Programs Add Themselves to the Windows Firewall Exception List

[theH]

I've noticed that some programs seem to just go ahead and add themselves to the Windows Firewall Exception List by creating a registry entry here:

HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Surely it's not this easy to by-pass the Windows Firewall?

I came across this problem when attempting to block UT2004 from accessing the internet (My younger cousins have been banned from playing ut2004 online by their parents but as a compromise they can still LAN with each other and I'm trying to help out).

However, I noticed UT2004 would just go ahead and add itself to the exceptions list *every time* I hit "join a game" and all the servers would pop up despite my efforts. Any thoughts on this?

 

[altheman]

it could that windows is allowing outgoing connections but not incoming ones, which is what it does by default (i think). and since the exception list is in the registry, it wouldnt be too difficult for a program to add itself to the list.
my recommendation is to use a proper firewall, like Sygate (my fav. firewall), which is much better then a half baked windows one.
get Sygate firewall from here: http://www.tucows.com/get/213160_90233 its free and really good.

 

[theH]

altheman: Thanks for the recommendation; I will install a firewall for them as a last resort though because it seems like kind of over-kill for just one program.

Here are two other possible things I've come across:

1) Is there anyway to make a registry key read-only? This way I can add the program to the exceptions list, un-check it (don't allow it as an exception), and then prevent it from appearantly "re-allowing" itself as an exception.

2) I've been advised that there is a file somewhere in Windows XP that allows you to re-route specific outgoing requests to go to other sites. I mean I was advised to find wherever UT2004 tries to get the server list and "re-route" that to point to my own IP address so that the request would fail. Does that even make sense?

 

[altheman]

1) Is there anyway to make a registry key read-only? This way I can add the program to the exceptions list, un-check it (don't allow it as an exception), and then prevent it from appearantly "re-allowing" itself as an exception.

you could try putting deny permissions on the registry key, but that might make the system unable to give exception to legit. programs. personally, i wouldnt recommend this.

I've been advised that there is a file somewhere in Windows XP that allows you to re-route specific outgoing requests to go to other sites. I mean I was advised to find wherever UT2004 tries to get the server list and "re-route" that to point to my own IP address so that the request would fail. Does that even make sense?

i think your referring to the "hosts" file under "C:\windows\system32\drivers\etc\."

to do this, you need to know the site that UT2004 tries to connect to. once you get this, you need to type this in the hosts file (open with notepad).

127.0.0.1       www.the site that ut2004 connects to here.com

this will make ut2004 look for the server list on your pc, which doesnt exist, and therefore fail.

 

[theH]

Thanks altheman, my problem is solved.

For the record UT2004's master server is:

ut2004master1.epicgames.com and (backup server)
ut2004master2.epicgames.com

 

[altheman]

glad to hear the good news