Allow applications to use rawsockets

Note: If you use role-based administration:
  • You must have the Policy setting - firewall right to configure a firewall policy.
  • You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

Some applications can access a network through rawsockets, which gives them control over all aspects of the data they send over the network.

Malicious applications can exploit rawsockets by faking their IP address or send deliberately corrupt messages.

To allow applications to access the network through rawsockets, follow these steps.

Note: This option is not available on Windows 8 and later. The firewall will treat rawsockets in the same way as ordinary sockets.
  1. Double-click the firewall policy you want to change.
  2. On the Welcome page of the Firewall Policy wizard, click Advanced firewall policy.
  3. Under Configurations, click Configure next to the location for which you want to configure the firewall.
  4. Click the Processes tab.
  5. In the lower area, click Add.
    The Firewall Policy - Add application dialog box appears.
  6. In the Search period field, click the drop-down arrow and select the period for which you want to display application events.
    You can either select a fixed period, for example, Within 24 hours, or select Custom and specify your own time period by selecting the starting and ending dates and times.
  7. If you want to view application events for a certain file, in the File name field, enter the file name.
    If you leave this field empty, application events for all files will be displayed.
    You can use wildcards in this field. Use ? for any single character and * for any string of characters.
  8. Click Search to display a list of application events.
  9. Select an application event, and then click OK.
If you enable interactive mode, the firewall can display a learning dialog on the endpoint computer when a rawsocket is detected. For details, see Enable interactive mode.