Network Uptime

You are reading:
Protecting Your Data: A Guide to Windows Firewall

The Exceptions List

The main screen of the Exceptions tab displays the list of application exceptions. Active exceptions are displayed with a checkmark next to the exception name, and disabled exceptions are unchecked. If an application or port number isn't displayed in this list, then unsolicited access into your computer isn't allowed.


An application doesn't have to be in the exception list to communicate over the network from your computer. If the application communication is initiated from your computer (rather than an incoming request from the outside), Windows Firewall creates a "stateful" exception for the duration of your communication. This stateful connection only allows communication between your computer and the other device, and this connection only operates on the ports required for communication between the two systems.

Windows Firewall exceptions are only required if an external computer initiates the connection to your computer. There's no reason to add an exception for every installed program on your computer, since relatively few applications are constantly "listening" for an inbound application request.


Hidden Exceptions
There's one other place in Windows Firewall where exceptions can be identified. Windows Firewall defines port-based "Service Exceptions" under the individual network adapter's Network Connection Settings in the Windows Firewall Advanced tab. These service exceptions aren't listed under the Exceptions tab, and vice-versa. This can be confusing, since all exceptions aren't listed in a single place.

The ability to configure these "hidden" exceptions in the Advanced tab have been removed in the next-generation Windows Vista beta software, so it's possible that this capability may not appear in future versions of Windows Firewall.