Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: netsh.exe keeps adding a "block everything" rule in Windows Firewall

24 Mar 2018   #1
VariousAardvark

Windows 7 Ultimate x64 Enterprise
 
 
netsh.exe keeps adding a "block everything" rule in Windows Firewall

The rule name is a string of apparently random letters, always the same letters (4jxr4b3r3du76ina39a98x8k2). It's an Outbound rule that blocks Any Program, any Local address, remote address from 8000::/1 to ::/1 under any protocol.

According to Event Viewer, it is being added from a file called netsh.exe sitting in sysWOW64, rather than system32, which I find suspicious, but neither Avaast nor MalwareBytes found a threat in the file, or anywhere on the system. The file is one of the "accepted" file sizes for netsh.exe, and my googling hasn't turned up anything definitive on whether it is ever found in sysWOW64 (I do also have a netsh.exe file of a different size (also "normal" size) in system32).

It adds the rule then removes it about a minute later, and then two seconds after that adds it again--it does this over thirty times, and eventually settles down and stops. If I disable then delete it, it doesn't seem to add it back. When I restart the system, it adds the rule back in again and starts the in-out dance again.

This problem only started today; coincided with my Ethernet over Power having a hissy fit, but the problem seems to remain once I've switched to a wireless dongle--I suspect the EoP thing is a coincidence, as the connection quality had been deteriorating a while. There are no new updates or installations between yesterday, when it was working fine, and today.

I can delete the rule and browse normally, but obviously this is a kinda crappy experience, and I'm concerned there's something malicious going on. I'd really appreciate any next-steps advice. Thank you for your time.


My System SpecsSystem Spec
.
Reply

 netsh.exe keeps adding a "block everything" rule in Windows Firewall




Thread Tools




Similar help and support threads
Thread Forum
OneDrive adding "Uninstall" to Windows 7 Startup. Why?
I am running Windows 7 Pro x64 with Microsoft OneDrive (SkyDrive) and the program keeps adding the following entries to the startup. HKCU_RUNONCE Uninstall c:\Users\UserName\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1 A week ago was the first entry and now I have HKCU_RUNONCE...
General Discussion
Existing Windows 7 - Adding XP on VHD (external?) to make "dual boot".
Hi guys, Here's the scenario. A while ago I was using Windows XP Pro on my laptop. I was then forced to switch completely to Windows 7, but because I had so many application and configurations done on the XP, I created a VHD from it (using this) before replacing it. Now, I want to know if its...
Installation & Setup
Windows 7 "Limited Access" to internet after adding pass to Linksys
As the title suggests, currently running Windows 7 64-bit, and have had no troubles with my internet in some time. Finally went ahead and set up security on my Linksys router today, but immediately after my PC could no longer connect to the network. There are two laptops, a desktop, a...
Network & Sharing
Windows Live Mail "Block and Delete"
All the info I have read on line talks about clicking the 'block andd delete' button. I don't have one! Can someone tell me where it is?
Browsers & Mail
Adding "print" option to windows explorer
Hi All, I work at a small, crazy, non profit. On my old computer (windows 7 64 bit), I could select multiple word/pdf documents (up to 10) and then right click and select "print" to batch print the documents. On my new computer (also win7 64) the option is missing entirely, and I don't see how...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 18:11.
Twitter Facebook Google+