Register an EXE as a Windows Firewall exception using C# code

I have a service (say BS.exe) written using C# of which the installer is created using Wix and C# (which means it has a Custom Action program associated with the Wix installer program as well). Now, after the program in installed there is a need to go to Windows Firewall settings and register the BS.exe there. That is, go to Windows Firewall -> Change Settings -> Exceptions tab and add BS.exe there.

However, now we need to do this process automatically during the installation time. I guess the Custom Action program associated with the Wix is the best place. So is there a way to register this EXE as a Firewall exception using C#?

Thanks in advance!
LVL 3
sachintha81Asked:
Who is Participating?
 
sachintha81Author Commented:
Japete it still didn't work for me. However, I found this alternative method which gets the job done pretty easily without having to fiddle with the registry.


Type type = Type.GetTypeFromProgID("HNetCfg.FwAuthorizedApplication");
INetFwAuthorizedApplication authorizedApp = Activator.CreateInstance(type) as INetFwAuthorizedApplication;

// Set properties of authorizedApp here.

Type objectType = Type.GetTypeFromCLSID(new Guid("{304CE942-6E39-40D8-943A-B913C40C9CD4}"));
INetFwMgr firewallMgr = Activator.CreateInstance(objectType) as INetFwMgr;
firewallMgr.LocalPolicy.CurrentProfile.AuthorizedApplications.Add(authorizedApp);

Open in new window

0
 
BardobraveCommented:
I'm not sure of how can it be done or if it's possible... but, if it is really possible to do I think it's a major security issue in windows firewall, although fw prompts user for confirmation at least...
0
 
japeteCommented:
Yes, you have to add a new entry in windows registry at:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

The entry must have this format:
Name: [AppFullPath]
Type: REG_SZ (Alphanumeric)
Value: [AppFullPath]:*:Enabled:[App Description]

Hope this helps.

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
sachintha81Author Commented:
@japete
What exactly are the values I am supposed to write into the registry entry? Here is the code I used, tell me what I'm doing wrong because it doesn't give the expected result.

[code]
RegistryKey RegKey = Registry.LocalMachine.CreateSubKey(@"SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List");

RegKey.SetValue(@"C:\Windows\Notepad.exe", Enabled);
[/code]
0
 
japeteCommented:
These are the lines:

RegistryKey RegKey = Registry.LocalMachine.CreateSubKey(@"SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List");

RegKey.SetValue(@"C:\Windows\Notepad.exe", @"C:\Windows\Notepad.exe:*:Enabled:Notepad application");

Regards.
0
 
sachintha81Author Commented:
It writes the registry entry as you've specified. However, it doesn't register the application (Notepad.exe, in this case) as a Firewall exception. Do I have to restart the Firewall/System? I was hoping for a method that wouldn't prompt me to do that.
0
 
japeteCommented:
No, it is not necessary restart firewall/sysam, after registry update I see notepad entry in firewall exception tab (see image).
notepad-firewall.gif
0
 
sachintha81Author Commented:
That's funny because I did exactly the same but it doesn't register the Notepad in exceptions. Note that I'm using Windows Vista Business.
0
 
japeteCommented:
Ah, ok. In windows vista firewall registry entries are different.
Try this:

1) Add app exception manually in Firewall config
2) Go to windows registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
3) Copy the new 2 rules that appear in windows registry to your install script
4) Then remove manually app exception from firewall config
5) Run your script to check that works fine

Let me know if it works.
Regards.
0
 
sachintha81Author Commented:
japete, thanks for the info. However, I think we're still doing something wrong.

After adding the exception manually, this is how the above said location in my registry looks like. So I'm guessing this is not what you expected.
Reg.jpg
0
 
japeteCommented:
Yes, it's correct. Look for 2 lines like this:

"v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\\windows\\notepad.exe|Name=notepad|Edge=FALSE|"

Take care in look for App=XXX, and set this 2 lines in your installation script with the same Name and Value that are in registry entry.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.