How to re-trigger "Windows firewall has blocked..." message?

Solution 1:

How do I find out what program was blocked?

Changes to the Windows Firewall rule set are logged in the "Application and Services" event logs.

You can inspect this log (which includes the date/time of events) to see what rules were added around the time you installed this program.

With this information you can removed the rule or create an appropriate exception in the firewall.


Viewing Firewall and IPsec Events in Event Viewer

To view events for Windows Firewall with Advanced Security in Event Viewer

  1. Event Viewer is available as part of Computer Management. Click Start, right-click Computer, and then click Manage. Under System Tools, click Event Viewer.

  2. In the navigation tree, expand Event Viewer, expand Applications and Services, expand Microsoft, expand Windows, and then expand Windows Firewall with Advanced Security.

  3. There are four views of operational events provided:

    • ConnectionSecurity. This log maintains events that relate to the configuration of IPsec rules and settings. For example, when a connection security rule is added or removed or the settings of IPsec are modified, an event is added here.

    • ConnectionSecurityVerbose. This log maintains events that relate to the operational state of the IPsec engine. For example, when a connection security rule become active or when crypto sets are added or removed, an event is added here. This log is disabled by default. To enable this log, right-click ConnectionSecurityVerbose, and then click Enable Log.

    • Firewall. This log maintains events that relate to the configuration of Windows Firewall. For example, when a rule is added, removed, or modified, or when a network interface changes its profile, an event is added here.

    • FirewallVerbose. This log maintains events that relate to the operational state of the firewall. For example, when a firewall rule become active, or when the settings of a profile are changed, an event is added here. This log is disabled by default. To enable this log, right-click FirewallVerbose, and then click Enable Log.

  4. Each event includes a General tab that summarizes the information contained in the event. For more information about an event, click Event Log Online Help to open a web page in the Windows Server Technical Library that contains detailed information and prescriptive guidance.

    The event also includes a Details tab that displays the raw data associated with the event. You can copy and paste the information in the Details tab by selecting the text (CTRL+A selects it all) and then pressing CTRL-C.

Source Viewing Firewall and IPsec Events in Event Viewer


What event is triggered when a rule is added?

4946: A change has been made to Windows Firewall exception list. A rule was added.

Example:

A change has been made to Windows Firewall exception list. A rule was added.

Profile Changed: All
Added Rule:
   Rule ID: DNSSrv-UDP-Out
   Rule Name: @dns.exe,-1005

Source Windows Security Log Event ID 4946


Further Reading

  • Windows Security Log Events

Solution 2:

In the Registry, the list of firewall rules is kept in this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

When a new program tries to start listening, a pair of Windows Firewall rules (one TCP, one UDP) is automatically created for it, either "allow" or "block" based on what the user chooses in response to that dialog. Conveniently, the value names for rules created in this way always start with the same strings: TCP Query User or UDP Query User.

some registry entries

After the GUID is the full path to the executable. Whether a given rule is "allow" or "block" is given near the start of the data. If you clicked Cancel, the rules will block. Once you've figured out which executable is probably your program, delete the pair of Registry entries (both TCP and UDP) and restart the Windows Firewall service (MpsSvc). Alternatively, open the Windows Firewall with Advanced Security window (wf.msc) and delete the two entries with the name given in the Name part of the Registry entries' data.

Once that's done, you'll get the Windows Firewall confirmation dialog next time the application tries to start its networking.

Solution 3:

This may not be the most popular answer for some people, but it's by far the easiest and answers your question. Simply restore your Windows Firewall settings to default. It's the easiest solution because it will re-trigger the confirmation dialog the next time the application requires firewall permissions, and you don't have to go digging through logs for the exact program name. I like to do this at least once a year anyways so that I can remember exactly what is allowed.

Of course this may not be a good idea if you've spent hours configuring ports for a media server or something, but for most people it should be fine.

To do this, open the "Windows Firewall" page in Control Panel and click "Restore defaults".

enter image description here enter image description here

Solution 4:

I ran some program and it popped up Windows Firewall notification. I didn't think and clicked "cancel" in it.

Just follow these instructions:

  1. Open the Control Panel (icons view), and click/tap on the Windows Firewall icon.
  2. Click/tap on the Allow a program through Windows Firewall link in the left

enter image description here

  1. Click/tap on the Change settings button.

enter image description here

  1. Allow the program by selecting the checkboxes and hitting the Space button on the keyboard which creates the allow exception.

enter image description here

  1. Add the executable to the list of allowed and denied programs. Any program that does not have an allow exception is currently blocked. You can do this by clicking the Allow other program button and selecting the desired executable.

enter image description here

  1. When done, click/tap on OK.
  2. Close the Windows Firewall window if you like.

How to Add or Remove Windows Firewall Exception in Windows 7 and Windows 8

Now my program crashes with network errors.

Follow the guide to create a Windows Firewall allow exception for the program in question.

I ran some script. This script ran some other script, some of them caused another programs to run. Some of these programs triggered firewall message, which I ignored.

You need to determine which programs are ran, manually add them to the exception list, once you do this the program will function correctly.

The question is to either find it or initiate re-asking somehow.

The exectuable would have to be modified by the author in order for a new exception request to be generated. You can also just remove the current exception, then ran the program, a new request to create the allow exception will be displayed.

I DON'T KNOW THE NAME OF THE PROGRAM

You will have to determine the name of the program. You can do this by looking through your the list of exceptions you have created. You can also determine the name of the program, by running the script again, and when the program "crashes" look at the name of exectuable. You can then add that exectuable to your exception list in order to solve your problem.