Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Any way to re-load original, default Windows 7 Firewall Rules...?


22 Jul 2013   #1

Windows 7 Ultimate 64-bit
 
 
Any way to re-load original, default Windows 7 Firewall Rules...?

Hi guys,

I'm in a bit of a pickle. My brother, being the brilliant *cough* sarcasm *cough* chap he is, never does any software maintenance on his computer, isn't very careful about what he downloads, and never tells me about anything odd. He simply ignores it all and assumes all will be fine, despite my constant warnings to the contrary. Being the family tech. guy, this means I have to deal with the "all hell" when it eventually "breaks loose".

While using his desktop this morning to help him with something, I noticed a warning in the taskbar from the Action Center that his firewall was down plus some other odd errors and learned that Windows Update and a few system services were not only not running, but NOT EVEN SHOWING UP IN services.msc!

It took me all day to find the right registry keys to get everything working again, plus run a few billion AntiVirus and Anti-Malware scans for good measure...and, knock on wood, all seems fine now. HOWEVER...

Now that his firewall is back, it seems ALL the Firewall rules that were there in the list for his programs, and, indeed, all the default Firewall rules for Windows and it's updates, itself, are completely gone. My question is: Is there a way to re-load all the default Windows firewall rules back instead of having to enter them all manually? I already tried the "Restore Defaults" option, but that doesn't seem to have done anything as none of the Firewall rules have changed at all. Would loading an older System Restore point do the trick...? Do System Restore Points even store Firewall Rules...?

I'd love to try the System Restore point method, as it's easy, but I don't know when this whole problem originally started and I don't want to accidentally load a Restore Point and have it re-screw up all the registry entries I just repaired...

Any help would be GREATLY appreciated! Thanks so much!

EDIT: Sorry, forgot to mention, he's running Windows 7 Home Premium with SP1.

My System SpecsSystem Spec
.

22 Jul 2013   #2

Microsoft Community Contributor Award Recipient

Windows 7 Pro 64 SP1
 
 

My System SpecsSystem Spec
22 Jul 2013   #3

Windows 7 Ultimate 64-bit
 
 

Thanks for the suggestion Derekimo, but, as I said in my original post, I tried doing that with no result

Quote   Quote: Originally Posted by Darkstrike View Post
Hi guys,

...I already tried the "Restore Defaults" option, but that doesn't seem to have done anything as none of the Firewall rules have changed at all....
I've got another issue as well now...File Sharing isn't working. I noticed it's turned off in the "Advanced Sharing Settings", but if I try to turn it back on and hit save, when I go back in, it's set to off again.

I ran the FarBar Services Scanner earlier and noticed the only anomalies it reported were:

"Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist."

Is there any way to repair this "iphlpsvc" service or "SharedAccess"...?
My System SpecsSystem Spec
.


22 Jul 2013   #4

Windows 7 Ultimate 64-bit
 
 

UPDATE: First off, sorry for the double-post but I managed to fix the issues I listed above with iphlpsvc and SharedAccess.

I still have the issue with the Firewall though...any other ideas on how to restore the Windows Firewall default rules...?
My System SpecsSystem Spec
22 Jul 2013   #5

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Can you run a new FSS report please and upload the results
My System SpecsSystem Spec
22 Jul 2013   #6

Windows 7 Ultimate 64-bit
 
 

Hi VistaKing,

I can if you'd like, but I ran an FSS scan on my working machine and then another one on his machine - now that I've seemed to get everything working, the FSS reports match (EDIT: the reports matched with the settings I had been using in FSS, but they DIDN'T match when I ran one on his machine with all of FSS's options checked, see below...), so I THINK everything's back to normal with it after hours of effort!

EDIT - Everything is ALMOST back to rights, FSS is still saying there's a problem with Windows Defender....it's in services.msc, but the description says "Failed To Read Description: Error Code 5" and it's Disabled. If I try to run it, it says "Flag could not be set: Error 87: The parameter is incorrect."

Log output of FSS with all options checked is as follows:

Farbar Service Scanner Version: 13-07-2013
Ran by Kristan Dagley (administrator) on 22-07-2013 at 21:35:49
Running from "C:\Users\Kristan Dagley\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


I managed to get the "Restore Defaults" option working for the Windows Firewall, so all of those OS default rules seem to be back. My brother will just have to re-allow all his installed programs access through the firewall again...a bit of a pain, but I don't really have the time to do a full install and then reinstall and re-tweak all his programs for him, so that's far better than that alternative!
My System SpecsSystem Spec
22 Jul 2013   #7

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Run the followering on the PC


Farbar Recovery Scan Tool

32-bit Version OS Farbar Recovery Scan Tool <==== Download Link

Drag the FRST.exe from the Downloads folder to your Desktop

Right click on FRST.exe and choose

When the tool opens click Yes on the disclaimer window .
Press Scan button.


Please upload both logs in your reply.(FRST.txt and Addition.txt)

FRST.txt and Addition.txt will be on the Desktop

If its a x64-bit download below

Farbar Recovery Scan Tool


64-Bit Version OS Farbar Recovery Scan Tool x64 <===== Download Link

Drag the FRST64.exe from the Downloads folder to your Desktop

Right click on FRST64.exe and choose

When the tool opens click Yes on the disclaimer window .

Press Scan button.

FRST will let you know when the scan is complete and has written the FRST.txt to file

Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .
My System SpecsSystem Spec
22 Jul 2013   #8

Windows 7 Ultimate 64-bit
 
 

Here's the output file from FRST on his machine.


Attached Files
File Type: txt FRST.txt (25.5 KB, 2 views)
My System SpecsSystem Spec
22 Jul 2013   #9

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

On his PC do the following

Open Notepad . Inside Notepad paste the highlighted text inside notepad


start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {69ca12cd-35ed-11e2-aca5-001d60e2701d} - Z:\setup.exe
end


Click on File ====> Save As

File Name : Fixlist.txt

Save as type : All Files

Location : USB flash drive

Click on the [Save] button .

Open the FRST tool again inside System Recovey and click on the [Fix] button . Once complete it will create a new log called Fixlog.txt . Upload the new log created in your reply . It should be inside the usb drive .

AdwCleaner

Click here AdwCleaner

Click on Download Now button

Save to the Desktop

Right-click on AdwCleaner.exe and choose

Click on Delete and confirm the prompt.



Your computer will be rebooted automatically. A text file will open after the restart.

Upload the log : The log file is at C:\AdwCleaner[Sn].txt
My System SpecsSystem Spec
22 Jul 2013   #10

Windows 7 Ultimate 64-bit
 
 

Quote   Quote: Originally Posted by VistaKing View Post
On his PC do the following

Open Notepad . Inside Notepad paste the highlighted text inside notepad


start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {69ca12cd-35ed-11e2-aca5-001d60e2701d} - Z:\setup.exe
end


Click on File ====> Save As

File Name : Fixlist.txt

Save as type : All Files

Location : USB flash drive

Click on the [Save] button .

Open the FRST tool again inside System Recovey and click on the [Fix] button . Once complete it will create a new log called Fixlog.txt . Upload the new log created in your reply . It should be inside the usb drive .

When you say "System Recovery"do you mean Safe Mode...?
My System SpecsSystem Spec
Reply

 Any way to re-load original, default Windows 7 Firewall Rules...?




Thread Tools



Similar help and support threads for2: Any way to re-load original, default Windows 7 Firewall Rules...?
Thread Forum
Solved windows firewall rules System Security
How to write a new rules in windows firewall System Security
Preventing installers from creating firewall rules System Security
does the firewall download the rules set via update System Security
Windows 7 default firewall rules System Security
Prevent programs to include rules in Windows Firewall? System Security
Firewall configuration rules for Win 7 FW? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:57 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33