Microsoft KB Archive/842242

= Windows Firewall may block some programs from communicating over the Internet after you install Windows XP Service Pack 2 =

Article ID: 842242

Article Last Modified on 11/13/2007

-

APPLIES TO


 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Service Pack 2

-



SUMMARY
''After you install Windows XP Service Pack 2 (SP2), some programs may seem not to work. By default, Windows Firewall is enabled and blocks unsolicited connections to your computer. This article discusses how to make an exception and enable a program to run by adding it to the list of exceptions. This procedure enables the program to work as it did before the service pack was installed.''



INTRODUCTION
To help provide security for your Windows XP SP2-based computer, Windows Firewall blocks unsolicited connections to your computer. However, sometimes you might want to make an exception and allow for someone to connect to your computer. For example, the following scenarios describe occasions when you might want someone to be able to connect to your computer:
 * You are playing a multiplayer game over the Internet.
 * You are expecting to receive a file that is sent through an instant message program.

After you install Windows XP SP2, client applications may not successfully receive data from a server. The following are some examples:
 * An FTP client
 * Multimedia streaming software
 * New mail notifications in some e-mail programs

Or, server applications that are running on a Windows XP SP2-based computer may not respond to client requests. The following are some examples:
 * A Web server such as Internet Information Services (IIS)
 * Remote Desktop
 * File Sharing

Back to the top



Windows Security Alert
Sometimes, when Windows Firewall blocks a program, a Windows Security Alert dialog box appears.

Enable programs by using the &quot;Windows Security Alert&quot; dialog box
To work correctly, some programs and games must receive information over the network. The information enters your computer through an inbound port. For Windows Firewall to allow for this information to enter, the correct inbound port must be open on your computer. If you recognize the name of the program, and you want to allow for the program to function as usual, click Unblock in the Windows Security Alert dialog box.



Advanced users section
This section is intended for advanced computer users. If you are not comfortable with advanced troubleshooting, you might want to ask someone for help or contact support. For information about how to do this, visit the following Microsoft Web site:

http://support.microsoft.com/contactus

To enable a program to communicate like it did before Windows XP SP2 was installed, and to enable programs that you want to run, use one of the following methods.

Advanced users method 1: Enable programs by using Windows Firewall
If you do not click Unblock in the Windows Security Alert dialog box, the program continues to be blocked. To enable a program by using Windows Firewall, follow these steps:
 * 1) Click Start, and then click Run.




 * 1) In the Open box, type wscui.cpl, and then click OK.




 * 1) Click Windows Firewall.




 * 1) In the Windows Firewall dialog box, click the Exceptions tab, and then click Add Program.




 * 1) In the Add a Program dialog box, either select the program from the list that appears, or click Browse to locate your program.



If you cannot locate your program, see the next section, Identifying and opening ports.
 * 1) After you select your program, click OK.
 * 2) On the Exceptions tab, make sure that the check box next to your program is selected, and then click OK.



Note If you later decide that you do not want the program to be an exception, clear this check box.

Adding a program to the list of exceptions has the following advantages:
 * You do not have to know a specific port number. (By contrast, when you want to open a port, you have to know the number of the port that is used by the program. This is described later.)
 * The port that is used by the program that is located on the list of exceptions will be open only when the program is waiting to receive a connection.

Advanced users method 2: Identifying and opening ports
If your program still does not seem to work after you add the program to the list of exceptions, or if you cannot locate the program in step 5 of the previous section, you can open a port manually.

Important Before you can add a port or ports manually, you have to identify the ports that are used by the program. A reliable method for identifying the ports that are used by the program is to contact the vendor. If you cannot do this, or if a list of ports that are used by the program is not available, you can use Netstat.exe to identify the ports that are used by the program.

Identify ports by using Netstat.exe
 Start the program in question and try to use its network features. For a multimedia program, try to start an audio stream. For a Web server, start the service. Click Start, and then click Run.



 In the Open box, type cmd, and then click OK.



 Type the following at a command prompt. Press ENTER after each line:

netstat –ano > netstat.txt

tasklist > tasklist.txt

notepad tasklist.txt

notepad netstat.txt

Note If the program in question is running as a service, add the /svc switch to list the services that are loaded in each process:

tasklist /svc > tasklist.txt



 In Tasklist.txt, locate the program that you are troubleshooting. Note the process identifier (PID) for the process.



 In Netstat.txt, note any entries that are associated with the process identifier. Note the protocol that is used (TCP or UDP).



</ol>

Important If the program uses more than one port, repeat this procedure to identify the additional ports that are used by the program. If you repeat the procedure and the port number that the program uses continues to change, add a program-based exception or contact the vendor of the program.

Open ports manually by using Windows Firewall
If you cannot identify the ports that are used by the program, you can open a port manually. To identify the specific port number to open, contact the product vendor or see the product user documentation. After you identify the port number that you want to open, follow these steps:
 * 1) Click Start, and then click Run.




 * 1) In the Open box, type wscui.cpl, and then click OK.




 * 1) Click Windows Firewall.




 * 1) On the Exceptions tab, click Add Port.




 * 1) In the Add a Port dialog box, type the name that you want to use for the port exception in the Name box, type the number of the port that you want to open in the Port number box, and then click either TCP or UDP.




 * 1) To view or set the scope for the port exception, click Change Scope.



Select the scope options that you want to use for this exception, and then click OK.




 * 1) On the Exceptions tab, notice that the new service is listed. To enable the port, click to select the check box next to the service, and then click OK.



For more information about how to configure Windows Firewall, click the following article number to view the article in the Microsoft Knowledge Base:

875357 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2

<div class="moreinformation_section">

Programs that may require that you open ports manually
The following table lists the programs and games that may require that you to open the port or the ports manually so that the programs can work correctly.

Programs
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Games
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

For information about how to contact any of the manufacturers that are listed in one of the following articles, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Back to the top

Additional query words: WinXP SP2 xpsp2 windowsxpsp2 winxpsp2 pop-up popup unwanted malicious hacker consult

Keywords: kbtshoot kbappcompatibility kbgraphxlink kbfirewall kbsecurity kbconfig kbscreenshot kbnomt kbresolve KB842242

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.