Windows 10 Defender Firewall Rant

[Graham Carter]

Windows Defender firewall doesn't follow logic!!!!!

 

Configured a nice shiny new Dell lappy for a customer earlier today, ran all of the updates, joined it to the domain etc etc

 

 

Network connectivity - CHECK

Showing and enabled in active directory - CHECK

Can browse network shares - CHECK

IPCONFIG query - CHECK

 

 

PING DNS name from another pc - FAIL

PING IP address from another pc - FAIL

RDP DNS / IP from another pc - FAIL

Rebooted laptop several times - FAIL

Disabled the windows defender firewall - FAIL

 

What eventually worked was...

Windows firewall > "Allow app or feature through windows firewall" > check the box "File and Printer" to enable

 

The reason for the rant was to state why the frig was Ping / RDP / File Sharing blocked even with the flipping defender firewall was turned off! 

 

 

[Anghammarad]

You'll get even more funny moments as soon as you/or some admin configures Windows Firewall rulesets with GPO. Then you sit at a customers endpoint, change Firewall Rulesets and they just don't work. They get shown, listed at active but don't get applied due to to Domain GPO Rulesets which totally disable local rulesets.

 

 

[Windows7ge]

What I hate is by default with a fresh install you have to enable allowing the PC to be discoverable just to ping the interface. Heaven forbid you forget to enable it you're bang your head against the wall down the road wondering why you cant ping the NIC from another computer.

 

Like jeez, I'm not even trying to get in I just want to know if I can talk to you. Why does this have to be so hard?

[Graham Carter]

Good points so far!  It also raises another question... why do MS even bother having a software firewall built into the OS anymore?

Fair enough, back in the day when people used to connect with modems and what not, you would need some kind of protection against online punks... but nowadays, ALL mainstream routers have in-built firewalls, heck even public WIFI will have firewall protection.

[Anghammarad]

2 minutes ago, Graham Carter said:

Good points so far!  It also raises another question... why do MS even bother having a software firewall built into the OS anymore?

Fair enough, back in the day when people used to connect with modems and what not, you would need some kind of protection against online punks... but nowadays, ALL mainstream routers have in-built firewalls, heck even public WIFI will have firewall protection.

Think about all the open WIFI Hotspots at airports, trainstations, coffee shops like Starbucks... there a local firewall really makes sense.

 

 

[Anghammarad]

Furthermore, I really like the Defender Style... Security as part of the system and not drilled in from several angles like 3rd party security, where if errors occur you'll get gray hair or lose your hair all togehter troubleshooting.