The Windows Defender Firewall misbehaves when UWF is enabled. How can I resolve this issue?

Question

The Windows Defender Firewall misbehaves when UWF is enabled. How can I resolve this issue?

Andrew Roy 0

When UWF is enabled in Windows 10 IoT LTSC, the firewall blocks incoming connections regardless of the firewall rules. I find this in the event log each time: "Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network." When UWF is disabled, everything works as it should and the application functions correctly without errors. When UWF is enabled, and only when UWF is enabled...

The firewall blocks incoming connections even though there are rules defined to allow incoming connections to the application, both TCP and UDP, on all ports, on any IP address.
Windows Defender fails to notify the user that the onnection was blocked, which causes considerable confusion.

This issue is consistent and reproducible on multiple systems. I have found one other complaint about this issue on the internet, but no answers. How can I resolve this without disabling the firewall completely? Is there a work-around such as a UWF exclusion to address this issue?

Thanks in advance,

Andy

PS. Here is the log entry:

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 3/15/2025 10:59:52 AM

Event ID: 5032

Task Category: Other System Events

Level: Information

Keywords: Audit Failure

User: N/A

Computer: KLY23

Description:

Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2

1 answer

Your answer

Answer 1

Anonymous

Hello,

Thank you for posting in Q&A forum.

Windows Firewall with Advanced Security can be configured to notify the user when an application is blocked by the firewall, and ask if the application should continue to be blocked in the future.

This event generates if Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

I hope the information above is helpful.

Best regards

Zunhui

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Andrew Roy 0 Reputation points

2025-03-18T15:59:40.6+00:00

I'm not sure you understand the problem. The application was installed before UWF was enabled. Windows Defender did notify the user when the application was tested initially, when UWF was disabled. The application was working and Windows Defender was allowing the incoming connection. But after UWF was enabled, Windows Defender started to misbahave, it blocked incoming connections and it did not notify the user, even though the advanced security settings had not changed. When UWF is disabled again, everything works as it should. And when UWF is enabled again, Windows Defender blocks the incoming connection again.
Andrew Roy 0 Reputation points

2025-03-18T16:09:12.8233333+00:00

I don't think you understand the problem. The application was working. Windows Defender did show a notification the first time we ran the program. That was before UWF (Unified Write Filter) was enabled. After UWF was enabled, Windows defender started blocking the incoming connection and failed to notify the user, even though the advanced security settings had not changed. When I disable UWF, the firewall works as it should, allowing the application to accept the incoming connection. When I enabled UWF again, the firewall blocks the connection again.

Share via

The Windows Defender Firewall misbehaves when UWF is enabled. How can I resolve this issue?

1 answer

Your answer