Community
User Guides
Support
Community
Help Forums
English Forum
General
About our Community
General Discussion
News and Feedback
Products
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Beta programs
Feature Requests
Finnish Forum (Tukifoorumi)
Tuotteet Kotiin
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Muut tietoturvatuotteet
Support Articles
Language
English
Suomi
Deutsch
Français
日本語
Svenska
Dansk
Italiano
Nederlands
Norsk
Polski
中文 (繁體)
Products & Services
F-Secure TOTAL
F-Secure SAFE / Internet Security / Anti-Virus
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Common topics
User Guides
Support
Login
|
Register
Why is there a large amount of Port Scanning Prevention Filter entries in F-Secure firewall blocks.log? - F-Secure Community
<main> <article class="userContent"> <h3 data-version="6" data-article="000012637" data-id="issue">Issue:</h3> <p>This article applies to the following F-Secure products: F-Secure Client Security 14.x / 15.x, , F-Secure Server Security 14.x, / 15.x and Elements Endpoint Protection products<br><br>I am seeing a lot of the following entries in the firewall blocks.log:<br></p><pre class="code codeBlock" spellcheck="false" tabindex="0"><br>[xxxx.xxxx] I: Type: FWPM_NET_EVENT_TYPE_CLASSIFY_DROP. Dropped by filter: Port Scanning Prevention Filter, This filter prevents port scanning. This many times means there are no listeners. If debugging ensure your scenario has one.</pre> <br>The connection parameters vary, with different local/remote ports and IP addresses. Do I need to modify my firewall rules for these massages to disappear? <h3 data-id="resolution">Resolution:</h3> <p></p><p>These log entries are associated to the <a rel="nofollow" href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd448557(v=ws.10)">Stealth mode</a> mechanism in Windows Firewall with Advanced Security. It is a built-in functionality, which silently drops outgoing ICMP unreachable and TCP reset messages, to prevent port scanning. This functionality reacts when there is no process listening on the port, which is targeted by the incoming request/traffic.<br><br>You can refer to this Microsoft Technet <a rel="nofollow" href="https://social.technet.microsoft.com/wiki/contents/articles/18591.windows-firewall-port-scanning-prevention-filter.aspx">article</a> for more information about this functionality.</p> <p>Article no: 000012637</p> </article> </main>