Forum Discussion

massimocristofolini's avatar
massimocristofolini
Copper Contributor
Jan 29, 2024

UWF: problems with some excluded folders and firewall

I'm running Windows 10 Enterprise LTSC (version 10.0.17763). I've setup everything I need and I'm configuring UWF filters. I enabled protection for C: volume, and added a couple of exclusion for:

  • allowing write on my app folder in C:\Program Files\CustomApp (for updates)
  • allowing write on the user's "User" Documents folder C:\Users\User\Documents\ (custom app logs, ...)
  • allowing network interfaces edit

Here is the output of uwfmgr get-config command

 

PS C:\Windows\system32> uwfmgr get-config
Unified Write Filter Configuration Utility version 10.0.17763
Copyright (C) Microsoft Corporation. All rights reserved.

Current Session Settings


FILTER SETTINGS
    Filter state:    ON
    Pending commit:  N/A
    Shutdown pending:No

SERVICING SETTINGS
    Servicing State: OFF

OVERLAY SETTINGS
    Type:               RAM
    Maximum size:       1024 MB
    Warning Threshold:  512 MB
    Critical Threshold: 1024 MB
    Freespace Passthrough: OFF
    Persistent: OFF
    Reset Mode: N/A



VOLUME SETTINGS
Volume bbac04fb-9c1e-4b48-8220-5b5b315a37af [C:]
    Volume state:     Protected
    Volume ID:        bbac04fb-9c1e-4b48-8220-5b5b315a37af

    File Exclusions:
Current Session Exclusions for Volume bbac04fb-9c1e-4b48-8220-5b5b315a37af [C:]
    C:\Program Files\CustomApp
    C:\Users\User\Documents\



REGISTRY EXCLUSIONS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi

Next Session Settings


FILTER SETTINGS
    Filter state:    ON
    Pending commit:  N/A

SERVICING SETTINGS
    Servicing State: OFF

OVERLAY SETTINGS
    Type:               RAM
    Maximum size:       1024 MB
    Warning Threshold:  512 MB
    Critical Threshold: 1024 MB
    Freespace Passthrough: OFF
    Persistent: OFF
    Reset Mode: N/A



VOLUME SETTINGS
Volume bbac04fb-9c1e-4b48-8220-5b5b315a37af [C:]
    Volume state:     Protected
    Volume ID:        bbac04fb-9c1e-4b48-8220-5b5b315a37af

    File Exclusions:
Next Session Exclusions for Volume bbac04fb-9c1e-4b48-8220-5b5b315a37af [C:]
    C:\Program Files\CustomApp
    C:\Users\User\Documents\



REGISTRY EXCLUSIONS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi

 

Problem 1

As visible from the config above, C:\Users\User\Documents\ and C:\Program Files\CustomApp folders are listed in the File Exclusion.

Write on C:\Program Files\CustomApp (e.g. create a folder/file) will persist after reboot. Write on User's Documents folder gets lost after reboot.

Am I missing something? How to have persistency on user's Documents folder? Do I need to set some extra things other than the folder exclusion?

 

Problem 2

My custom app runs a WebSocket server that listen to port 8080. I added a firewall inbound rule to allow all incoming requests for the app.

When the firewall is enabled and UWF filer is disabled, I can connect to my app from another PC. When UWF is enabled, the connection fails.

If I completely disable the firewall, I can connect to the app both when UWF manager is enabled or disabled.

What UWF configuration am I missing to have the firewall working as expected with UWF filtering enabled?

 

 

No RepliesBe the first to reply

Resources