8

I'm trying to delete a Windows Firewall rule from command line using netsh. I'm trying with the below syntax; however, it is not working for me result wise.

netsh advfirewall firewall delete rule program="C\Program Files (x86)\utorrent\uTorrent.exe"

What is the correct syntax for this? I am using Windows 7 Ultimate 64-bit.

Vomit IT - Chunky Mess Style
  • 40,038
  • 27
  • 84
  • 117
Riccardo La Marca
  • 243
  • 1
  • 4
  • 18

3 Answers3

13

Don't use the "Program" parameter and value, use "Rule" name in the delete statement.

You can run netsh advfirewall firewall show rule status=enabled name=all or perhaps netsh advfirewall firewall show rule status=enabled name=all | FIND /I "uTorrent" to get a list of the rules that are enabled to help location the actual name of the rule.

Once this is determined, you can run netsh advfirewall firewall delete rule name="<Rule Name>" and plug the name of the rule in accordingly for it to remove that rule.

Examples

Create a rule with the name "IP Block"

netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=<IPaddress>/32

Delete a rule with the name "IP Block"

netsh advfirewall firewall delete rule name="IP Block"

Further Resources

Vomit IT - Chunky Mess Style
  • 40,038
  • 27
  • 84
  • 117
4

None of your attempts contains a correct rule name.

If not supplying a distinct rule name use (according to this help ) name=all in combination with program="C:\Program Files (x86)\utorrent\uTorrent.exe" 

netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\utorrent\uTorrent.exe"

name = { all | RuleName }
Required.  You can specify one of the following values:

  • The rule name of the connection security rule you want deleted.
  • all.  Specifies that all rules matching the criteria in the other parameters are deleted.  If no other parameters are included in the command then all connection security rules are deleted.
G-Man Says 'Reinstate Monica'
  • 7,678
  • 22
  • 41
  • 87
LotPings
  • 7,011
  • 1
  • 15
  • 29
  • Thank you so much! I don't able cast positive vote, but this delete multiple rules in one shot and is much more affidable. But this not delete the voice in ...................HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules. Why? – Riccardo La Marca Aug 05 '17 at 14:40
  • This works only on............HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules.................and not for.............HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules............................Not work on: ControlSet002............................Work on: ControlSet001 – Riccardo La Marca Aug 05 '17 at 14:51
  • AFIK the currentcontrolset is mapped to only one of the controlsets. [Cite from this Q&A](https://stackoverflow.com/questions/291519/how-does-currentcontrolset-differ-from-controlset001-and-controlset002): `you only need to update the CurrentControlSet key... ControlSet001 and ControlSet002 are alternating backups of CurrentControlSet, you don't need to update them. The other key is kept as a backup for the Load Last Known Good Configuration boot option.` – LotPings Aug 05 '17 at 14:54
  • How is update backup of controlset002? – Riccardo La Marca Aug 05 '17 at 15:19
  • How do I upgrade controlset002?* – Riccardo La Marca Aug 05 '17 at 15:25
  • Don't interfere with the windows mechanisms. The other controlset represents a former consistent state of your installation. It doesn't make sense to tamper with this consitency by loading this hive and manipulating it. **So don't update it** – LotPings Aug 05 '17 at 15:25
  • Try at restart my sistem. – Riccardo La Marca Aug 05 '17 at 15:26
  • ControlSet002 has been updated automatically after the system restarts. How can I avoid restarting windows to update it automatically? – Riccardo La Marca Aug 05 '17 at 15:40
  • I don't understand that request, you want to update but not on a reboot? You should completely ignore the `ControlSet00x` and **only** refer to the `CurrentControlSet` – LotPings Aug 05 '17 at 15:45
  • currentcontrolset link only controlset001 and not controlset002. Delete uTorrent from firewall for controlSet002 happens only if I restart the system and only if utorrent is not present on ControlSet001. Is there a way to do it avoiding reboot the system? – Riccardo La Marca Aug 05 '17 at 15:47
2

I have found another powerfull solution:

@echo off
setlocal EnableExtensions DisableDelayedExpansion
REG EXPORT "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" "%TEMP%\RegBackup.reg" /y > NUL 2> NUL
TYPE "%TEMP%\RegBackup.reg" | FINDSTR /i /v torrent > "%TEMP%\RegBackupNew.reg"
REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /f /va > NUL 2> NUL
REG IMPORT "%TEMP%\RegBackupNew.reg" 2> NUL
REG EXPORT "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" "%TEMP%\RegBackup.reg" /y > NUL 2> NUL
TYPE "%TEMP%\RegBackup.reg" | FINDSTR /i /v torrent > "%TEMP%\RegBackupNew.reg"
REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /f /va > NUL 2> NUL
REG IMPORT "%TEMP%\RegBackupNew.reg" 2> NUL
DEL /q "%TEMP%\RegBackup.reg" 2> NUL
DEL /q "%TEMP%\RegBackupNew.reg" 2> NUL
endlocal
Riccardo La Marca
  • 243
  • 1
  • 4
  • 18
  • I think your approach is too vast. Better were to export and filter with torrent and delete these keys, this ways leaving the majority of rules untouched. – LotPings Aug 15 '17 at 14:23