Windows Firewall doesn't start on startup

Yesterday I uninstalled ZoneAlarm with no problems, and decided to go with the built-in SP2 Firewall, because I thought it would be simpler and take up less resources. Big mistake, it turns out.

The firewall works fine when I enable it and for as long as I keep my compy on, but whenever I restart, Security Center pops up and says "No firewall detected "; when I check, Windows Firewall is in fact enabled but NOT protecting my LAN connection (under the Advanced tab, the little box next to "Local Area Network" is unchecked). So I click the box next to Local Area Network, and everything works fine until I restart again. Rinse and repeat.

I have the latest update of McAfee/Spybot/Ad-aware/Windows Update. I've checked services.msc to confirm that the "Windows Firewall/ICS" service is set to Automatic and actually running.

Any ideas what might be causing this?

 

danep--Uninstalling Zone Alarm can be a problem and there are detailed instructions for doing it, BUT
I would rather suggest that you reinstall ZoneAlarm (if you can) and then shut off Windows Firewall. Windows Firewall monitors only incoming traffic, but does nothing about monitoring outgoing traffic. ZA monitors both.
If you are successful in reinstalling ZA, then turn off Windows Firewall from Control Panel|Windows Firewall. MS is correct that you should only have one firewall running, but ZA is the better firewall.
If you cannot reinstall ZA, post back.

 

I'm on a managed network, running up-to-date VirusScan and spyware software, and smart enough to know what I should and shouldn't be downloading, so I'm really not too worried about spyware slipping my personal information past a firewall that doesn't block outgoing traffic. ZoneAlarm is overkill and simply one more program to have to manage for me.

At any rate, I think upon further inspection that the problem has little or nothing to do with ZoneAlarm. I reinstalled, then re-un-installed it using the instructions on the Zonelabs site, and manually deleted any remnants from the registry, and still the problem persists. In fact, even when it was installed, and Windows Firewall was completely disabled, that little check box next to "Local Area Connection" would uncheck itself whenever I restarted, while the other two (for my Firewire ports) remained checked.

The fact that the same symptoms persist whether or not ZA is installed makes me think it's unrelated. Any other thoughts?

 

To clarify, when I run

Code:

>netsh firewall show opmode

Here is the output:

Code:

Domain profile configuration:
-------------------------------------------------------------------
Operational mode                  = Enable
Exception mode                    = Enable

Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode                  = Enable
Exception mode                    = Enable

Local Area Connection 3 firewall configuration:
-------------------------------------------------------------------
Operational mode                  = Disable

1394 Connection firewall configuration:
-------------------------------------------------------------------
Operational mode                  = Enable

1394 Connection 2 firewall configuration:
-------------------------------------------------------------------
Operational mode                  = Enable

And this is consistent whether OR not ZoneAlarm is installed.

 

Bump. I'd very much like to avoid reformatting/keeping ZoneAlarm. Yes Microsoft *****, and yes it has security holes, but it's good enough for my purposes, and the fact is that the Windows Firewall *service* is always running, regardless of whether or not you use it (or in my case, configured correctly). So if you're already on a relatively secure network, it doesn't make sense to have a separate application chewing up processor time and memory.

 

Rooting around WF's info, found this in the Help & Support Applet:

This sound very much like what you're experiencing.

Have you tried toggling the service?

Go into WF's Advanced tab > Security logging and turn logging on - see if it does any logging after that.

Regards - Charles

 

That's exactly it...I can turn on all of the individual connections, but when I restart "Local Area Network" is somehow always turned off.

I enabled security logging, but there doesn't seem to be any useful information there. It just logs dropped packets and such, not the status/errors/events of the firewall service itself.

 

Hi danep,

The reason I asked you to turn on logging was to see if WF was firewalling the individual connections.

Go here for MS's trouble shooting doc on WF - and for networking which is the issue here http://www.microsoft.com/downloads/...46-131d-4617-bf68-f0532d8db131&DisplayLang=en

Regards - Charles

 

Ahh ~ I checked again, and when it says it's not firewalling the connection, it's telling the truth. When the computer is first turned on, but before it finishes booting, and its failsafe startup policy is running, the log shows connections being filtered. Once Windows Firewall has finished loading, there is no log of any connections being made. And once I enable LAN-specific protection, it once again starts logging connections.

Oh well...sounds like I'm headed back to ZA. Thanks for the help anyways.