Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What causes Windows Firewall to block an application?

I have a Windows Forms application that runs locally on the user's desktop. The only way it accesses the Internet is by doing System.Diagnostics.Process.Start(url) to launch the user's default browser and point it to various URLs (to check for updates, contact us, etc.). And none of this happens without the user explicitly requesting it by clicking a menu item or button.

On my machine I have been occasionally getting a Windows Firewall warning message upon starting up the program, saying that Windows Firewall has "blocked some features" of the program to protect the machine. I also occasionally get this warning when running my program within Visual Studio (and the warning dialog says that vshost has been blocked from the network). It doesn't happen all the time.

I have not heard from any of my customers that this has been happening on their PCs, but that doesn't mean it's not. And it's a somewhat scary warning to a less-technically savvy user, so I'd like to figure out how to eliminate it if possible.

What could my program possibly be doing to trigger this warning?

Edit: The only somewhat unusual thing my program is doing at startup is that it uses the Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase class to enforce a single instance application. I know this does some threading magic behind the scenes to detect new instances and redirect them. Is it possible it's listening on the network for some reason?

like image 717
Jesse Smith Avatar asked Mar 31 '09 04:03

Jesse Smith


People also ask

Why does Windows Firewall block a program?

Windows firewall, or most firewalls for that matter, comes with extensive security measures. These measures are not to make your life difficult but to ensure your internet security is not jeopardized in any away. They, therefore, provide high-level protection from intrusion and other malware.


1 Answers

Windows Firewall will only be triggered if your program is listening on a port - effectively acting as a server. System.Diagnostics.Process.Start will not trigger Windows Firewall.

Instead, WindowsFormsApplicationBase is likely causing the firewall warning, because WindowsFormsApplicationBase uses remoting to sense other instances of itself. Using reflector, I found this code in WindowsFormsApplicationBase.Run():

TcpChannel channel = this.RegisterChannel(secureChannel);
RemoteCommunicator communicator = new RemoteCommunicator(this, this.m_MessageRecievedSemaphore);
string uRI = applicationInstanceID + ".rem";
new SecurityPermission(SecurityPermissionFlag.RemotingConfiguration).Assert();
RemotingServices.Marshal(communicator, uRI);
CodeAccessPermission.RevertAssert();
string uRL = channel.GetUrlsForUri(uRI)[0];
this.WriteUrlToMemoryMappedFile(uRL);
this.m_FirstInstanceSemaphore.Set();
this.DoApplicationModel();

As long as you use WindowsFormsApplicationBase for its SingleInstance feature, I don't know of any way around this.

like image 102
Greg Avatar answered Sep 22 '22 05:09

Greg