communication to non listened port is silently dropped

Document ID : KB000007121
Last Modified Date : 11/07/2018
Show Technical Document Details
Issue:

Communication to port that is not listened by any processes is silently dropped on Privileged Identity Manager (PIM) server.

Environment:
PIM 12.8 SP1 / Windows 2012 or later
Cause:

PIM driver (drveng) uses Windows Filtering Platform (WFP) to intercept network access.

When using WFP, communication to non-listening port is silently dropped by WFP.

On application that communicates to non-listening port and expects the response from it, the application may not work correctly as the response doesn't return due to this behavior.

As this behavior is OS design and cannot be disabled, this is product limitation at this time.

Resolution:

A. stop PIM and PIM driver temporary

1. stop PIM and PIM driver

¥> secons -s
¥> net stop seosdrv
¥> net stop drveng

2. communicate to non-listening port by application

3. start PIM and PIM driver

¥> net start drveng
¥> net start seosdrv

¥> seosd -start

B. disable network interception

1. stop PIM and PIM driver

¥> secons -s
¥> net stop seosdrv
¥> net stop drveng

2. add (modify) registry key/value

Add "Parameters" key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drveng if it doesn't exist
Add "DisableNetworkInterception" as REG_DWORD in Parameters key if it doesn't exist and set 1 to the value

3. start PIM and PIM driver

¥> net start drveng
¥> net start seosdrv

¥> seosd -start

Additional Information:

When setting 1 to DisableNetworkInterception, network interception is disabled and network control by HOST/CONNECT/TCP class doesn't work.

Changing application behavior, not to communicate to non-listening port also can be a workaround. In this case, above workaround on PIM is not required.