Article ID: 842242 - Last Review: September 23, 2011 - Revision: 10.0
Windows Firewall may block some programs from communicating over the Internet after you install Windows XP Service Pack 2
To continue receiving security updates for Windows, make sure you're running Windows XP with Service Pack 3 (SP3). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows (http://windows.microsoft.com/en-us/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packs)
On This Page
SUMMARY
After you install Windows XP Service Pack 2 (SP2), some programs may seem not to work. By default, Windows Firewall is enabled and blocks unsolicited connections to your computer. This article discusses how to make an exception and enable a program to run by adding it to the list of exceptions. This procedure enables the program to work as it did before the service pack was installed.
Back to the topINTRODUCTION
To help provide security for your Windows XP SP2-based computer, Windows Firewall blocks unsolicited connections to your computer. However, sometimes you might want to make an exception and allow for someone to connect to your computer. For example, the following scenarios describe occasions when you might want someone to be able to connect to your computer:
You are playing a multiplayer game over the Internet. You are expecting to receive a file that is sent through an instant message program.
After you install Windows XP SP2, client applications may not successfully receive data from a server. The following are some examples:
An FTP client Multimedia streaming software New mail notifications in some e-mail programs
Or, server applications that are running on a Windows XP SP2-based computer may not respond to client requests. The following are some examples:
A Web server such as Internet Information Services (IIS) Remote Desktop File Sharing
Windows Security Alert
Sometimes, when Windows Firewall blocks a program, a Windows Security Alert dialog box appears.Resolution
Enable programs by using the "Windows Security Alert" dialog box
To work correctly, some programs and games must receive information over the network. The information enters your computer through an inbound port. For Windows Firewall to allow for this information to enter, the correct inbound port must be open on your computer. If you recognize the name of the program, and you want to allow for the program to function as usual, click Unblock in the Windows Security Alert dialog box.Collapse this image
Advanced users section
This section is intended for advanced computer users. If you are not comfortable with advanced troubleshooting, you might want to ask someone for help or contact support. For information about how to do this, visit the following Microsoft Web site:http://support.microsoft.com/contactus (http://support.microsoft.com/contactus)
To enable a program to communicate like it did before Windows XP SP2 was installed, and to enable programs that you want to run, use one of the following methods.
Advanced users method 1: Enable programs by using Windows Firewall
If you do not click Unblock in the Windows Security Alert dialog box, the program continues to be blocked. To enable a program by using Windows Firewall, follow these steps:Click Start, and then click Run.
In the Open box, type wscui.cpl, and then click OK.
Click Windows Firewall.
In the Windows Firewall dialog box, click the Exceptions tab, and then click Add Program.
In the Add a Program dialog box, either select the program from the list that appears, or click Browse to locate your program.
If you cannot locate your program, see the next section, Identifying and opening ports. After you select your program, click OK. On the Exceptions tab, make sure that the check box next to your program is selected, and then click OK.
Note If you later decide that you do not want the program to be an exception, clear this check box.
Adding a program to the list of exceptions has the following advantages:
Collapse this image
In the Open box, type wscui.cpl, and then click OK.
Collapse this image
Click Windows Firewall.
Collapse this image
In the Windows Firewall dialog box, click the Exceptions tab, and then click Add Program.
Collapse this image
In the Add a Program dialog box, either select the program from the list that appears, or click Browse to locate your program.
Collapse this image
If you cannot locate your program, see the next section, Identifying and opening ports. After you select your program, click OK. On the Exceptions tab, make sure that the check box next to your program is selected, and then click OK.
Collapse this image
Note If you later decide that you do not want the program to be an exception, clear this check box.
You do not have to know a specific port number. (By contrast, when you want to open a port, you have to know the number of the port that is used by the program. This is described later.) The port that is used by the program that is located on the list of exceptions will be open only when the program is waiting to receive a connection.
Advanced users method 2: Identifying and opening ports
If your program still does not seem to work after you add the program to the list of exceptions, or if you cannot locate the program in step 5 of the previous section, you can open a port manually.Important Before you can add a port or ports manually, you have to identify the ports that are used by the program. A reliable method for identifying the ports that are used by the program is to contact the vendor. If you cannot do this, or if a list of ports that are used by the program is not available, you can use Netstat.exe to identify the ports that are used by the program.
Identify ports by using Netstat.exe
Start the program in question and try to use its network features. For a multimedia program, try to start an audio stream. For a Web server, start the service. Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
Type the following at a command prompt. Press ENTER after each line:
Note If the program in question is running as a service, add the /svc switch to list the services that are loaded in each process:
In Tasklist.txt, locate the program that you are troubleshooting. Note the process identifier (PID) for the process.
In Netstat.txt, note any entries that are associated with the process identifier. Note the protocol that is used (TCP or UDP).
Important If the program uses more than one port, repeat this procedure to identify the additional ports that are used by the program. If you repeat the procedure and the port number that the program uses continues to change, add a program-based exception or contact the vendor of the program.
Collapse this image
In the Open box, type cmd, and then click OK.
Collapse this image
Type the following at a command prompt. Press ENTER after each line:
netstat –ano > netstat.txt
tasklist > tasklist.txt
notepad tasklist.txt
notepad netstat.txt
tasklist > tasklist.txt
notepad tasklist.txt
notepad netstat.txt
Note If the program in question is running as a service, add the /svc switch to list the services that are loaded in each process:
tasklist /svc > tasklist.txt
Collapse this image
In Tasklist.txt, locate the program that you are troubleshooting. Note the process identifier (PID) for the process.
Collapse this image
In Netstat.txt, note any entries that are associated with the process identifier. Note the protocol that is used (TCP or UDP).
Collapse this image
Open ports manually by using Windows Firewall
If you cannot identify the ports that are used by the program, you can open a port manually. To identify the specific port number to open, contact the product vendor or see the product user documentation. After you identify the port number that you want to open, follow these steps:Click Start, and then click Run.
In the Open box, type wscui.cpl, and then click OK.
Click Windows Firewall.
On the Exceptions tab, click Add Port.
In the Add a Port dialog box, type the name that you want to use for the port exception in the Name box, type the number of the port that you want to open in the Port number box, and then click either TCP or UDP.
To view or set the scope for the port exception, click Change Scope.
Select the scope options that you want to use for this exception, and then click OK.
On the Exceptions tab, notice that the new service is listed. To enable the port, click to select the check box next to the service, and then click OK.
For more information about how to configure Windows Firewall, click the following article number to view the article in the Microsoft Knowledge Base:
Collapse this image
In the Open box, type wscui.cpl, and then click OK.
Collapse this image
Click Windows Firewall.
Collapse this image
On the Exceptions tab, click Add Port.
Collapse this image
In the Add a Port dialog box, type the name that you want to use for the port exception in the Name box, type the number of the port that you want to open in the Port number box, and then click either TCP or UDP.
Collapse this image
To view or set the scope for the port exception, click Change Scope.
Collapse this image
Select the scope options that you want to use for this exception, and then click OK.
Collapse this image
On the Exceptions tab, notice that the new service is listed. To enable the port, click to select the check box next to the service, and then click OK.
Collapse this image
875357Â (http://support.microsoft.com/kb/875357/ ) Troubleshooting Windows Firewall settings in Windows XP Service Pack 2
MORE INFORMATION
Programs that may require that you open ports manually
The following table lists the programs and games that may require that you to open the port or the ports manually so that the programs can work correctly.Programs
Collapse this table
Program Vendor Ports Default exception Notes
Visual Studio .NET Microsoft See the third-party documentation See the third-party documentation Needed only for Remote DCOM debugging
SQL Microsoft Dynamically assigned ports for RPC and DCOM Needed only for remote debugging
Backup Exec 9 Veritas 10000 C:
\Program Files
\Veritas
\Backup Exec
\RANT32
\beremote.exe Needed only to back up a client from a server
\Program Files
\Veritas
\Backup Exec
\RANT32
\beremote.exe Needed only to back up a client from a server
Ghost Server Corporate Edition 7.5 Symantec 139-TCP-NetBIOS Session Service; 445-TCP-SMB over TCP; 137-UDP-NetBIOS Name Service; 138-UDP-NetBIOS Datagram Service See the third-party documentation Needed to push down a ghost client
Symantec AntiVirus Corporate Edition 8.0 Symantec File and Printer Sharing Checking the “Allow file and printer sharing†check box opens these ports: UDP 137, 138; TCP 139, 445. Needed to install client
SMS 2003 Server Microsoft Enable File and Printer Sharing ports See the third-party documentation Needed to view Windows XP SP2 Client Event Viewer
Cute FTP 5.0 XP GlobalSCAPE 21 or FTP server See the third-party documentation Needed to FTP in to a Windows XP SP2-based computer
Exceed 7.0, 8.0 Hummingbird 21 or FTP server See the third-party documentation Needed so that FTP for Windows Explorer can connect to remote computers
KEA! 340 5.1 Attachmate 23 or 'Telnet server' See the third-party documentation Needed to establish Telnet session to remote host
Reflection 10 and 11 WRQ 23 See the third-party documentation Needed to establish Telnet session to remote host
Reflection 10 and 11 WRQ 6000 (TCP/IP) and 177 (UDP) See the third-party documentation Needed to establish X-Windows Sessions
Reflection 10 and 11 WRQ 20 or 21 See the third-party documentation Needed so that FTP client can connect to remote computers
Smarterm Office 10 and Smarterm 11 Esker Software 23 or 'Telnet server' See the third-party documentation Needed to establish Telnet session to remote host
Smarterm Office 10 and Smarterm 11 Esker Software 21 or FTP server See the third-party documentation Needed so that the FTP tool can connect to remote computers
ViewNow 1.05 Netmanage FTP server or 21 See the third-party documentation Needed so that FTP tool can connect to remote computers
ViewNow 1.0 and 1.05 Netmanage 6000 (TCP/IP) and 177 (UDP) See the third-party documentation Needed to establish X-Windows Sessions
ViewNow 1 or 1.05 Netmanage Telnet Server or 23 See the third-party documentation Needed to establish Telnet session to remote host
Microsoft Operations Manager 2000 SP1 Microsoft Enable ICMP echo request, File and Printer Sharing and UDP See the third-party documentation Needed to push MOM Agent onto a Windows XP SP2-based client that has Windows Firewall enabled
AutoCAD 2004, 2005 Autodesk 21 See the third-party documentation Needed to browse projects by using FTP viewer (File Open dialog) when remote FTP host has Windows Firewall enabled.
Backup Exec 9.1.4691 Veritas See the third-party documentation %Program Files%
\Veritas
\Backup Exec
\RANT
\beremote.exe Needed to back up Windows XP SP2-based client
\Veritas
\Backup Exec
\RANT
\beremote.exe Needed to back up Windows XP SP2-based client
Windows Scanner and Camera Wizard Xerox Network Scanners 21 See the third-party documentation Needed so that the Scanner and Camera Wizard starts and the scanned images are available for the user to access.
ColdFusion MX Server Edition 6 Macromedia TCP (by default, 8500) See the third-party documentation Needed to allow remote access as Web server
CA ARCserve Computer Associates 137-UDP-NetBIOS Name Service; 138-UDP-NetBIOS Datagram Service; 139-TCP-NetBIOS Session Service; 704-UDP; 1478-UDP-MS-sna-base; 1900-UDP-SSDP; 6050-TCP-ARCserve Service; 6051-TCP-ARCserve Service See the third-party documentation Needed for remote installs, licensing, and client communications
EDM File System Agent 4.0 EMC 3895 See the third-party documentation Needed to install EDM client from server to Windows XP SP2
Microsoft Systems Management Server 2003 Microsoft TCP:2701 %WINDIR%
\System32
\CCM
\CLICOMP
\RemCtrl
\Wuser32.exe Needed so that Remote Tool can remote control a Windows XP SP2-based client computer
\System32
\CCM
\CLICOMP
\RemCtrl
\Wuser32.exe Needed so that Remote Tool can remote control a Windows XP SP2-based client computer
Aelita ERdisk for Active Directory 6.7 Quest Software See the third-party documentation File and Printer Sharing Needed to contact a remote computer
Hummingbird Host Explorer 8 Hummingbird 23 TCP and 21 TCP See the third-party documentation Needed to Telnet in to a Windows XP SP2-based client
BV-Admin Mobile Bind View See the third-party documentation File and Printer Sharing Needed to contact a remote computer
SQL 2000a Microsoft 1433 and 1434 See the third-party documentation Needed to connect to remote computer
Backup Exec 8.6.1 Needed so that the server can push remote agent to a Windows XP SP2-based client
Microsoft SNA 4.0 SP3 Microsoft See documentation File and Printer Sharing Needed to see a Windows XP SP2-based client
Extra! Personal Client 6.5 and 6.7 Attachmate Telnet Server or port 23 See the third-party documentation Needed to establish Telnet session to remote host
Extra! Enterprise 2000 Attachmate Telnet Server or port 23 See the third-party documentation Needed to establish Telnet session to remote host
Extra! Bundle for TCP/IP 6.6 Attachmate Telnet Server or port 23 See the third-party documentation Needed to establish Telnet session to remote host
Volume Manager 3.1 Veritas 2148 C:
\Progam Files
\Veritas
\Veritas Object Bus
\Bin
\vxsvc.exe Needed to connect to a Windows XP SP2-based client
\Progam Files
\Veritas
\Veritas Object Bus
\Bin
\vxsvc.exe Needed to connect to a Windows XP SP2-based client
BMC Patrol for Windows 2000 BMC Software On the Windows XP SP2-based (client) computer: TCP ports 3181, 10128 and 25; UDP ports 3181, 10128 and 25 \\<Server Name>
\BMC Software
\Patrol 3-4
\Best1
\6.5.00
\bgs
\bin
\Best1CollectGroup.exe Needed to allow connection of server to client computer. Make sure that you have shared the BMC Patrol file on the server before you try to move to the default exception path on the client.
\BMC Software
\Patrol 3-4
\Best1
\6.5.00
\bgs
\bin
\Best1CollectGroup.exe Needed to allow connection of server to client computer. Make sure that you have shared the BMC Patrol file on the server before you try to move to the default exception path on the client.
eTrust 6.0.100 Computer Associates File and Printer Sharing ports and ICMP echo request and port TCP 42510 See the third-party documentation Needed to remote install to Windows XP SP2
NetShield 4.5 McAfee Security See the third-party documentation File and Printer sharing Needed to Remote Connect to a Windows XP SP2-based client
Computer Associates eTrust 7.0 Computer Associates Add the File and Printer Sharing ports and ICMP echo request See the third-party documentation Needed so that a Windows Server 2003 eTrust 7.0 server can remotely test logon to a Windows XP SP2-based client
Computer Associates eTrust 7.0 Needed so that a Windows Server 2003 eTrust 7.0 server can remotely install the client eTrust software on Windows XP SP2-based computers. Resolved by setting the following to 0 and then rebooting: HKEY_LOCAL_MACHINE
\SOFTWARE
\Policies
\Microsoft
\Windows NT
\RPC
\RestrictRemoteClients (DWORD value)
\SOFTWARE
\Policies
\Microsoft
\Windows NT
\RPC
\RestrictRemoteClients (DWORD value)
Retrospect Dantz 497 497 Visit http://www.dantz.com/en/support/kbase.dtml?id=28189
Symantec Ghost Corporate Edition 7.5, 8.0, and 8.2 Symantec In File and Printer Sharing, select the Allow file and printer sharing check box that opens UPD ports 137 and 138, and TCP port 139 and 445 Needed to do a remote client install
Symantec AntiVirus Corporate Edition 8.x and 9.x Symantec Open IP (UDP) ports 2967 and 33345 for IPX. In addition, open ports 38293, 38037, and 38292 for UDP traffic. In File and Printer Sharing, select the Allow file and printer sharing check box that opens UPD ports 137 and 138, and TCP ports 139 and 445 Visit http://www.symantec.com/techsupp/
enterprise/sp2/faq.html
enterprise/sp2/faq.html
IBM Tivoli Storage Manager IBM See IBM Technote See IBM Technote The IBM Technote title is "Windows XP Service Pack 2 firewall setting for TSM Client."
The IBM Technote is available at http://www.ibm.com/software/sysmgmt/products/support/ (http://www.ibm.com/software/sysmgmt/products/support/)
The IBM Technote is available at http://www.ibm.com/software/sysmgmt/products/support/ (http://www.ibm.com/software/sysmgmt/products/support/)
Games
Collapse this table
Game Vendor Ports Default exception
Chess Advantage III: Lego Chess Encore See the third-party documentation See the third-party documentation
Need for Speed Hot Pursuit 2 EA Games See the third-party documentation See the third-party documentation
Unreal Tournament 2003 Atari See the third-party documentation See the third-party documentation
Unreal Tournament Game of the Year Edition Atari See the third-party documentation See the third-party documentation
Midnight Outlaw: Illegal Street Drag 1.0 VALUSoft See the third-party documentation Defwatch.exe
Scrabble 3.0 Atari See the third-party documentation See the third-party documentation
Star Trek StarFleet Command III 1.0 Activision See the third-party documentation See the third-party documentation
For information about your hardware manufacturer, visit the following Web site:
http://support.microsoft.com/gp/vendors/en-us (http://support.microsoft.com/gp/vendors/en-us)
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.Keywords:Â
kbresolve kbgraphxlink kbnomt kbscreenshot kbtshoot kbconfig kbsecurity kbappcompatibility kbfirewall KB842242Was this information helpful?
Yes
No
Somewhat
How much effort did you personally put forth to use this article?
Very low
Low
Moderate
High
Very high
Tell us why and what can we do to improve this information
Thank you! Your feedback is used to help us improve our support content. For more assistance options, please visit the Help and Support Home Page.
Other Resources
Other Support Sites
Solution Centers Microsoft Fix It Solutions Windows Help and How-to Office Online Microsoft Partner Network
Community
Article Translations
(الشرق الاوسط (العربية Brasil (Português) ÄŒeská republika (ÄŒeÅ¡tina) Danmark (Dansk) Deutschland (Deutsch) Eesti (Eesti) España, Latinoamérica (Español) France (Français) Hrvatska (Hrvatski) Italia (Italiano) Latvija (LatvieÅ¡u) Lietuva (Lietuvių) Magyarország (Magyar) Nederland (Nederlands) Norge (Norsk BokmÃ¥l) Polska (Polski) Portugal (Português) România (Română) Slovenija (SlovenÅ¡Äina) Slovenská Republika (SlovenÄina) Srbija (Srpski) Suomi (Suomi) Sverige (Svenska) Türkiye (Türkçe) Ελλάδα (Ελληνικά) Ð‘ÑŠÐ»Ð³Ð°Ñ€Ð¸Ñ (българÑки) РоÑÑÐ¸Ñ (РуÑÑкий) Україна (УкраїньÑка) à¤à¤¾à¤°à¤¤ (हिंदी) ไทย (ไทย) ëŒ€í•œë¯¼êµ (í•œêµì–´) ä¸å›½ (简体ä¸æ–‡) å°ç£ (ç¹é«”ä¸æ–‡) 日本 (日本語)
