KemalRouge
asked on
Detecting running firewalls in windows
Our company produces software that requires internet access, and can often receive support calls from customers that have forgotten to permission our software on their firewall.
We would like to be able to automatically detect the following:
a) are they running a firewall (we can already easily detect the Windows XP firewall)
b) what kind of firewall is it, i.e. hardware based, ZoneAlarm, Sygate, Norton etc.
Ideally, we would like to be able to use the information we have about their firewall to provide them with detailed instructions on how to configure it so that it runs with our software (hence the need to know the name of the software).
As I've already mentioned, we already know how to detect the Windows XP firewall, so no points for coming back with that one.
Also, we have already considered checking the running processes/installed applications to identify which firewall is running, but that could just be a future support headache, as we have no control over what Norton does with their software.
Windows does seem to have a way of identifying other installed firewalls. I use ZoneAlarm, and if I disable it, a little balloon tip pops up and says that ZoneAlarm is disabled. Does anyone know of a way of getting to this information? I have noticed a couple of registry keys under HKLM\...\security centre, but again they don't provide you with a clear answer as to what is running.
I'm prepared to part with 250 points for a good answer to this question.
We would like to be able to automatically detect the following:
a) are they running a firewall (we can already easily detect the Windows XP firewall)
b) what kind of firewall is it, i.e. hardware based, ZoneAlarm, Sygate, Norton etc.
Ideally, we would like to be able to use the information we have about their firewall to provide them with detailed instructions on how to configure it so that it runs with our software (hence the need to know the name of the software).
As I've already mentioned, we already know how to detect the Windows XP firewall, so no points for coming back with that one.
Also, we have already considered checking the running processes/installed applications to identify which firewall is running, but that could just be a future support headache, as we have no control over what Norton does with their software.
Windows does seem to have a way of identifying other installed firewalls. I use ZoneAlarm, and if I disable it, a little balloon tip pops up and says that ZoneAlarm is disabled. Does anyone know of a way of getting to this information? I have noticed a couple of registry keys under HKLM\...\security centre, but again they don't provide you with a clear answer as to what is running.
I'm prepared to part with 250 points for a good answer to this question.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hmm, it wouldn't let me increase it to 1,000 points, so it'll have to be 500 I'm afraid.
ASKER
I've just solved this problem with some help from a colleague. He pointed me in the direction of a knowledge base article, which pointed out that this information was stored in the WMI database
Basically, it's possible to query the WMI in a few lines of code to find out what firewalls/anti-virus software is being monitored by the Security Center, and the status of this software (i.e. enabled or not).
Thanks for your help anyway guys, I'm going to split some points with you, because I appreciate your time (and cos it's nearly christmas!).
Anyway, if you're interested, here's some VB code I used to test this out (you'll need a reference to "Microsoft WMI Scripting V1.2 Library"):
Private Sub DumpFirewallInfo()
Dim oLocator As WbemScripting.SWbemLocator
Dim oService As WbemScripting.SWbemService
Dim oFirewalls As WbemScripting.SWbemObjectS
Dim oFirewall As WbemScripting.SWbemObjectE
Dim oFwMgr As Variant
Set oFwMgr = CreateObject("HNetCfg.FwMg
Debug.Print "Checking the Windows Firewall..."
Debug.Print "Windows Firewal Enabled: " & oFwMgr.LocalPolicy.Current
Debug.Print ""
Set oFwMgr = Nothing
Debug.Print "Checking for other installed firewalls..."
Set oLocator = New WbemScripting.SWbemLocator
Set oService = oLocator.ConnectServer("."
oService.Security_.Imperso
Set oFirewalls = oService.ExecQuery("SELECT
For Each oFirewall In oFirewalls
Debug.Print "Company: " & vbTab & oFirewall.CompanyName
Debug.Print "Firewall Name: " & vbTab & oFirewall.DisplayName
Debug.Print "Enabled: " & vbTab & Format$(oFirewall.Enabled)
Debug.Print "Version: " & vbTab & oFirewall.versionNumber
Debug.Print ""
Next oFirewall
Set oFirewall = Nothing
Set oFirewalls = Nothing
Set oService = Nothing
Set oLocator = Nothing
End Sub
Basically, it's possible to query the WMI in a few lines of code to find out what firewalls/anti-virus software is being monitored by the Security Center, and the status of this software (i.e. enabled or not).
Thanks for your help anyway guys, I'm going to split some points with you, because I appreciate your time (and cos it's nearly christmas!).
Anyway, if you're interested, here's some VB code I used to test this out (you'll need a reference to "Microsoft WMI Scripting V1.2 Library"):
Private Sub DumpFirewallInfo()
Dim oLocator As WbemScripting.SWbemLocator
Dim oService As WbemScripting.SWbemService
Dim oFirewalls As WbemScripting.SWbemObjectS
Dim oFirewall As WbemScripting.SWbemObjectE
Dim oFwMgr As Variant
Set oFwMgr = CreateObject("HNetCfg.FwMg
Debug.Print "Checking the Windows Firewall..."
Debug.Print "Windows Firewal Enabled: " & oFwMgr.LocalPolicy.Current
Debug.Print ""
Set oFwMgr = Nothing
Debug.Print "Checking for other installed firewalls..."
Set oLocator = New WbemScripting.SWbemLocator
Set oService = oLocator.ConnectServer("."
oService.Security_.Imperso
Set oFirewalls = oService.ExecQuery("SELECT
For Each oFirewall In oFirewalls
Debug.Print "Company: " & vbTab & oFirewall.CompanyName
Debug.Print "Firewall Name: " & vbTab & oFirewall.DisplayName
Debug.Print "Enabled: " & vbTab & Format$(oFirewall.Enabled)
Debug.Print "Version: " & vbTab & oFirewall.versionNumber
Debug.Print ""
Next oFirewall
Set oFirewall = Nothing
Set oFirewalls = Nothing
Set oService = Nothing
Set oLocator = Nothing
End Sub
ASKER
Thanks for your comments.
grg99, the only problem with this approach is that the whole act of pinging a server will often generate a firewall warning (software based ones anyway), asking the user to allow or deny the request. We were hoping to find a solution that required no input from the user. Let me know if I've missed something here.
wayside, I have tried checking changes to the registry when turning the firewall off and on, but either I'm missing something, or this information is not stored in the here. I initially used a tool that took snapshots of the registry before and after the changes, and then compared the difference. After your suggestion, I also tried regmon, but couldn't find anything. Also, I think that the registry settings you've mentioned are more to do with the Windows firewall than third-party ones.
It does look like there is some information stored under HKEY_LOCAL_MACHINE\SOFTWAR
I'm going to bump the points up on this question to see if it generates any other answers, but I'm beginning to wonder if this is just not going to be achievable.
To confirm, our ideal solution would be to identify the exact firewall in use, but at this stage we would be happy just to identify the presence of any firewall. However, we would like to do this without triggering the firewall itself.
Suggestions would be most welcome.
Cheers.