locked
Windows Firewall rules reset to default after updating from 1511 to 1607 RRS feed

  • Question

  • When updating a Windows 10 PC from 1511 to 1607, (at least some) firewall rules are being reset to default. For example, I enabled Remote Desktop (which automatically enabled the Remote Desktop rules in Windows Firewall), then I set up Remote Desktop to only allow connections from a certain CIDR. After updating to Windows 10 1607, the rules are still enabled, but the CIDR restrictions are gone.

    We have seen this on several Windows 10 PCs (all running Enterprise Edition, updated to 1607 through ISO), and I was able to replicate this issue repeatedly on a VM I set up.

    Tuesday, September 27, 2016 5:22 AM

Answers

All replies

  • Update reinstall Windows so does not surprise me firewall rules are reset to default. To avoid this suggest you back the rules up before the upgrade and restore them afterwards.

    Windows Firewall Settings - Backup and Restore

    Tuesday, September 27, 2016 7:42 PM
  • I have also reproduced the same issue on Win10 Enterprise that the firewall gets reset right after installing a certain recent Windows Update which is a critical security issue. Please fix this issue asap 

    Installed Updates:

    • Cumulative Update for Windows 10 for x64-based Systems (KB3192440)
    • Update for Windows 10 for x64-based Systems (KB3161102)
    • Security Update for Windows 10 for x64-based Systems (KB3172729)
    • Feature update to Windows 10 Enterprise, version 1607
    • Update for Windows 10 for x64-based Systems (KB3173427)

    Here is the event log of the firewall alteration;

    A rule has been modified in the Windows Firewall exception list.

    • Modified Rule:
    • Rule ID:        RemoteDesktop-UserMode-In-TCP
    • Rule Name:        Remote Desktop - User Mode (TCP-In)
    • Origin:        Local
    • Active:        Yes
    • Direction:        Inbound
    • Profiles:        Private,Domain, Public
    • Action:        Allow
    • Application Path:        C:\WINDOWS\system32\svchost.exe
    • Service Name:        termservice
    • Protocol:        TCP
    • Security Options:        None
    • Edge Traversal:        None
    • Modifying User:        SYSTEM
    • Modifying Application:        C:\$WINDOWS.~BT\Sources\mighost.exe

    • Edited by Serkan Ozkul Wednesday, November 2, 2016 4:08 PM
    Wednesday, November 2, 2016 4:07 PM
  • yes this is very annoying

    I also have it with the insider builds that it removes some rules magically.
    Either MS should give a list what everything will be reset during such a update or they should not do it.

    As I work in Enterprise with over 10'000 pc's - all those things like auto reset rules, reset file associations, reinstall bing search engine etc. make Win10 annoying - please MS listen to customer and fix.

    If I want reset everything, you can give me a button to click it.

    Thursday, May 11, 2017 5:52 AM
  • While the link above does work (it does save the settings) it is far from satisfactory.

    For example consider a remote support session.

    1. Backup firewall settings which allow for RDP settings to computer.
    2. Install Win10 Anniversary/Creators Update.
    3. Win10 resets firewall settings which remove RDP settings.
    4. You have lost your remote support RDP session.
    5. Computer needs to by physically visited to reset the RDP Firewall settings.

    This needs to be fixed.  It's gone on long enough.  There is no reason that the firewall settings need to be reset to default.

    Saturday, February 3, 2018 7:26 PM
  • 4 months later, still an issue. We have PCs that need to talk to each other over a strictly internal network. The updates come thick and fast, and bless their protectionist heart, kill our ability to get work done. I am looking for an automated way to detect that an update has occurred and then automatically reset the firewall to our required settings, since it looks like MS has no intention of correcting this.

    Wednesday, June 13, 2018 5:47 PM
  • Any news on this? 10 days ago I installed the latest feature upgrade, and my custom settings were removed.

    Worse - if I re-enter them and re-boot the laptop, they disappear again!

    Any ideas?

    mlavie

    Sunday, September 22, 2019 8:16 PM