Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Fokke Nauta Newsgroups: alt.comp.os.windows-11 Subject: Re: Can't connect to laptop Date: Mon, 28 Apr 2025 16:09:44 +0200 Lines: 115 Message-ID: References: <19dpvj20hqpzx$.dlg@v.nguard.lh> <12ms3gulh2znv$.dlg@v.nguard.lh> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net eT8vRVpZBSPYWjgod47dRwtL4WnOiHvXj9o5KEbCKvnIJAQsvs Cancel-Lock: sha1:vGVnWFkV9LAzJbDVgs86Bymt72k= sha256:xOOxCfDXXCqMrkdfc54n0yQExVVu3XeNPLFNUWxp4sk= User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Content-Language: nl In-Reply-To: Xref: csiph.com alt.comp.os.windows-11:18770 On 28/04/2025 15:37, VanguardLH wrote: > Fokke Nauta wrote: > >> On 28/04/2025 04:54, VanguardLH wrote: >>> Other than Windows Defender, is she running some 3rd-party anti-malware >>> software? Many AV programs include firewalling features. >> >> BitDefender is installed. Could that be the reason? > > Possibly. I've only trialed the free version of Bitdefender which does > not have all the features of the paid version. > > https://www.bitdefender.com/en-us/blog/hotforsecurity/free-vs-paid-security-software-which-is-better-for-you > > That notes the paid version includes a firewall. Is she using the free > or paid version? The paid version is installed. And there is a firewall indeed, but I couldn't find how to disable that. Or I should uninstall BitDefender. > > I don't remember if the free version had a "disable" feature where you > could temporarily disable Bitdefender Free while troubleshooting. I > would a paid version to have such an override. Check if you can disable > Bitdefender. Because AV software digs deep into the OS, you may have to > check if it has a disable that survives a reboot of Windows, so the AV > is not active when Windows starts. Some AVs have the override during > the current Windows session, but a reboot has them active again. > > https://www.bitdefender.com/consumer/support/answer/28557/ > > Personally I would prefer one option that would disable all of the AV > program, and it would remain disabled even after a reboot, but that > might weaken the protection (even for itself). Most, maybe all, AVs run > proxies through which to interrogate network traffic. Even if you > disable the AV, likely the traffic still has to pass through their > proxy. If their proxy is screwing up the networking, it could continue > screwing it up when the interrogation is disabled. That's why a reboot > is needed, and where the AV doesn't restart itself, to ensure ALL of the > AV is out of the way during troubleshooting. > >>> Without a 3rd-party helper (to present prompts on all connect attempts) >>> or change the default behaviors of the Windows Firewall, the defaults >>> are: >>> >>> Firewall state: On >>> Inbound connections: Block >> >> In the private profile this is allowed. > > Oops, I forgot that I'm using the Public networking profile which bars > all the file/folder sharing stuff. Yes, all oyr pc's and laptops use the private profiles. > >> >>> Outbound connections: Allow >> >> All are. > > Because all inbound and outbound connections are allowed, you would > never get a prompt that something wants to make a connection, but that > seems to be how you want your computer, or hers, to operate. I would > suspect that means there should be no Block rules in Windows Firewall > (those having a red hazard icon). No, there are no Block rules. > >>> Logging: You could enable to see if something shows up when you are >>> trying to connect to her computer. >> >> It says it can't find the log file. > > Probably one of those features that get enable during Windows startup. > However, since EVERYTHING in or out is allowed without any prompt to the > user, not sure that anything would get logged. Nothing gets blocked. > > When you click on Customize for the Logging option, the next dialog > shows where will be the log file. The default is: > > %systemroot%\system32\LogFiles\Firewall\pfirewall.log I'll have a look at that. > > but you can change to save elsewhere. This dialog doesn't create the > log file, so I don't understand why you say it cannot find it unless you > changed from the default, but specified an invalid location. The > logfile probably doesn't get created until there is something to log, so > may "can't find" meant you tried to open the logfile in Notepad before > it got created. > > In the Event Viewer (eventvwr.msc), look under Applications and Services > Logs/Microsoft/Windows/NetworkProfile. A 4004 event gets logged > whenever there is a network connection or re-identified. Under the NCSI > node, 4042 events indicate the network discovery tool awakened to > determine if the computer is on an Internet connection, on a domain > network, or behind a captive portal. After power up I found 3 4004 events. Happend more times. > > Back on the compmgmt.msc tool ran on her computer, did it list any > shares (to which you or the "other pc's" can connect)? Finding the > computer doesn't mean it is sharing anything. Yes, indeed. 2 Folders that I shared, and 3 others ending with $. > > Something I just remembered is that some firewalls in cable modems, > switches, or routers can restrict which hosts can connect to which. > That is, all the hosts may be allowed Internet access, but not allowed > to connect to other intranet hosts. You'd have to visit the internal > web server in the switch/router/modem to see how it is configured. No problems here. Every host is accessable. Fokke