any
49163
Any
5000
Remote Port
Any
Any
Any
Any
Allowed Users
Any
Any
Any
Any
Allowed Computers
Any
Any
Any
Any
<path to program. ==> C:\Users\<userid>\AppData\Local\Akamai\netsession_win.exe
It is not listed in Outbound Rules at all.
The Windows Firewall popup doesn't say whether it has blocked inbound or outbound communications, the protocal being used or the port being used.
How dow I find out the above so I can understand what the program was trying to do and why Windows Firewall blocked the communications? (Please note this is a question about Windows Firewall and not netsession_win.exe.)
http://www.saberman.com
November 12th, 2011 3:27pm
Hi,
I cannot see the picture you uploaded, please check this properly.
By default, Windows Firewall blocks all unsolicited inbound network traffic, and allows all outbound network traffic. For network programs on your computer to send
information to the network, you typically do not need to do anything. For unsolicited inbound network traffic to reach your computer, you must create an allow rule to permit that type of network traffic.
For more information, please kindly refer to the following article:
Windows Firewall Is Blocking a Program
Alex ZhaoPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 14th, 2011 1:22am
I uplpaded the picture again.
Your reply has nothing to do with the question I asked which was:
"How dow I find out the above so I can understand what the program was trying to do and why Windows Firewall blocked the communications?"
The link you provided also had nothing to do with my question -- it talked about setting up and interpreting rules. I did not mention how to determine what the application was trying to do when it was blocked.http://www.saberman.com
November 14th, 2011 2:23am
Hi,
Did the alert popup again after you click "allow access" for it? If it didn't popup again after that, it is a normal behavior. By default, the windows firewall has not an inbound rule for an application. When you firstly install and use the application,
the alert will popup. After you click "allow access" for it, windows firewall will create an inbound rule for the application(The Akamai NetSession Interface rule you listed.) Then windows firewall should always allow it and the alert should not popup again.
If you want to audit the windows firewall, you could configure a logging for the windows firewall. It will log all the traffic which is blocked. Please refer to the following articles:
http://technet.microsoft.com/en-us/library/cc947815(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc754451(WS.10).aspx
However, there is no place which could help you to know what the program was trying to do in windows side.
Hoping the information could help you.
Best Regards
Scott Xie
Free Windows Admin Tool Kit Click here and download it now
November 15th, 2011 3:43am
The question is not what is it blocking -- the question is why is it blocking. The Windows Firewall does not provide any information about what the application was doing at the time it was blocked? Was it inbound or outbound? What protocal?
What port.
To answer the popup question of whether or not to let the application access the internet one needs to know how it is accessing the internet. http://www.saberman.com
November 16th, 2011 2:00am
Hi
It was inbound traffic which was blocked. By default, all outbound traffic is allowed and all inbound traffic is blocked unless there are the rules to the windows firewall. There are many rules in the windows firewall which allows critical traffic by
default. However, there isn't the rule which allows the new application. Whenever you install a new application, windows firewall will block its inbound traffic firstly and ask you if you would like to allow it. The behavior is for security. If you allow it,
then the rule related to the application would be added into windows firewall. If you want to know the protocal or port about the application, you need to check the rule related to the application. You can get the information you want in the rule. The rule
name should be easily recognized.
Best Regards
Scott Xie
Free Windows Admin Tool Kit Click here and download it now
November 16th, 2011 9:38pm
The rules associated with the application were in the post that started this thread. I see no way of determining what the application was doing when the connection was blocked.
The first and third rule appear to be specific the executable and allow it to setup an inbound connection for TCP and UDP. The second and third rule are not specific to the executable although the name is that of the application. They appear
to allow any program to setup an inbound connection on port 49163 for TCP and port 5000 for UDP.
Now, how do I determine what the application was trying to do when it was blocked? What protocal and what port?http://www.saberman.com
November 17th, 2011 11:42pm
Hi,
The first and third rules are used to allow all inbound TCP and UDP traffic which is related to the application. The second and forth rules are used to all inbound traffic which destination port is TCP 49163 and UDP 5000. It seems the application need to
use the two ports. When the traffic was blocked, there should be some inbound traffic which uses TCP 49163 or UDP 5000 to communicate with the application. However, there is no way to let us know the detailed action about the inbound traffic.
Best Regards
Scott Xie
Free Windows Admin Tool Kit Click here and download it now
November 18th, 2011 2:13am
The second and fourth rules applay to all applications -- not just the one in the name. Since the first and third rule allow all inbound traffice for the application using TCP and UDP one has to assume that the application was using some other protocal
but we have no way of knowing what it was.
The Windows Firewall blocked the application based on something the application was doing. Therefore the reason the application was blocked is known to the firewall. It should have been provided as part of the secuirty popup. To simply
say it blocked an internet connection and would the user want to allow it without saying why it blocked it is silly.http://www.saberman.com
November 18th, 2011 10:15pm
Hi,
Thanks for your reply.
By default, the inbound action of windows firewall is set to "block" since windows firewall doesn't know if the new application is safe. It will block it the first time and ask you if you trust the application. Then it will take action depends on your choice.
However, the default inbound action could be modified. Here is the steps:
1. Open the Windows Firewall with Advanced Security console.
2. Right click "Windows Firewall with Advanced Security console" and click "Properties".
3. Then in the "Private Profile" and "Public Profile" tab, you can change the default inbound and outbound action to "allow".
After you doing that, the windows firewall will no longer block any new application inbound packet.
Yes, it is a good suggestion that windows firewall should provide more detailed information about the blocked traffic. I'll forward the suggestion to our product development team. They will take it as a reference when they are designing the next generation
product.
Best Regards
Scott Xie
Free Windows Admin Tool Kit Click here and download it now
November 21st, 2011 12:17am
By default, the inbound action of windows firewall is set to "block" since windows firewall doesn't know if the new application is safe. It will block it the first time and ask you if you trust the application. Then it will take action depends on
your choice. However, the default inbound action could be modified. Here is the steps:
I don't think it is a good idea to completely open the PC to inbound traffic.
Yes, it is a good suggestion that windows firewall should provide more detailed information about the blocked traffic. I'll forward the suggestion to our product development team. They will take it as a reference when they are designing the
next generation product.
It is helpful to know, before unlocking the front door, whether the fellow outside is holding a flower or a shotgun.http://www.saberman.com
November 21st, 2011 10:15pm
Hello, I know this is an old thread, but I had the same questions. I got the same popup and i researched Akamai. Apparently, it is a company that deals with streaming content and downloads. I checked and it was installed on 9/10. I had read somewhere that
it comes bundled with some software so i checked all the software installed on 9/10. I noticed I had installed Autodesk Autocad and Inventor. In addition, I had installed autodesk download manager. i googled autodesk akamai network interface and on the Akamai
website, they state they have a partnership with Autodesk. I believe what this program does is allow streaming of content, and in my case, it probably came bundled with Autodesk Download Manager to assis downloading autocad. I would assume you can allow it
to access your firewall, but the company website states that the program can be uninstalled anytime. Hope this helps you.
krm1897
Free Windows Admin Tool Kit Click here and download it now
September 17th, 2012 2:23pm