I am using Windows Filtering Platform and am filtering on the layer FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4. My server is Windows 10, latest patches as of 2021-04-17. My assumption, according to the docs, is that this layer only filters the initial connection attempt. After that, each non-syn packet does not go through processing on this layer. I created a ..
When I install a program I create, windows warns me that the software manufacturer cannot be verified. I tried to look it up but couldn’t find any relevant guidance. How can someone become a well-known software manufacturer in the Microsoft ecosystem? Source: Windows..
we are working with WFP for the implementation of a parental control system. The system is based on a kernel mode callout driver. The driver will callout to a user mode application which does the real filtering. We had a c++ based filter module running for a couple of years. we now switched over to ..
I need to implement a callout driver to block/allow some of the UDP traffic based on protocol and port number. There are many WFP layers supporting FWP_ACTION_BLOCK. Which layers would be the preferred choice to block UDP traffic! Any guidance would be helpful. Thanks, Source: Windows..
I am trying to block UDP traffic passing through a certain port(that’s configurable). How can I do this using WFP? Need some guidance for the starting point. Thanks, Source: Windows..
When attempting to uninstall a wfp callout driver, what is good practice: Stop the driver service and uninstall it let driver running and mark it for delete on reboot Any suggestion! thanks, Source: Sta..
According to documentation for FWPM_LAYER_ALE_AUTH_CONNECT_REDIRECT, "Starting with Windows 8, memory allocated for localRedirectContext will have its ownership taken by WFP, and will be freed when the proxied flow is removed." But if verifier is ON then it gives bugcheck DRIVER_VERIFIER_DETECTED_VIOLATION with allocations not freed for the context. Any solution for this? Source: Sta..