避免 Windows 防火墙弹出窗口
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3558494/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Avoiding a Windows Firewall popup
提问by Tom Davies
My organisation produces a suite of Windows applications that make use of networking, and so when users run our software for the first time, the Windows Firewall (if it is running) brings up a pop-up, informing the user that our app(s) are trying to use the network, prompting the user to allow or deny access.
我的组织生产了一套利用网络的 Windows 应用程序,因此当用户第一次运行我们的软件时,Windows 防火墙(如果它正在运行)会弹出一个弹出窗口,通知用户我们的应用程序) 正在尝试使用网络,提示用户允许或拒绝访问。
This occurs with plenty of other apps (Spotify, to give one example), but ee'd like to prevent these popups from happening, as they can be a bit problematic for our users. Some Applications (MSN Messenger, GoogeTalk) operate without ever causing the Firewall to alert the user, and we'd like to do the same.
许多其他应用程序(Spotify,举一个例子)都会发生这种情况,但我们希望防止这些弹出窗口发生,因为它们对我们的用户来说可能有点问题。某些应用程序(MSN Messenger、GoogeTalk)在运行时不会引起防火墙警告用户,我们也希望这样做。
We've successfully done this on Windows XP by having our installer write appropriate registry keys at:
通过让我们的安装程序在以下位置编写适当的注册表项,我们已在 Windows XP 上成功完成此操作:
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
However, this does not have the same effect on Windows 7 - the Firewall popups still take place.
但是,这在 Windows 7 上没有相同的效果 - 防火墙弹出窗口仍然会发生。
Any ideas how we can do this? (Our installers and software are all digitally signed.)
任何想法我们如何做到这一点?(我们的安装程序和软件都经过数字签名。)
Thanks Tom Davies
感谢汤姆戴维斯
回答by Kevin Kibler
You can add exceptions to Windows Firewall by shelling out to netsh, a utility built into Windows, but the utility works differently on Windows XP and Windows 7. Here are the commands I used:
您可以通过对netsh(Windows 内置的实用程序)进行炮击来向 Windows 防火墙添加例外,但该实用程序在 Windows XP 和 Windows 7 上的工作方式不同。以下是我使用的命令:
Windows XP:
视窗 XP:
add:
netsh firewall add allowedprogram mode=ENABLE profile=ALL name=[exception name] program=[program path]
添加:
netsh firewall add allowedprogram mode=ENABLE profile=ALL name=[exception name] program=[program path]
remove:
netsh firewall delete allowedprogram profile=ALL program=[program path]
消除:
netsh firewall delete allowedprogram profile=ALL program=[program path]
Windows 7:
Windows 7的:
add:
netsh advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=[in|out] name=[exception name] program=[program path]
添加:
netsh advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=[in|out] name=[exception name] program=[program path]
remove:
advfirewall firewall delete rule profile=any name=[exception name]
消除:
advfirewall firewall delete rule profile=any name=[exception name]
回答by Christopher Painter
I actually advise against making this an installer issue for several reasons:
我实际上建议不要将此作为安装程序问题,原因如下:
There are multiple software firewalls out there; you can't code and test for all of them.
Some (such as the built-in windows firewall ) have API's that won't allow you to configure port exceptions when the FW is disabled.
If the user later enables the FW you are hosed again.There could be external firewalls that still get you.
那里有多个软件防火墙;你不能对所有这些进行编码和测试。
某些(例如内置的 Windows 防火墙)的 API 不允许您在禁用 FW 时配置端口例外。
如果用户稍后启用 FW,则您将再次受到攻击。可能有外部防火墙仍然可以帮助您。
Instead I prefer to make this a documentation effort so that users and administrators are fully aware of the networking requirements. I once had to goole Apple's website to figure out what ports iTunes needed and I swear to God they made it really hard to find as they tried to soften everything up for consumers.
相反,我更愿意将此作为文档工作,以便用户和管理员充分了解网络要求。我曾经不得不通过谷歌 Apple 的网站来找出 iTunes 需要哪些端口,我向上帝发誓他们很难找到,因为他们试图为消费者软化一切。
However, if you want to give it a best faith effort in the install, WiX has a Custom Action extension for interacting with the firewall rather then writing your own Custom Action. Even if you are using another tool such as InstallShield, you can wrap this behavior up in a WiX merge module and then consume it with your primary tool of choice.
但是,如果您想在安装中尽最大努力,WiX 有一个自定义操作扩展,用于与防火墙交互,而不是编写您自己的自定义操作。即使您正在使用其他工具(例如 InstallShield),您也可以将此行为封装在 WiX 合并模块中,然后使用您选择的主要工具来使用它。
You can read about it here at:
您可以在此处阅读有关它的信息:
and
和
回答by Ana Betts
In your installer (i.e. as elevated admin), you need to write code to access the Windows Firewall APIsand add your app as an exception
在您的安装程序中(即作为提升的管理员),您需要编写代码来访问Windows 防火墙 API并将您的应用程序添加为例外
