Search Results

Search found 16978 results on 680 pages for 'event viewer'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 305/680 | < Previous Page | 301 302 303 304 305 306 307 308 309 310 311 312  | Next Page >

  • File History - Unable to scan user libraries for changes and perform backup of modified files for configuration

    - by azl
    When trying to run the File History tool in Windows 8 it runs for about 2 seconds then stops. No files are backed up to the selected drive. In the event viewer the only error that appears is: Unable to scan user libraries for changes and perform backup of modified files for configuration C:\Users\win8User\AppData\Local\Microsoft\Windows\FileHistory\Configuration\Config I've tried deleting both the configuration files and the FileHistory directory on the target drive. Setting up File History again results in the same error. Is there a better way to track down what is causing the failure? Or somehow get the File History tool to create a more verbose log file that shows what is causing the problem?

    Read the article

  • Crypto-Analysis of keylogger logs and config file. Possible?

    - by lost.
    Is there anyway Encryption on an unidentified file can be broken(file in question: config file and log files from ardamax keylogger). These files date back all the way to 2008. I searched everywhere, nothing on slashdot, nothing on google. Ardamax Keyviewer? Should I just write to Ardamax? I am at a loss of what to do. I feel comprimised. Anyone managed to decrpyt files with Crypto-analysis? More Information-- There are log files in the folder and a configuration file, "akv.cfg". Is it possible to decrypt the files and maybe getting the attackers email address used to receive the keylogger logs? I've Checked ardamax.com. They have an built-in log viewer. But its unavailable for download. If superuser isn't the proper place to ask, know where I might get help?

    Read the article

  • Plugin 'InnoDB' registration as a STORAGE ENGINE failed. On win 7

    - by NimChimpsky
    I have had to reinstall MySQL, however the service is failing to start with the above cause listed in evnt viewer. One solution is apparently to delete a couple of files prefixed with 'ib_logfile' which represent any old databases. However I do not have these files, and my service is still failing to start ... ? When I say I don't have these files I did a search using the windows search with zero results, and they are definitely not present in my mysql install directory. And I don't have the "documents and setting/appilcation data' folder referenced in link. In fact I only have only one mysql install directory, I know where that is - what do I need to delete/change ? The instance is configured OK, I ran that as administrator and it is listed in services, but the service itself fails to start Any tips, other than going over to postgresql ?

    Read the article

  • development server?

    - by ajsie
    for a project there will be me and one more programmer to develop a web service. i wonder how the development environment should be like. cause we need central storage (documents, pictures, business materials etc), file version handling, lamp (testing the web service) etc. i have never set up an environment for this before and want to have suggestions from experienced people which tools to use for effective collaboration. what crossed my mind: seperate applications: - google wave (for communication forth and back, setting up guide lines, other information) - team viewer (desktop sharing) - skype (calling) vps (ubuntu server): - svn (version tracking) - ftp (central storage) - lamp (testing the web service) - ssh (managing the vps) is this an appropriate programming environment? and regarding the vps, is it best practice to use ONE vps for all tasks listed up there? all suggestions and feedbacks are welcome!

    Read the article

  • Thunderbird alerts when expected email does not arrive

    - by user871199
    I am on Ubuntu 12.04 using Thunderbird as email client. Both are up to date in terms of updates. I have bunch of nightly jobs that do the work and send a status mail. It gets tedious if you keep getting same/similar mails every day so I ended up writing a mail filter rule which causes emails to end up in their respective folders automatically. If things are going ok, I really don't need to read emails. Failure emails are sent to different alias - if the job runs. We recently discovered that one of the job had not run for few days as someone accidentally disabled it. In order to avoid such problems in future, I would like to setup thunderbird in such a way that if I don't get email from given address within given duration, it should alert me. My dream solution is to set up frequency - some jobs do run every 4 hours. Is this possible? Can I setup Thunderbird (preferred) or other email client for reminding me when expected email does not show up. Based on comments and answer I received, here are the reasons why I would like to use Thunderbird. We are already using Thunderbird. It has calender support via plugin, so I suppose someone is already watching time to remind us about the event. May be this another type of event. Additional job is one more failure point, may complicate life if it has to monitor multiple hosts. Additional tools - same thing, one more failure point. Thunderbird can be run across all the platforms we are using - Windows and Ubuntu. It sort of becomes platform independent solution.

    Read the article

  • Windows 2008 RemoteAPP client disconnects within a matter of minutes.

    - by Jeroen Wilke
    I'm having an odd problem with Windows 2008 TS, and remote applications specifically. The situation is as follows: TS idle timeout is disabled via GPO TS terminating disconnected sessions after 1hr (via GPO) My users can log on to the Terminal server, and get a full desktop, OR via rdp files that give access to a few remote applications. When a user connects to a full desktop, everything is fine and dandy, they will remain logged on indefinately, and when they disconnect the session is terminated after an hour. however, when a user connects using a remote application link, the client seems to disconnect after only a few minutes of inactivity, when you click the window, the session reconnects. EventID's on TS server: 4779: This event is generated when a user disconnects from an existing Terminal Services session, or when a user switches away from an existing destop using Fast User Switching. 4778 : This event is generated when a user reconnects to an existing Terminal Services session, or when a user switches to an existing desktop using Fast User Switching users are connecting directly to 3389, not using a TS-gateway at the moment. This behavior is consistent on different clients that we have, Full desktop is fine, RemoteAPP constantly disconnects. The .rdp file used doesn't list any interesting parameters, aside from what application to launch, and where to find it. Can someone explain to me how there can be a difference in behaviour between full desktop, and remoteapp ? since essentially they use the exact same client ? Regards Jeroen

    Read the article

  • Blue screen issue

    - by Jack
    I received several BSOD's that are recorded in the following logs: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 3081 Additional information about the problem: BCCode: 50 BCP1: FFFFF95FF8150C10 BCP2: 0000000000000008 BCP3: FFFFF95FF8150C10 BCP4: 0000000000000005 OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\040412-20030-01.dmp C:\Users\Jack\AppData\Local\Temp\WER-33025-0.sysdata.xml ~~~~~ Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 3081 Additional information about the problem: BCCode: 1e BCP1: 0000000000000000 BCP2: 0000000000000000 BCP3: 0000000000000000 BCP4: 0000000000000000 OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\040412-32729-01.dmp C:\Users\Jack\AppData\Local\Temp\WER-64319-0.sysdata.xml It seems to occur at random. I have gone 2 months without a BSOD, then I have gone a week with 10+ without changing what I am doing. This is my system: Windows 7 Professional 64-bit Gigabyte GA-890GPA-UD3H AMD Phenom II x6 1090T Processor 3.2GHz 8GB Ram(4X 2GB) Radeon HD 7850 2TB HDD Thermaltake 500W PSU I'm not sure about what the BSOD says, it just counts to 100 by 5's then restarts the computer. It happens fast and I have tried to get a picture before but to no avail.

    Read the article

  • How does RAM fail?

    - by ethanlee16
    I have an issue with a Dell Inspiron 15 (1545) laptop that refuses to open any applications (save select Microsoft programs, e.g. Security Essentials, Ctrl Panel, Windows Explorer (not Internet), regedit, Event Viewer, etc.). I've run Microsoft Memory Diagnostics Tool and it found a 'hardware problem was detected.' Does this indicate that the RAM has failed? I notice when I open programs like Word, Excel, Internet Explorer, etc., it always give me an error from WerFault.exe saying The instruction at xxxxxxx referenced memory at xxxxxxxxx. The memory could not be written. and sometimes something about illegal instructions. If it is a hardware problem, does this mean that replacing the RAM is my only option? Again, I would also like to know if RAM can fail (like hard drives) and if malware can cause RAM to fail also.

    Read the article

  • Ho can I recover from SharePoint configuration errors after promoting the server to a Domain Controller?

    - by jjr2527
    I have a SharePoint 2010 VM setup in VirtualBox and I was using local machine accounts to handle security on the server. While preparing for a demo it came time to have some meaningful users on my VM image. I followed some docs on promoting my server to a Domain Controller in a new forrest. So now I have [MachineName].SPDEMO.CONTOSO.com and I can add users as needed. However, when I try to connect to my SharePoint sites I am getting a white screen with the error: "Cannot connect to the configuration database" I changed the pool identity account of each of my IIS app pools to the new Administrator account and started the services successfully but I can't get the SQL services to start up. When I try to start them I get the following error: Windows could not start the SQL Server (MSSQLSERVER) on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 17058. In the event log I see the following error: The SQL Server (MSSQLSERVER) service terminated with service-specific error %%17058. Can I recover from this or should I roll back or just uninstall the Domain Controller role. I'd like to keep the server as a standalone DC so I can do some user profile creation/management but I need the SharePoint bits to work as well.

    Read the article

  • windows 2003 under Hyper-V - can't send/receive ping

    - by glaucon
    I've installed Windows 2003 x64 R2 SP2 under Hyper-V (the Windows Pro 8 edition). I have a NIC configured but I can't move any traffic on it. In particular I can't send or receive Pings. Scoreboard There is a second VM running Ubuntu under the Windows 8 host which is able to send and receive pings from the host O/S . When I try to ping from Windows 2003 guest to Windows 8 host I get 'Request Timed Out'. When I try to ping from Windows 8 host to Windows 2003 guest I get 'Reply from 192.168.10.107 Destination Host Unreachable'. There's no problem pinging from the Ubuntu guest to the Windows 8 host and no problem pinging from the Windows 8 host to the Unbuntu guest. Environment Integration services are installed on Windows 2003. The windows 2003 needs a static IP address of 192.168.10.15. The Windows 2003 ipconfig output looks like this : While the host o/s ipconfig output looks like this : Event Logs The only things I can see in the event logs which is (a) looks signifcant and (b) is not related to the lack of networking is this : I'm not sure if that's significant or not. Hyper-V and NICs When the Windows 2003 guest was first booted it had no NIC; I subsequently added a 'Legacy Network Connector' which I couldn't get Windows 2003 to recognise; I subsequently removed that and added a 'Standard Network Connector' and at least on the surface this works ... only it doesn't. 'Virtual Network Type' is external. Although I've only mentioned ping there's no other evidence of network activity. 'Allow incoming echo request' is enabled on the Windows 2003 guest. HELP ? What else should I look at or do to resolve this problem ? EDIT 1: I should have said that I turned off the firewall on the W2003 server for a while and retested the pings; same result.

    Read the article

  • MySQL taking a long time to start

    - by Dscoduc
    I'm running Windows Server 2008 with MySQL installed and every time I reboot the server the MySQL Service doesn't start right away. A look into the Windows Eventlog shows that the MySQL Service was hung at startup. Looking at the Services.msc console shows the service state at Starting... Eventually, like 10 minutes, the MySQL Service actually finishes the startup process and the database becomes available for my Wordpress server... I looked at the MySQL .err files and didn't find anything that would indicate a delay in the statup process... Can anyone suggest a way to determine what is causing the delay, and more importantly, how to prevent the delay in the MySQL Startup? UPDATE: Here is the .err log contents from the shutdown to the startup complete. Notice the startup begins at 10:30:00 and the MySQL isn't ready for connections until 10:47:14, a full 17 minutes later: 100322 10:27:06 [Note] C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Normal shutdown 100322 10:27:06 [Note] Event Scheduler: Purging the queue. 0 events 100322 10:27:06 InnoDB: Starting shutdown... 100322 10:27:08 InnoDB: Shutdown completed; log sequence number 4 3854351346 100322 10:27:08 [Warning] Forcing shutdown of 1 plugins 100322 10:27:08 [Note] C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Shutdown complete 100322 10:30:00 [Note] Plugin 'FEDERATED' is disabled. 100322 10:30:01 InnoDB: Started; log sequence number 4 3854351346 100322 10:47:14 [Note] Event Scheduler: Loaded 0 events 100322 10:47:14 [Note] C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: ready for connections. UPDATE 2: MySQL is configured as a service (part of the install process, nothing I did) and executes the following syntax (as it appears in the registry): "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL

    Read the article

  • Why did windows change the elevation requirements of my AutoHotKey script, and how can I prevent such in the future?

    - by monsto
    I was working on an AutoHotKey (AHK) script to create prefab mouse movements for a very simple model viewer. I worked on it for a good hour. I zipped the script, posted it to a forum, and thought "oh hey, I should add bla bla bla to the script". When I returned to the program, the AHK script would not work. I could see the mouse movements working in other programs (notepad, chrome, etc), but not where I had been working the previous hour. After several hours of throwing darts at the troubleshooting wall, I discovered that the fix was to set the AHK.exe to Run as Administrator. The question here are multiple Why did Windows 7, in all it's wisdom, suddenly decide that elevation was necessary in the middle of usage? Can these permission requirements somehow be reverted by, say, removing a key from the registry or something? How can this kind of Windows behaviour be avoided in the future?

    Read the article

  • How to debug why w3wp.exe crashes randomly?

    - by sassyboy
    On the main production server, the IIS worker process crashes sometimes. From the event viewer I get the following information. Faulting application name: w3wp.exe, version: 7.5.7601.17514, time stamp: 0x4ce7a5f8 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe053534f Fault offset: 0x0000b9bc Faulting process id: 0x%9 Faulting application start time: 0x%10 Faulting application path: %11 Faulting module path: %12 Report Id: %13 This happens randomly on the prod server and I have not been able to recreate this crash anywhere else. This was happening on IIS 6, and we recently moved to Windows Server 2008 and IIS 7.5 and the crash happens there as well. How to go about finding the root cause of this?

    Read the article

  • How can I trap errors for an application that is tightly coupled with IIS?

    - by PeanutsMonkey
    We have an unsupported application that relies on IIS however intermittently brings out the website it is integrated with. I have looked at the logs and there is nothing in the logs to indicate what the issue could be as the logs only have GET verbs. I have also looked at the event viewer and there are no error logged in there either. The application runs off a Windows 2008 server. Is there a freely available application we can have running in the background that will listen to or is aware of the application running and traps the error when it crashes? The unsupported application is a bespoke implementation for which we don't have code for and the developer is no longer contactable.

    Read the article

  • Setup a new domain controller over a temporary VPN, but now Windows delays startup?

    - by Kris Anderson
    I'm migrating servers from colo locations to Amazon's VPC EC2 instances. If anyone hasn't worked with Amazon VPC before, VPN is a pain in the arse! Anyways, I setup a new server that acts as the domain controller for our Amazon VPC. In order to migrate all the user accounts from our existing domain controllers I manually connected to our colo VPN using my user account on the new Amazon EC2 machine. I was able to join the domain and the new Amazon server became another domain controller on our network. So far so good. The problem I'm having is that when booting the EC2 domain controller (which is no longer connected to the VPN so it can't communicate with the existing controllers), it takes a good 6-8 minuted before I can remote into the server (instead of the 1-2 minutes it should take). Also, during this time most of the services we also run (like IIS) also give 404 errors until the 6-8 minutes have passed. It's almost like the domain controller is attempting to reach the other domain controllers first and after 6-8 minutes it falls back to the one located on the local machine? I don't think that's what's happening though, because Server 2008 R2 doesn't have primary and backup domain controllers. They're all equal as far as Windows is concerned. For my network adapter I have only one DNS listed, 127.0.0.1, so it should be looking up the local domain controller and not the other domain controllers it connected to over VPN when VPN was enabled. In the server logs I'm seeing these warnings pop up during a reboot: The winlogon notification subscriber is taking long time to handle the notification event (CreateSession). The winlogon notification subscriber took 409 second(s) to handle the notification event (CreateSession). Any ideas on what's happening here? I would try removing the existing domain controllers from the new Amazon EC2 machine, but I still need to connect over VPN a few times to migrate some data between the servers, and I don't want that change being reflected back to the other domain controllers in our colo locations.

    Read the article

  • Ubuntu to Ubuntu VNC over SSH tunnel

    - by rxt
    I have a Linux Ubuntu desktop at home, ssh enabled, vnc server installed, router rule configured. It all works, and at home I can connect via the local network from my Mac. From the outside I can login via ssh. I've configured putty as follows: session: host name and port number connection ssh tunnel: forwarded ports: L5900|192.168.0.23 the local address is: 192.168.1.45 When I make the connection I can login to the remote machine. Then I open Remote Desktop Viewer. I click connect protocol: vnc host: ? use host as ssh tunnel: ? I don't know what to use for the last two options. Which ip-addresses should I use?

    Read the article

  • Disabled FRS replication on a DFS link, but the targets still list the replica set in their FRS conf

    - by Graeme Donaldson
    It's been a while since I've had to deal with the wonders of FRS, so I'm doing some testing to refresh my memory. This is what I've done so far. I am stuck with FRS rather than DFS-R for the moment since not all of my link targets are running R2. Created a domain-based DFS root, hosted on 4 servers. Created a DFS link under the root, targeted at 2 servers. The shares on both servers were empty. Dropped about 500MB of data into the target folder on one server and waited for replication to complete. Added/removed/modified files on both targets and confirmed that changes are replicated within a few seconds. Deleted the contents of the target folder on 1 server and waited for the other server to replicate the deletion. All of this worked perfectly, so now I want to remove my DFS link since I only created it for testing purposes. This is where it gets weird. I'm pretty sure that in the past I've disabled replication on the DFS link and after a short amount of time each target would log an info event in the FRS event log, something along the lines of "this server is no longer a member of replica set X". I have waited about 3 hours and I haven't seen this happen. ntfrsutl ds tells me that the server is not a member of any set, which is expected because when I disable replication on the link, the AD attributes on the computer object are removed. The weird part is... ntfrsutl sets still shows me the replica set, with all the properties, etc. So it seems like the FRS-related attributes of the target server's AD object are gone, but the FRS service for some reason hasn't removed the replica set. Can anyone see what I have done wrong?

    Read the article

  • Problem with network policy rule in Network Policy Server

    - by Robert Moir
    Trying to configure RADIUS for a college network, and have run into the following frustration: I can't set an "AND" condition for group membership of authenticated objects in the network policy rules, e.g. I'm trying to create a NPS rule that says, essentially "IF user is a member of [list of user groups] And is authenticating from a computer in [wireless computer group] then allow access. The screenshot above is the rule I am having trouble with. It does not work as written. The rule underneath it, which is identical in every aspect except the conditions rule, does work. I've tried changing the non-working rule to define each set of groups as "Windows group" rather than specifically as machine and user groups, with no change. With the "faulty" rule enabled and the working one disabled, any attempt to login with a valid account from a machine that is in the wireless computers group gives a 6273 audit event in the windows event log: Reason code 66 - "the user attempted to use an authentication method that is not enabled on the matching network policy". Disabling the "faulty" rule, enabling the other rule and logging in with the same account and computer works just fine.

    Read the article

  • Why can't Logman start?

    - by Bill Paetzke
    I'm setting up my first logman counter. But it's not working! There is some file or folder permissions problem. Or maybe I wrote the create-counter statement wrong. Here's my counter commands: logman create counter BillTest -si 30 -v nnnnnn -max 200 -o "C:\Temp" -c "\Processor(*)\*" "\Memory(*)\*" "\LogicalDisk(*)\*" logman start BillTest The first command works. It says counter creation successful. The second command fails: Collection "BillTest" did not start, check the application event log for any errors Here's the error in the Event Viewer: The service was unable to open the log file C:\Temp_000001.blg for log BillTest and will be stopped. Check the log folder for existence, spelling, permissions, and ensure that no other logs or applications are writing to this log file. You can reenter the log file name using the configuration program. This log will not be started. The error returned is: Access is denied. I verified that C:\Temp exists. I'm not a permissions guru, but I did set all the accounts in the security tab of that folder to "full control." Still, the logman start command failed with the same error. I noticed that it was trying to write to C:\Temp_000001.blg instead of C:\Temp\000001.blg. That might be part of the problem. So, I tried to update my counter to "C:\Temp\" instead of "C:\Temp", but that failed with a path-invalid error. Also, all the examples I saw online used did not put a trailing slash. So, no dice there. I tried this on my machine (Windows XP) and my dev server (Windows Server 2003). Both failed with the same error. How can I fix this?

    Read the article

  • Folder Redirection/Offline Files on Win 7 | Folders are empty when not connected to the domain

    - by Matt
    I've been struggling with this issue for days and cannot seem to find anyone else with a similar issue. I will note first that I have tried using both roaming profiles and the group policy setting for force local profiles.... now onto the problem. What I am trying to do is have my teachers accounts log onto their laptops using their domain credentials. Once logged in their desktop and documents are redirected to a network share //server/redirects/documents/. This works fine when the computer is connected to the domain network. Offline File Sync works great and caches the files locally. However this all breaks down when the user logs in when the computer is no longer connected to the domain network. When the user logs in the desktop and documents are empty. What I find very odd is if I manually go to the offline file folder all of the files are there, The group policy folder redirection does not execute to the offline folder. Is this by Design? (It does not work like this on Vista, I have the exact same group policy settings set on vista machines and it works flawlessly). Additional Info When I look at the event log there is no folder redirection events at all when user logs in and is not connected to the network. In addition a new profile is create in c:/users/username.domain.00x. Every log in creates an additional profile. There is a event that states that a registry files were still in use. Any help would be appreciated.

    Read the article

  • 421 Concurrent Connections - Ratelimit from helpdesk to rackspace server

    - by g18c
    We have Kayako helpdesk running on our WHM Linux server. When e-mails come in from customers, notifications are sent out by Kayako to a number of staff whose mailboxes are hosted on Rackspace mail servers. I noticed a large queue in the Exim queued message viewer of WHM - when looking in Exim logs I can see many lines 2012-10-13 20:06:56 1TN72s-0007Cw-1l SMTP error from remote mail server after initial connection: host mx2.emailsrvr.com [173.203.2.32]: 421 Too many concurrent connections from this client. One client email results in about 5 emails to rackspace servers, perhaps 60 emails per 1 hour on average - not a huge amount but enough to cause messages to be rejected when sent in short bursts. In this case ideally if we can limit the connections sent to the rackspace server we can comply with their limit. For our requirements if we send 1 email every10 seconds or so, this would be OK. Messages to all other servers should go through a normal rates, only mx1.emailsrvr.com and mx2.emailsrvr.com should have this connection limit policy applied. Is this possible?

    Read the article

  • Cannot open any applications on windows server 2008 R2 Standard edition

    - by kishore
    I have a server running on Windows server 2008 R2. It is recently added as a member of a domain. I am not able to start any applications in thew server. When I tried to open Event viewer it errored out saying "The page file is to small to complete the action". I am experiencing same problem when I tried to open Sql server Management studio, task scheduler or any other application. The windows server serves as a production database server, but our applications are not experiencing any problems. Can someone please help?

    Read the article

  • Remove Shell Extension Folder X64

    - by Florian Peschka
    I have a very strange shell extension folder which I just can't get rid of. How can I get rid of this? I already downloaded ShellExViewer, but I cannot find any extension called "X64", nor are the other extensions which reside in that folder anywhere in the Viewer. I am also not able to find that folder in the registry, but that's probably because I don't know where to look. How can I edit this so the contents of the folder are put in the "default" menu and not in a subfolder?

    Read the article

  • IIS Logs not getting created

    - by Chris
    Hi I have a site running on IIS 6. I have turned on logging on the website tab of IIS and specified a directory for it to write to. Set it to an hourly schedule. However no logs are ever created. Have reset iis. checked disk space and permissions on the directory it is writing to but no logs are ever created. I can see this did work once, as there are logs created in the system32/logfiles directory from about a year ago. Even if I specify that directory nothing new gets created This is on a hosted service What else can I check? Is there any place that errors would be written to that might give me a clue as to what is going on? Have tried event viewer but nothing untoward in there Would appreciate any pointers on this

    Read the article

  • CryptSvc not matched by Windows 7 Firewall rule

    - by theultramage
    I am using Windows Firewall in conjunction with a third-party tool to get notified about new outbound connection attempts (Windows Firewall Notifier or Windows Firewall Control). The way these tools do it is by setting the firewall to deny by default, and to add an auditing policy to log blocked connections into the Security event log. Then they watch the log, and display notification about newly added entries. netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound auditpol /set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /failure:enable With this configuration in place, I now need to craft outbound allow rules for applications and system services. Here is the rule for CryptSvc, the service frequently used for certificate validation and revocation checking: netsh advfirewall firewall add rule name="Windows Cryptographic Services" action=allow enable=yes profile=any program="%SystemRoot%\system32\svchost.exe" service="CryptSvc" dir=out protocol=tcp remoteport=80,443 The problem is, this rule does not work. Unless I change the scope to "all programs and services" (which is really unhealthy), connection denied events like the following will keep appearing in the security log: Event 5157, Microsoft Windows security auditing. The Windows Filtering Platform has blocked a connection. Application Information: Process ID: 1476 (<- svchost.exe with CryptSvc and nothing else) Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 192.168.0.1 Source Port: 49616 Destination Address: 2.16.52.16 Destination Port: 80 Protocol: 6 (<- TCP) To make sure it's CryptSvc, I have let the connection through and reviewed its traffic; I also configured CryptSvc to run in its own svchost instance to make it more obvious: ;sc config CryptSvc type= share sc config CryptSvc type= own So... why is it not matching the firewall rule, and how to fix that?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 301 302 303 304 305 306 307 308 309 310 311 312  | Next Page >