-
Feb 1st, 2019, 07:28 PM
#1
Thread Starter
PowerPoster
Netsh add rule command not working
I'm trying to use vb.net to make calls to Netsh.exe and things are not going as they should. When I type the command into an Admin Powershell, it returns "Ok.". Which is what it does when the command is successful. But after that I go to the Windows Firewall and export the rules to a text file. And after I "supposedly" made a successful command, the rule is not found in the exported Firewall rules.
Here's the command I used...
Code:
netsh advfirewall firewall add rule name="Everything" dir=in action=allow program="F:\Program Files\Everything\Everything.exe"
And the path points to the correct file (rule name is not supposed to matter). I've been pounding on this for almost a week and I can't get it to work. What am I missing here. Netsh shows that the command was a success, but the rule is nowhere to be found in the Firewall???
I have almost all the commands I need working. The exception, however is adding (and removing) an application rule. I'm guessing if I can ever get the "add" command to work, the "delete rule" won't be a problem.
Thank you in advance for any help!
-
Feb 1st, 2019, 07:49 PM
#2
Lively Member
Re: Netsh add rule command not working
Try adding "enable=yes" to the end of your command. Like this:
Code:
args = "advfirewall firewall add rule name=""" & "UDP-Receiver""" & " dir=in action=allow program=""" & Application.StartupPath & "\bin\udp-receiver.exe""" & " enable=yes"
It's an example from working program I wrote.
-
Feb 1st, 2019, 07:51 PM
#3
Re: Netsh add rule command not working
What part of this is about VB.NET? Your post makes it sound like the problem is reproducible when manually entering the above command you posted via a command line, which would seem to rule out any interaction with VB.NET at that point.
In any event, per the below article, I would suggest adding enable=yes at the end of the command and see if that makes a difference.
https://support.microsoft.com/en-us/...d-of-the-netsh
-
Feb 1st, 2019, 07:51 PM
#4
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Thank you very much. I will try that right now and get back with you
-
Feb 1st, 2019, 08:23 PM
#5
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Here's what I did to make the Firewall take the command:
Code:
netsh advfirewall firewall add rule name="Everything" dir=in action=allow program="F:\Program Files\Everything\Everything.exe" enable=yes
But I still don't see the rule in the firewall.
OptionBase1: I guess I was trying to not do a lot of explaining, but guess I will then. I am testing the Netsh commands from an Admin Powershell or Dos prompt. Because if it doesn't work there, it won't work in code. That's the way I got all the other commands to work. Once I verify that it works, I put it into a VbScript file, then compile it to an exe and use the executable in my vb.net program.
This is the ultimate end of where all this is going...
Code:
Private Sub AllowProgramAccess(FilePath As String, FlieName As String)
Dim AppPath As String = Application.StartupPath
Dim AddTarget As String = AppPath & "\AddRule.exe"
Dim BlockTarget As String = AppPath & "\BlockProgram.exe"
Dim retVal As Integer = -3
Dim startInfo As New ProcessStartInfo
If AllowAccess Then
startInfo.FileName = AddTarget
Else
startInfo.FileName = BlockTarget
End If
startInfo.Arguments = FlieName & " " & FilePath
startInfo.UseShellExecute = False
startInfo.RedirectStandardOutput = True
startInfo.CreateNoWindow = True
Try
Dim p As Process = Process.Start(startInfo)
p.WaitForExit()
If AllowAccess Then
MsgBox("Added: " & FlieName & " to Whitelist")
Else
MsgBox(FlieName & " removed from Whitelist")
End If
Catch ex As Exception
MsgBox(ex.Message)
End Try
Visible = False
AllowAccess = False
End Sub
But the end result was the same after I added "enabled=yes" The rule was still not found in the Firewall in inbound or outbound rules.
I'm going to keep trying to make it work...
-
Feb 1st, 2019, 08:33 PM
#6
Re: Netsh add rule command not working
I understood your process, and fully agree with it. Gotta get it to work manually before you try to automate it in code.
Your explanation is exactly why I was questioning your decision to post this thread in the VB.NET forum. The problem itself has nothing to do with VB.NET.
-
Feb 1st, 2019, 08:36 PM
#7
Re: Netsh add rule command not working
Did you try cycling the Windows Firewall service to see if that makes the rule visible?
Have you searched in the registry after issuing the command to see if the rule shows up there?
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
-
Feb 1st, 2019, 08:40 PM
#8
Thread Starter
PowerPoster
Re: Netsh add rule command not working
You are correct and I confess that I thought that was probably the case. But I've just been working on this for a while and have not got it to work yet. Everything else works, why not this??
if a Mod or Admin decides to move it somewhere (although I don't know where that would be...) I will be fine with it.
Has anyone been about to get it to work from the command line and be able to find the rule in the Firewall?? I'm running out of things to try. But I can: block all ports, open all ports, dump the interface, reset the Firewall, and view all the TCP ports being used.
-
Feb 1st, 2019, 08:42 PM
#9
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Missed your last message OptionBase1. That's a good idea about checking the registry, I will do that right now. Thanks for letting me know where it is, lol
-
Feb 1st, 2019, 08:45 PM
#10
Re: Netsh add rule command not working
For the sake of thoroughness, what OS are you running?
-
Feb 1st, 2019, 08:50 PM
#11
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Ok, I'm using Windows 10, so I'm using: "netsh advfirewall" instead of "netsh firewall". And I just got through checking the rules in the registry and it is not found there either (sigh).
-
Feb 1st, 2019, 08:53 PM
#12
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Forgot to say that the Firewall is returning "Ok." with this command. And I'm using "enabled=yes" at the end...
Code:
netsh advfirewall firewall add rule name="Everything" dir=in action=allow program="F:\Program Files\Everything\Everything.exe" enable=yes
-
Feb 1st, 2019, 08:54 PM
#13
Re: Netsh add rule command not working
All of your testing is being done running things as Administrator, right?
-
Feb 1st, 2019, 08:55 PM
#14
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Yes, the commands won't work at all if you are not running Powershell and Dos Prompt at the elevated Admin rights
-
Feb 1st, 2019, 08:57 PM
#15
Re: Netsh add rule command not working
So, are you sanitizing the path and rule name to "Everything" for the purposes of posting in the forum? Is the path you are actually using in your testing valid (exists)?
-
Feb 1st, 2019, 08:59 PM
#16
Thread Starter
PowerPoster
Re: Netsh add rule command not working
I'm just using that as my testing base before trying to do it with parameters. But the software is there and the path to the software is correct. And Everything is a cool piece of software. It can find files on the hard drive faster than any other search tool. I've been using it for many years...
-
Feb 1st, 2019, 09:03 PM
#17
Thread Starter
PowerPoster
Re: Netsh add rule command not working
And BTW: Thanks a lot for your help. As you might can tell, I was pulling my hair out on this one because it doesn't make sense!
-
Feb 1st, 2019, 09:06 PM
#18
Re: Netsh add rule command not working
Have you tried using a path to a different exe file for the sake of trying something different, like the path to notepad.exe.
-
Feb 1st, 2019, 09:07 PM
#19
Thread Starter
PowerPoster
Re: Netsh add rule command not working
I've done that before, yes, but let me try it again just to make sure.... brb
-
Feb 1st, 2019, 09:09 PM
#20
Re: Netsh add rule command not working
Anything unusual about your F: drive? Just tossing out thoughts at this point.
-
Feb 1st, 2019, 09:14 PM
#21
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Ok, I just tried it with one of my apps that I know would not be in the Firewall rules, and the result is the same. The firewall tells me I've successfully entered a command, but the rule doesn't make it to the Firewall
-
Feb 1st, 2019, 09:16 PM
#22
Re: Netsh add rule command not working
Have you checked through the relevant log sources in Event Viewer to see if it is showing anything? Is it possible that the firewall rules pertaining to application/program rules are being configured via group policy and are prohibited from being modified manually?
-
Feb 1st, 2019, 09:17 PM
#23
Thread Starter
PowerPoster
Re: Netsh add rule command not working
I just had a thought though. When I look at the dump of Firewall rules, none of the rules has a "Text" type name. Here's an example of one of the rule names: [TWag5fCoOlOW8z]. And they all look like that.. Does that tell us anything? Seems like it might have some importance in what we are dealing with???
-
Feb 1st, 2019, 09:17 PM
#24
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Oops, read my last message. I'm going to check out the event viewer. Good Idea!
-
Feb 1st, 2019, 09:19 PM
#25
Re: Netsh add rule command not working
I've never examined a firewall rule export file before, so I can't help with that.
Do the rule names look "correct" in the registry? Or do that show up the same as in the exported file?
-
Feb 1st, 2019, 09:22 PM
#26
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Ok, the Event Viewer is clean. And I've done all this enough that there would be a lot of errors there, but there were only 2 entries and they were "Information" entries. I looked in the registry and ALL of the rule names are like the one I showed you,
-
Feb 1st, 2019, 09:27 PM
#27
Re: Netsh add rule command not working
When you were looking for the newly added rule in the registry, were you just eyeballing the list of rule names or were you having regedit do a full search for the .exe name that your rule was adding?
-
Feb 1st, 2019, 09:31 PM
#28
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Haha, I just did a search, just in case and it did not fine any of the files that I've been testing. Will try it the slow way next and see if there's an occurrence of that last filename anywhere
-
Feb 1st, 2019, 09:31 PM
#29
Re: Netsh add rule command not working
Have you ever used Process Monitor from Microsoft? Its a bit overwhelming to use for the first time, but it might shed light on what is going on behind the scenes.
-
Feb 1st, 2019, 09:34 PM
#30
Re: Netsh add rule command not working
I came up with this troubleshooting method back when I was an IT intern in the late 1990's. I call it the poop search.
Add a new rule where the filename is poop.exe (make sure the file exists). Then search your entire registry for references to poop.exe.
The idea is, there almost certainly will never be anything in the registry with a name or value of poop, so it weeds out any irrelevant results.
-
Feb 1st, 2019, 09:39 PM
#31
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Haha... I'm laughing away. Sounds like something I would think of. I'll do that. BRB when I'm finished
-
Feb 1st, 2019, 09:40 PM
#32
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Ok, done. I only searched HKEY_LOCAL_MACHINE, and nothing was found, but I will do the whole registry after sending this
-
Feb 1st, 2019, 09:46 PM
#33
Re: Netsh add rule command not working
If you add the same rule manually in the Windows Firewall gui interface, can that rule be found in the registry?
-
Feb 1st, 2019, 09:47 PM
#34
Thread Starter
PowerPoster
Re: Netsh add rule command not working
I've never tried that. Let me see. Give me a sec...
-
Feb 1st, 2019, 09:49 PM
#35
Re: Netsh add rule command not working
Probably should have asked this 30 posts earlier, but if you've been doing all kinds of testing with these netsh firewall commands today, have you rebooted to clean the slate at any point?
-
Feb 1st, 2019, 09:51 PM
#36
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Yes, I've been rebooting often with this, just in case. When I added the rule manually through the Firewall software, it worked fine. I name have the rule in there and it's about the only rule that isn't a long weird group of letters. So, what does that tell us??? I really don't know at this point. What do you think?
-
Feb 1st, 2019, 09:58 PM
#37
Re: Netsh add rule command not working
No idea. And unfortunately, I don't have a Windows 10 device here to test with myself. I guess I would suggest familiarizing yourself with Process Monitor (if you aren't already), and get a full capture of all activity from right before you enter that netsh command to right after you get the OK response and then start digging in to the events that are captured. There will be thousands if not 10's of thousands of events captured, and so, after you've captured all these events, you will likely want to start the examination process by adding a "process name" filter that only shows events that come from netsh.exe
That's about all I can offer at this point, good luck. If you track down the cause, please post the resolution here.
-
Feb 1st, 2019, 10:00 PM
#38
Thread Starter
PowerPoster
Re: Netsh add rule command not working
Sounds good. I'll let you go cause it's getting late. Thank you so much for your help. I really appreciate it. You have a great night my friend. Bye for now....
-
Feb 2nd, 2019, 09:23 AM
#39
Re: Netsh add rule command not working
Originally Posted by jumper77
if a Mod or Admin decides to move it somewhere (although I don't know where that would be...) I will be fine with it.
Thread moved to the 'General Developer' forum.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|