1. #1
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default Registry script for WinPatrol to warn if Windows Firewall is turned off

    Hi !

    Since there is no taskbar-icon when you use windows firewall you donīt know if a nasty malware manages to turn it off.

    But if you have WinPatrol (PLUS-version) you can get a warning thanks to itīs registrymonitoring.

    Run the following reg-script and WinPatrol will give you warning if windows firewall is tuned off.

    Code:
    REGEDIT4
    
    [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\RegOptions]
    "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile\\EnableFirewall" =dword:00000001
    save this file as fx. "Winpatrol.reg"
    run the script, click on them just like any other program, then say "Yes" when you are asked if you really want to run them.


    There is also the corresponding settings for “Domain profile” & “Private profile”:
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy”

    however the “Private profile” seems to be named “StandardProfile” in registry.
    There is some information on Winpatrol.com:

    "Security Center Settings



    • These values are those reminder balloons that let you know if you have Firewall and AntiVirus software installed. Some of you might want these disabled but in most cases you'll want to be notified if these values change from 0 to 1. If the value is 1 you won't be notified if your AntiVirus or Firewall software is disabled. When some programs infiltrate your system they'll change these values to 1 so you don't know. You can add these values so WinPatrol can auto protect you or let you know if someone is changing them.

    HKEY_LOCAL_MACHINE
    SOFTWARE\Microsoft\Security Center
    Change Value Type to "REG_DWORD"
    Add each of the following and click the Add button
    Name: AntiVirusDisableNotify Value: 0
    Name: FirewallDisableNotify Value: 0
    "

    But unfortunately that does not work.
    Not on WS2008-R2, and not on W7.
    You will not get any warning.

    My
    script above works....

    If you have WinPatrol-PLUS and W8 you can first try the settings from WinPatrol.com
    If it doesnīt work, try my reg-script.
    Then report back to this thread.
    It would be interesting to hear what happens on W8....
    Last edited by hackerman1; 1st August 2013 at 15:12.

  2. #2
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,401

    Default

    I was under the impression, the Action Center warned if the Windows Firewall was turned off... but I guess I was mistaken!

    Nice post ... and useful!

  3. #3
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    Doublechecked yesterday, it took about 60 seconds to get a warning, with no internet connection.
    If i remember correctly the warning came a bit earlier, maybe after 30 seconds ,with an actice internet connection.
    I wish the warning would come quicker, but 30-60 seconds delay is better then no warning at all....
    Iīm running WS2008-R2, but i have previously also tested the script on W7.
    If you have WinPatrol-PLUS and windows firewall then try it.

  4. #4
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    I did get a warning when disabling the firewall through the Action Center. However, the notice does not stay long and could be missed.

    Using "PublicProfile" in the reg-script didn't work for me. I changed it to "StandardProfile" and received the WinPatrol warning. Unlike the Action Center warning, there is no way to miss the WinPatrol warning.

    Code:
    REGEDIT4
    
    [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\RegOptions]
    "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile\\EnableFirewall" =dword:00000001
    Of course this only works with WinPatrol PLUS. If you don't have PLUS, Bill is offering a limited time 1/2 price discount for a lifetime license. Information at Security Garden here.

  5. #5
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    Quote Originally Posted by Corrine View Post
    I did get a warning when disabling the firewall through the Action Center. However, the notice does not stay long and could be missed.

    Using "PublicProfile" in the reg-script didn't work for me. I changed it to "StandardProfile" and received the WinPatrol warning. Unlike the Action Center warning, there is no way to miss the WinPatrol warning.

    Code:
    REGEDIT4
    
    [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\RegOptions]
    "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile\\EnableFirewall" =dword:00000001
    Of course this only works with WinPatrol PLUS. If you don't have PLUS, Bill is offering a limited time 1/2 price discount for a lifetime license. Information at Security Garden here.

    I think you missed what i wrote above:

    "There is also the corresponding settings for “Domain profile” & “Private profile”:
    "HKLM\SYSTEM\CurrentControlSet\services\Shared Access\Parameters\FirewallPolicy”

    however the “Private profile” seems to be named “StandardProfile” in registry.
    "

    If you have "classified" your internet-connection as "Private" instead of "Public",
    and are not using a "Public profile" for the firewall then you have to change the script accordingly.

    And, the “Private profile” seems to be named “StandardProfile” in registry.
    Last edited by hackerman1; 1st August 2013 at 15:10.

  6. #6
    edee's Avatar
    edee is offline Windows Enthusiast
    Join Date
    Aug 2008
    Location
    Georgia
    Posts
    119

    Default

    What about those that forgo the Windows Firewall for some other security suite firewall?
    Like myself, I have mine turned off in lieu of using the Panda Internet Security Pro firewall.
    Just wondering if the script can be modified to show that there is no firewall at all running, not just the Windows firewall.

  7. #7
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    Other 3rd-party internetsecurity-suites with firewalls usually warns you if an important component like the firewall is turned off.
    There is no reliable warning for windows firewall, thatīs why i created the script.
    Yes, i suppose you could create your own script for another firewall, the only problem is to find the registrysetting to monitor.

  8. #8
    oklajohn's Avatar
    oklajohn is offline Beginner
    Join Date
    Dec 2009
    Location
    Oklahoma City
    Posts
    10

    Default

    Doesn't Windows 8 Action Center show an issue if Windows Firewall is turned off? I was under the impression that it does.
    Last edited by oklajohn; 12th August 2013 at 21:50. Reason: Additional info

  9. #9
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    I donīt use W8, iīm running Windows Server 2008-R2, so i canīt say how it works on W8.
    But probably the same as on W7.
    Read what Corrine said above:
    Quote Originally Posted by Corrine View Post
    I did get a warning when disabling the firewall through the Action Center.
    However, the notice does not stay long and could be missed.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22