Windows Firewall service starts automatically after installing Windows XP Service Pack 3

Installation of Windows XP Service Pack 3 results in the Windows Firewall service being set to Automatic startup, regardless of its previous startup setting.

After installing Service Pack 3 for Windows XP, you may be surprised to see that both the Windows Firewall/Internet Connection Sharing (ICS) service and the Security Center service are started and set to Automatic startup type, even if you had previously set either of these services to Manual or Disabled.

Steps to reproduce this behavior:
1. Disable the Windows Firewall service on Windows XP SP2 either manually or via Group Policy.
2. Apply Windows XP SP3. The firewall service is changed to Automatic startup.

image

NOTE: If the service is administratively disabled via domain Group Policy, it will again be disabled after subsequent application of Group Policy. The automatic service startup should only be seen on the first reboot after applying Service Pack 3. To cause GPO settings to be updated immediately on a client, run gpupdate /force from a command prompt.

This is reproducible on a system with SP3 as well. If you disable the firewall service and reapply the service pack, the firewall service will be reset to Automatic startup.

This behavior is by design and is intended to increase the security posturing of Windows XP.

As part of the Trustworthy Computing initiative, we are all focused on decreasing the attack surface exposed on our operating systems and protecting users from ever increasing security threats. See more information about Microsoft’s commitment to Trustworthy Computing here –

http://www.microsoft.com/mscorp/twc/default.mspx

Windows XP SP2 users may have unadvisedly turned off the Security Center or Firewall service in the course of troubleshooting an issue or just to eliminate Security Center prompts to enable Automatic Updates, for instance. As part of its installation process, Windows XP SP3 sets these two security services to Automatic startup to address these security holes.

Prior to shipping XP SP3, this scenario was tested extensively by our Development team and was not found to cause issues of compatibility with third party firewalls or services. This change should serve to increase security of XP systems and should not cause problems in your environment. However, if you do find that it causes problems, we want to know about it. If you find that enabling these security services does cause specific compatibility issues in your environment, please provide us with details of the problems seen and we will investigate further to address the issues encountered. Please visit the link below to learn more about working with Microsoft Enterprise Support:

http://www.microsoft.com/services/microsoftservices/srv_enterprise.mspx

– Tim Quinn