Hi,
my default setting for the firewall is to block all traffic. Exceptions are added if necessary. This strategy will not be changed for there is no clarity regarding all the traffic going on. For instance, two exceptions enable DNS and DHCP. This works well.
Another one is svchost, service="Cryptographic services" (CryptSvc). The latter does
not work. This means, the firewall still blocks these packets. I have verified my rule multiple times, even removed it and added it again.
As the normal firewall log file isn't speaking enough, I have enabled logging of dropped packets in the event log via group policies. I wrote a little program for live observation of these log entries. Thereby, I am able to lookup the services from the logged
process ID.
The firewall rule exactly matches this case. Consequently, the packet should not be blocked. The rule is: Allow, Outgoing, program=svchost, service=CryptSvc, all profiles, all local ports, all IPs, protocol TCP, remote ports 80 and 443.
So my question is: Why does the firewall block packets even if a rule allows them? (There is no other rule denying it)
Win 10 x64 Pro
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
