Windows

How to Enable WMI Traffic Using Separate Rules for DCOM, WMI, Callback Sink and Outgoing Connections

Feature-Image

If you want to enable or disable a particular Windows management Instrumentations (WMI) traffic rule, you can use a special command that targets only the service you wish to activate or deactivate. To enable or disable all WMI traffic rules at once see Remote WMI Connection: How to Enable or Disable WMI Traffic at Command Prompt Using WMI Rule Group, you can also see how to Enable or Disable WMI Traffic Using Firewall UI. Here are other related guides: Windows Management Instrumentation: WMI CommandsMDM Bridge WMI Provider and Windows 10 MDM Capabilities, to know what software is installed on a system, see how to query a list of installed programs in Windows via Windows Settings, Control Panel, WMIC, PowerShell and Windows Registry, and How to setup and configure Remote Desktop Services via Standard Deployment on Windows Server.

In this guide, we will see how to enable and disable specific WMI traffic rules through the command prompt.

Enabling WMI Traffic Using Separate Rules for DCOM, WMI, Callback Sink, and Outgoing Connections

To use separate commands for each DCOM, WMI service, and sink, open the Start Menu by pressing the Windows key on your computer, then search for cmd and run the command prompt as administrator.

Image5-4

Then, to enable particular WMI traffic, copy and paste any of the commands listed below. To establish a firewall exception for DCOM port 135, use the following command :

netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135
Image8-1

This command returns OK, which indicates that the operation was successful. To establish a firewall exception for the WMI service, use the following command:

netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any
Image2-1

This command returns OK, which indicates that the operation was successful. To establish a firewall exception for the sink that receives callbacks from a remote computer, use the following command:

netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot%\system32\wbem\unsecapp.exe action=allow
Image3-2

This command returns OK, which indicates that the operation was successful.

To establish a firewall exception for outgoing connections to a remote computer that the local computer is communicating with asynchronously, use the following command:

netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any
Image4-4

This command returns OK, which indicates that the operation was successful.

How to Disable WMI Traffic Using Separate Rules for DCOM, WMI, Callback Sink, and Outgoing Connections

Run the command prompt as administrator. Then copy and paste any of the commands listed below to disable a specific WMI traffic rule. To disable the DCOM exception:

netsh advfirewall firewall delete rule name="DCOM"
Image5-2

The command returns Deleted 1 rule(s), then Ok. To disable the WMI service exception:

netsh advfirewall firewall delete rule name="WMI"
Image6-3

The command returns Deleted 1 rule(s), then Ok. To disable the sink exception:

netsh advfirewall firewall delete rule name="UnsecApp" 
Image7-3

The command returns Deleted 1 rule(s), then Ok. To disable the outgoing exception:

netsh advfirewall firewall delete rule name="WMI_OUT"
Image8-2

The command returns Deleted 1 rule(s), then Ok.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x