Process Hacker Discussion Forum

 
David Xanatos
Member
Posts: 17
Joined: 25 May 2019 06:55

Is there a way to get the PID in the firewall tab?

18 Aug 2019 05:51

I was trying out the firewall plugin yesterday, an noticed it does not show the PID of of the logged events,
it seams that FwpmNetEventSubscribe does not provide that at a first glance, what a major fail on MSFT's side, why wouldn't they provide that?!
or is there some undocumented way to get the PID for these events?

Cheers
David X.
 
User avatar
dmex
Admin
Posts: 1695
Joined: 17 Jan 2011 05:43

Re: Is there a way to get the PID in the firewall tab?

09 Feb 2020 04:42

David Xanatos wrote: 18 Aug 2019 05:51
it seams that FwpmNetEventSubscribe does not provide that at a first glance, what a major fail on MSFT's side, why wouldn't they provide that?!
The BFE (Base Filtering Engine) is lower in the stack than processes and firewall rules are properties of the ethernet header and the data frame (TCP/UDP) rather than the individual process.
David Xanatos wrote: 18 Aug 2019 05:51
is there some undocumented way to get the PID for these events?
No. The firewall events are filtered/handled long before reaching the process.