Windows firewall exceptions

The Windows firewall can stop some programs working. You can set the firewall to allow these to work properly.

The easiest way to grant an exception to a specific program is:

  1. From the Start menu, click Control Panel
  2. Click Security Centre (or the Network and Internet Connections group if using Category view) and then click Windows Firewall – this opens the configuration applet
  3. Click on the Exceptions tab
  4. Choose Add Program...
  5. Click on the program from the list to select it or click on Browse to find it
  6. If the program needs to communicate with specific computers you can do one of the following:
  • If the communication is only with computers on your subnet, click on the Change scope… button and choose My Network (subnet) only. This only includes computers on the part of the University’s network you are on, not the whole University.

Or better:

  • If you know specifically which computer the communication is with, click on the Change scope... button and choose Custom list and enter the IP address of the computer. You can specify several in a list separated by commas. Then click on OK
  1. Click on OK

You should now see the program in the list with a tick besides it.

  • To temporary revoke its exception, click on the tick box to remove the tick.
  • To permanently revoke its exception, highlight it and click on Delete. (You can always recreate the exception.)
  • To change the computers it is allowed to communicate with, click on Edit and then click on Change scope

You may have your attention drawn to a program that the firewall has blocked by a pop-up window entitled 'Windows Security Alert' and given the choice to Keep Blocking, Unblock or Ask Me Later.

  • If you do not recognised the program you should choose Keep Blocking. The program will be blocked from communicating with your computer and will be blocked without prompting if it tries to communicate in the future.
  • If you recognise the program and want to allow it to communicate choose Unblock. This create an exception rule for it, which you can edit later (as above). If you know which computers the program communicates with Edit the rule that has been created and change the scope to allow communication with specific computers only (see above).
  • Ask Me Later does not allow the communication but will ask you again next time the program attempts to communicate.