Register an EXE as a Windows Firewall exception using C# code

I have a service (say BS.exe) written using C# of which the installer is created using Wix and C# (which means it has a Custom Action program associated with the Wix installer program as well). Now, after the program in installed there is a need to go to Windows Firewall settings and register the BS.exe there. That is, go to Windows Firewall -> Change Settings -> Exceptions tab and add BS.exe there.

However, now we need to do this process automatically during the installation time. I guess the Custom Action program associated with the Wix is the best place. So is there a way to register this EXE as a Firewall exception using C#?

Thanks in advance!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I'm not sure of how can it be done or if it's possible... but, if it is really possible to do I think it's a major security issue in windows firewall, although fw prompts user for confirmation at least...
Yes, you have to add a new entry in windows registry at:


The entry must have this format:
Name: [AppFullPath]
Type: REG_SZ (Alphanumeric)
Value: [AppFullPath]:*:Enabled:[App Description]

Hope this helps.

sachintha81Author Commented:
What exactly are the values I am supposed to write into the registry entry? Here is the code I used, tell me what I'm doing wrong because it doesn't give the expected result.

RegistryKey RegKey = Registry.LocalMachine.CreateSubKey(@"SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List");

RegKey.SetValue(@"C:\Windows\Notepad.exe", Enabled);
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

These are the lines:

RegistryKey RegKey = Registry.LocalMachine.CreateSubKey(@"SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List");

RegKey.SetValue(@"C:\Windows\Notepad.exe", @"C:\Windows\Notepad.exe:*:Enabled:Notepad application");

sachintha81Author Commented:
It writes the registry entry as you've specified. However, it doesn't register the application (Notepad.exe, in this case) as a Firewall exception. Do I have to restart the Firewall/System? I was hoping for a method that wouldn't prompt me to do that.
No, it is not necessary restart firewall/sysam, after registry update I see notepad entry in firewall exception tab (see image).
sachintha81Author Commented:
That's funny because I did exactly the same but it doesn't register the Notepad in exceptions. Note that I'm using Windows Vista Business.
Ah, ok. In windows vista firewall registry entries are different.
Try this:

1) Add app exception manually in Firewall config
2) Go to windows registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
3) Copy the new 2 rules that appear in windows registry to your install script
4) Then remove manually app exception from firewall config
5) Run your script to check that works fine

Let me know if it works.
sachintha81Author Commented:
japete, thanks for the info. However, I think we're still doing something wrong.

After adding the exception manually, this is how the above said location in my registry looks like. So I'm guessing this is not what you expected.
Yes, it's correct. Look for 2 lines like this:


Take care in look for App=XXX, and set this 2 lines in your installation script with the same Name and Value that are in registry entry.
sachintha81Author Commented:
Japete it still didn't work for me. However, I found this alternative method which gets the job done pretty easily without having to fiddle with the registry.

Type type = Type.GetTypeFromProgID("HNetCfg.FwAuthorizedApplication");
INetFwAuthorizedApplication authorizedApp = Activator.CreateInstance(type) as INetFwAuthorizedApplication;

// Set properties of authorizedApp here.

Type objectType = Type.GetTypeFromCLSID(new Guid("{304CE942-6E39-40D8-943A-B913C40C9CD4}"));
INetFwMgr firewallMgr = Activator.CreateInstance(objectType) as INetFwMgr;

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.