Some applications trigger the firewall prompt “keep blocking this app” although they don’t need to open local ports. Which behaviour exactly triggers a prompt?
 Windows Firewall prompt gets displayed when an application is listening on a TCP socket or binding to a non-wildcard UDP port and that application does not match any rule in the firewall policy.

 Does the Windows Firewall team have a blog?
 They don’t currently have a blog dedicated to Windows Firewall, but there are two networking blogs that contain information about Windows Firewall - http://blogs.technet.com/ianhamer and http://blogs.technet.com/jleznek.

 Can be firewall settings separated for low privileged administrator and high privileged administrator?
 The firewall settings are set globally for the machine.

 The user interface for the Windows XP Firewall looked like it was bolted on as an afterthought. Any plans for an rapid-access icon on the taskbar in Vista so that power users can get to the firewall settings quickly?
 There is no added taskbar access for the Firewall It is available in the Control Panel, through Windows Security Center, and in Administrative Tools (access to the Windows Firewall with Advanced Security MMC)
 Will there be more features in Windows Firewall like some of the features Sygate Personal Firewall has?
 We are mostly feature complete for Windows Vista. If there are particular features that you are interested in, they would like to hear about them for future planning purposes.

 Will the new Windows Firewall check outgoing traffic by default?
 No, but it can always be configured to perform outbound filtering.

 Will there be an option to remove Windows Firewall completely, and not just disable it?
 The Windows Firewall service is performing other system critical functions in the operating system like Windows Service Hardening. If you remove/disable this service, you end up with a less secure operating system so this is not a supported feature. The correct way is to simply disable Windows Firewall if you want to replace it with a third party firewall.

 Can we expect a backport for Windows XP?
 At this time, there are no plans to backport the new functionality.

 How do you test if the new Windows Firewall is really secure?
 That’s a great question:
    1 Throughout the planning design and coding phases they use security development guidelines developed at Microsoft;
    2 For the testing phase, the Windows Firewall undergoes internal & external security testing focused testing.

 Can the Firewall block access to/from a single website/IP address?
 Yes, you can create firewall rules to block access to a single IP Address.

 What exactly is the network categorisation dialog trying to achieve? At least on build 5365 you could just close it (without selecting private or public) and nothing appeared to happen What do you need the information for?
 Windows Firewall with Advanced Security is a host-based firewall that filters both incoming and outgoing traffic. Windows Firewall with Advanced Security uses the Network Location-Aware feature is to let Windows Vista administrators define a level of protection based on the network to which the user connects. As mobile users roam from their corporate network to a Private network, or to a Public network such as an Internet cafe, Windows Firewall with Advanced Security can enable and disable connectivity or features such as:
• File and Print Sharing
• eHome Media Center Extender
• Windows Connect Now Devices
• PnP-X (plug and play for networked devices)
• Network Explorer
• Peer To Peer Discovery

To achieve this, Windows Firewall with Advanced Security uses three separate profiles for filtering traffic. The computer automatically detects the network connection and uses the appropriate profile. Windows Firewall with Advanced Security supports the following profiles:

Domain - The domain profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected to an Active Directory domain in which the computer is a member. For example, you might configure rules for the domain profile for the programs needed by a managed computer in an enterprise network. The Network Location Service controls when settings for a profile apply.

Private - The private profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected to a private network. For example, a mobile user might take their computer home and connect it behind a private gateway device (such as a router) on their home network. When Windows detects the network, a dialog box will appear.

Public - The public profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected directly to the Internet. For example, a laptop computer might be taken on the road and connect to the Internet using a public broadband or wireless Internet Service Provider (ISP) or hotspot. Because the laptop connects directly to the Internet, this profile should contain more restrictive settings than the domain or private profile. Again, an end-user with administrator privileges selects whether a connection is Private or Public. If a user does not have administrator privileges and connects to any new network, Windows Vista uses the Public profile, which contains the most restrictive settings

 I wanted to know what is the difference between System Restore from Windows XP and now the new Windows Vista? What features have been added and enhanced?
 There have been lots of changes in the firewall since Windows XP SP2. Here are some of the favourites:
    1 Outbound filtering
    2 Filtering on services
    3 Integration between IPSec and firewall (e.g. allow only secure or encrypted traffic)
    4 New MMC snap-in with advanced security options
    5 New APIs

 Does it apply to the IPv6 protocol also?
 Yes - it fully supports IPv6.

 Can you explain or give me a link to Windows Service hardening so I can understand and context it?
 Windows Service Hardening is a feature for services providers. Since services in Windows Vista can be identified by their unique SID and Windows Firewall can allow/block traffic to services based on their SIDs, services can be sand-boxed to only allow the traffic they were designed to support.

 If the Firewall service fails, will the Firewall go in to lockdown by default and deny all inbound requests?
 Correct, if the firewall service fails, the system goes into a lockdown state similarly to the state its in when the system boots up.

 Is the Windows Firewall team a separate team or a subgroup of the Security Team at Microsoft?
 The Firewall team is part of the security division at Microsoft,

 Is it possible to configure firewall “per user”?
 The Windows Firewall policy is configured per computer, not per user

 There is a demonstration relating to this article. Click here to view it.