You are reading:
Protecting Your Data: A Guide to Windows Firewall


Exceptions / Display Notification

The bottom of the Exceptions tab contains an option to "Display a notification when Windows Firewall blocks a program." This notification process allows you to control inbound network access for this program.


  • Keep Blocking - The "Keep Blocking" option disables the program from opening a port to the network, and it will continue blocking this program with all subsequent application requests. You will not receive any additional notifications once this program has been blocked.

    After you've blocked a program, the program is added to the exceptions list as a disabled exception. If you decide later that you'd like to unblock the application, simply check the box next to the application name in the Windows Firewall Exception tab.

  • Unblock - Selecting "Unblock" will allow this application to service inbound network connections. This option will automatically create and enable an exception in the Windows Firewall Exception list. This new exception will be identified in Windows Firewall by the application's name.


  • Ask Me Later - If you are unsure which option to choose, the "Ask Me Later" option is a safe alternative. This option continues to block the application, and the notification will appear again the next time the program attempts to open an incoming port to your computer.

    The "Ask Me Later" option allows you to test the functionality of a program without making any permanent configuration changes. If the program restarts, you can then decide to permanently block or unblock the application.

    The "Ask Me Later" option doesn't add anything to the Windows Firewall exception list. The application name isn't added, and there's no exception created in the Exceptions tab. When the application is run again, there's no history for Windows Firewall to reference, so it notifies you again.

    • This application notification process doesn't always display when a program is blocked. If an application is already listed in the exception list but is disabled (unchecked), the notification will not appear. You must delete the application from the exception list and restart the application to receive the notification dialog box.

    The "Display a Notification..." checkbox will also not provide a notification if incoming traffic is dropped by Windows Firewall. This notification will only be displayed if a local application not already existing in the exception list is attempting to open a port on the local computer. A notification is not displayed for incoming traffic that is dropped by Windows Firewall.