locked
Windows 7 firewall and Mesh problems RRS feed

  • Question

  • Hi there,

      I've looked areound in quite a few forums, and although a few people seem to have this problem, no solutions seem evident.

      I use Windows 7 Home Pro, with the Windows firewall (blocking in and out-connections), avira free AV and exceptions for moe.exe and moemonitor.exe (manually and through the "add exception..." option in the basic firewall dialog).

      With this setup, Mesh cannot communicate with its servers when the firewall is up, whilst everything works perfectly when it's disabled.

      Had a similar problem with windows update (ie. wouldn't run unless the firewall was down), and I managed to work around that by creating an exception to svchost.exe (though that may be a security risk; there don't seem to be any other workarounds, including adding the update server locations to the exceptions list in IE).

     

      Any thoughts would be greatly appreciated.

     

    • Edited by Rainio Monday, May 10, 2010 8:26 PM
    Monday, May 10, 2010 12:39 PM

Answers

  • Hi Steve,

      thanks for your reply.

      I'm using the inbuilt Windows 7 firewall.

      Normally Mesh creates it's own exception (for moe.exe) in the Windows firewall (though only for incoming traffic, as it assumes your system uses the default of allow all outgoing connections). This exception has been created. I created further exceptions to moemonitor.exe and moe.exe for both incoming and outgoing traffic. Each exception allows the program to use any port necessary, so it's not this.

    Normally, doing this for any program that wishes to use the internet works with no problems.

      However, this doesn't seem to work with microsoft programs. Saving a word document to skydrive requires the firewall to be off, even with word.exe as an exception (though there's no guidance on this from microsoft, as far as I can find).

    The documentation for using Mesh with the Windows firewall is to go to choose Mesh from amongst the programs in the "Add program to firewall exception dialog" if it's not done automatically. This doesn't work,

      I guess the problem (and what I've been searching for) is that we're not told exactly which process should be exceptioned, and if they call other processes, though I think I've done what is normally needed.

     There is probably a setting awry with my firewall, though I can't find it. A few other people also seem to have these problems.

      Again there is scare documentation regarding this, so it looks as though I'll have to turn the windows firewall off to update mesh.

    Cheers

     

     

     

     

    Monday, May 10, 2010 8:19 PM

All replies

  • I think that your problem is that you are trying to be too restrictive without knowing what the applications and services need. Allowing an application in the firewall often is not enough. You also need to know what ports and protocols are used.

    I don't know if Mesh calls an external process to perform the login function or if that happens internally. I also don't know if it uses standard 443 for an https:// connection.

    This article explains how to block P2P in a firewall, so the reverse may help - to allow the traffic. 
    http://support.microsoft.com/kb/951862

    The following is from the Live Mesh Help site:

    If your firewall (A security feature designed to help protect a computer from unauthorized external access. It can be hardware, software, or both.) is set to block Live Mesh, you won't be able to sign in. See your firewall documentation or website for more information on how to add Live Mesh to your firewall's list of allowed programs. Once your firewall is set to allow your computer to access Live Mesh, you can try to sign in again.

    To allow Live Mesh to communicate through Windows Firewall on Windows Vista:

    1. Click Start, then in the Start Search box, type Windows Firewall. Click Windows Firewall.
    2. In the left pane, click Allow a program through Windows Firewall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
    3. Select the check box next to Live Mesh, and then click OK.

    To allow Live Mesh to communicate through Windows Firewall on Windows XP:

    1. Click Start, then click Control Panel.
    2. From the Control Panel, click Security Center.
    3. From the Security Center, click Windows Firewall.
    4. On the Exceptions tab, select the check box next to Live Mesh, and then click OK.

    By the way, adding an exception for svchost is defeating your purpose, I believe, since this is a generic Windows host process that can be used and called by many applications and services.

    -steve


    ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
    Monday, May 10, 2010 3:30 PM
    Moderator
  • Hi Steve,

      thanks for your reply.

      I'm using the inbuilt Windows 7 firewall.

      Normally Mesh creates it's own exception (for moe.exe) in the Windows firewall (though only for incoming traffic, as it assumes your system uses the default of allow all outgoing connections). This exception has been created. I created further exceptions to moemonitor.exe and moe.exe for both incoming and outgoing traffic. Each exception allows the program to use any port necessary, so it's not this.

    Normally, doing this for any program that wishes to use the internet works with no problems.

      However, this doesn't seem to work with microsoft programs. Saving a word document to skydrive requires the firewall to be off, even with word.exe as an exception (though there's no guidance on this from microsoft, as far as I can find).

    The documentation for using Mesh with the Windows firewall is to go to choose Mesh from amongst the programs in the "Add program to firewall exception dialog" if it's not done automatically. This doesn't work,

      I guess the problem (and what I've been searching for) is that we're not told exactly which process should be exceptioned, and if they call other processes, though I think I've done what is normally needed.

     There is probably a setting awry with my firewall, though I can't find it. A few other people also seem to have these problems.

      Again there is scare documentation regarding this, so it looks as though I'll have to turn the windows firewall off to update mesh.

    Cheers

     

     

     

     

    Monday, May 10, 2010 8:19 PM
  • Yes, I agree that the issue is that we don't have the information needed to create the firewall rules when you set the firewall to full restricted as you have done.

    I'm going to mark your reply as the answer, since we agree that this is the workaround and defines the problem, too.

    Another possible way to deal with this would be to use a process/network monitor to see *exactly* waht is going on for the Live Mesh (and other traffic that you want to control, but allow). In my mind, if you really wish to be that restrictive in your firewall settings, you really need to have access to the detailed information provided by these kinds of tools.

    I've never used it, but this looks to be the ticket for you: http://blogs.technet.com/netmon/default.aspx

    -steve


    ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
    Tuesday, May 11, 2010 1:50 PM
    Moderator
  • Thanks Stephen,

      I was using the windows task manager and network monitor though your program gives quite a bit more info.

      Unfortunately, the only service that Mesh seems to use is moe.exe.

      Worth the try, anyway. Shame there aren't any Mesh programmers on this forum to aid some insight.

      Thanks for your help.

     

     

     

    Tuesday, May 11, 2010 8:31 PM
  • I think that all of the Live Mesh team is busy with the next version, so we're on our own in the interim and have been for quite some time...

    -steve


    ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
    Wednesday, May 12, 2010 12:03 PM
    Moderator