Condividi tramite


Windows Firewall Is Turned off Every Time I Start My Computer

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

It is important to have a software-based firewall running on any computer that is connected to a network. Windows Firewall is included in the Windows Vista and Windows Server 2008 operating systems. If Windows Firewall is not running, and you think it should be, the following are possible causes:

  • Settings are managed by Group Policy

  • Windows Live OneCare is installed

  • Another (non-Microsoft) firewall program is installed

  • Another program is stopping Windows Firewall

Settings are managed by Group Policy

If your computer is connected to an organization’s network, then the network administrator might be managing some of the settings on your computer. For example, on a network that uses Active Directory Domain Services (AD DS), the administrator can use Group Policy to centrally configure computer settings. This means the user typically cannot change the settings. If Windows Firewall is managed on your network in this way, then the Windows Firewall Control Panel and the Windows Firewall with Advanced Security Microsoft Management Console (MMC) snap-in both display a banner similar to the following:

For more information, contact your network administrator about Group Policy settings that affect Windows Firewall.

Windows Live OneCare is installed

When Windows Live OneCare is installed, it disables Windows Firewall and uses a firewall that is included with and managed by OneCare instead. OneCare registers this firewall with the Windows Security Center as the firewall provided for your computer. You cannot enable Windows Firewall while the OneCare firewall is installed. Use Windows Security Center to confirm that a firewall program is installed and operating on your computer.

To use Windows Security Center to confirm that a firewall is running

  • The Windows Security Center runs in the background and monitors the state of security software on your computer. Start the Windows Security Center by clicking Start, and then typing Security Center in the Start Search box. Double-click Security Center when it appears on the Start menu.

    If Windows Security Center detects that a firewall is not present or is not turned on, then the Firewall section of the window is expanded, and displays a red banner with a warning that a firewall program was not detected.

    If Windows Security Center detects that a firewall is present and is not turned on, then the Firewall section of the window is highlighted in green, and is not expanded by default. If you click the green banner to expand the Firewall section, it displays information about the state of the currently active firewall program, similar to the following:

Note

The Windows Security Center only runs on client versions of the Windows operating system, such as Windows XP with Service Pack 2 (SP2) and Windows Vista with SP1.

Another (non-Microsoft) firewall program is installed

Windows Firewall is an important component in a “defense-in-depth” strategy in which multiple components are used in layers to help protect your computer. However, the use of multiple firewalls can cause problems. If the exception rules on both firewalls do not match exactly, then network traffic can be blocked, and programs will not work as expected. If you install a non-Microsoft firewall program, or if one was installed on your computer by the manufacturer, then that firewall program can disable Windows Firewall to prevent a conflict. If you want to continue to use the non-Microsoft firewall program, then keep Windows Firewall turned off.

If you want to continue to use the non-Microsoft firewall program and Windows Firewall together, then contact the program’s vendor to inquire if side-by-side use of these firewalls is supported, and if so, how to prevent the program from turning off Windows Firewall.

If you want to use Windows Firewall instead, uninstall the non-Microsoft firewall program, and then follow the steps in either of the following procedures.

To enable Windows Firewall by using Control Panel

  1. To remove the non-Microsoft firewall program, click Start, click Control Panel, and then in Control Panel Home, click Uninstall a Program. Click the non-Microsoft firewall program in the list, and then click Uninstall. Follow the directions on your screen to finish uninstalling the program.

  2. On the main Control Panel window, click Security, and then click Turn Windows Firewall on or off.

  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  4. In the Windows Firewall Settings dialog box, on the General tab, click On (recommended), and then click OK.

To enable Windows Firewall by using the Windows Security Center

  1. The Windows Security Center runs in the background and monitors the state of security software on your computer. If the Windows Security Center detects a problem, it displays a red shield icon in the notification area of the Start menu. Double-click the shield to open the Windows Security Center program. If the red shield icon does not appear, you can start the Windows Security Center by clicking Start, and then typing Security Center in the Start Search box. Click Security Center when it appears on the Start menu.

Note

The Windows Security Center only runs on client versions of the Windows operating system, such as Windows XP with Service Pack 2 (SP2) and Windows Vista with SP1.

  1. If Windows Security Center detects that a firewall is not present or is not turned on, then the Firewall section of the window is expanded, and a Turn on now button appears. Do one of the following:

    • To turn on Windows Firewall, click Turn on now, and then in the User Account Control dialog box, click Continue.

    • To find a firewall program from another software maker, click Show me my available options, and then click Go online to get a different firewall program.

      Internet Explorer will open to a page that displays links to security vendors that offer firewall software programs.

    • To turn off the warning (not recommended), click Show me my available options, and then click I have a firewall program that I’ll monitor myself. In the User Account Control dialog box, click Continue to approve the change.

Another program is stopping Windows Firewall

If you do not have another firewall program installed on your computer, you can enable security auditing to help identify what is turning Windows Firewall off. When security auditing is enabled, Windows generates additional events in the Event Viewer Security log. You can use this log to trace certain types of activity on your computer.

Before you can view the security auditing events, you must enable Windows to generate them. They are turned off by default. For more information, see Enable IPsec and Windows Firewall Audit Events.

To view the security auditing events

  1. Click Start, and in the Start Search box, start typing Event Viewer. Double-click Event Viewer when it appears in the Programs list.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  3. In the navigation page, expand Windows Logs, and then click Security.

  4. Look for events with numbers in the range of 4900 to the low 5000s that indicate that the firewall service (MpsSvc) was stopped. Open the event, and then click the Event Log Online Help link to determine why the service stopped, and how to get it started again.

    Some of these events are shown in the following table:

    Event ID Event text

    5029

    The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. Error Code: %1

    5030

    The Windows Firewall Service failed to start. Error Code: %1

    5025

    The Windows Firewall Service has been stopped.

    If one of these events appears in the Security log:

    • In Event Viewer, click the Event Log Online Help link at the bottom of the event description window. For many events, additional information, including diagnostic and troubleshooting procedures specific to that event, is available.

    • Examine other events that are logged immediately before and after the event you found, including events that are found in the other logs. Other events that happened at or near the same time can sometimes indicate reasons for the failure. Use the Filter Current View option to see events that were logged within a specified time window from some or all of the logs.