BUG: BD Firewall prevents visiblity of SMBv1 server in Win10
I've been chasing down this issue since New Years day, and I finally have conclusive proof that the problem is caused by Bitdefender Firewall (so what else is new?).
The situation backstory involves the presence of two media players (Oppo BDP-103 and Oppo UDP-203), as well as my LG OLED C9 "smart TV", all of which have the ability to "browse" the drives/folders/files of SMBv1 servers (located on PC's) on the LAN. My LAN includes two Win7 desktop PCs and three Win10 laptops.
To facilitate media on the PC's being played (to TV and sound system) through the Oppo players, all five of my PC's have had their "advanced sharing" set to "enable streaming media" which facilitates their acting as a "media server". The Oppo players understand this technique and act as a "media client", through which all content located in the folders on the PC which are included in the PHOTO, MUSIC, and VIDEO Libraries are accessible via the Oppo players. Files which are not located in folders included in these three Library definitions are not accessible from the Oppo using this technique.
But the Oppo players also have the ability to act as if they were a generalized "Windows Explorer" application, able to browse and retrieve (for viewing or playing to TV and sound system) ALL of the shared drives/folders/files on any PC which is running an SMBv1 server application (which is the "partner" to this "file browser client " running on the Oppo players. Win7 has support for SMBv1 built into it, but it's not enabled by default. However it's a simple task to enable SMBv1 file sharing. Win10 also support for SMBv2 and higher built into it, but it is also a simple task to "add the optional feature" of SMBv1 file sharing into Win10. And I have done just this, enabling SMBv1 support on both my two Win7 desktops as well as my three Win10 laptops. This therefore provides access to ALL of the drives/folders/files of all five PCs for viewing/playing media files using the Oppo players, no matter whether this data is in a folder that is defined as part of a Library or not.
That's the background. Now for the problem description: when BD Firewall is active, the three SMBv1 servers running on my three Win10 laptops ARE NOT VISIBLE TO THE OPPO PLAYERS, so that none of the shared media data on these Win10 laptops is accessible to the Oppo playerst!! But all I have to do temporarily (or permanently!!) turn off Firewall in Protection, and bingo! the three SMBv1 servers now become visible and full browser functionality by the Oppo players operates normally.
This doesn't seem to be an issue with SMBv1 as implemented in Win7. The SMBv1 server running on my Win7 desktops seem to be accessible from the Oppo players no matter whether BD Firewall is enabled or disabled. This issue only seems to affect SMBv1 as implemented in Win10.
Here is the proof. First, a pair of images showing the "Network" as seen by the Oppo player, one with BD Firewall enabled on one of my laptops named T495T2 and the second with BD Firewall disabled on the same laptop. When BD Firewall is enabled on T495T2, the SMB server object for T495T2 DOES NOT APPEAR (i.e. there are only 14 network objects shown). When BD Firewall is disabled on T495T2, the SMB server object for T495T2 DOES APPEAR and there are now 15 network objects shown.
The second pair of images is the output of a neat utility named "Lan Scanner" (i.e. Lanscan.exe) which queries, sorts, and then enumerates all VISIBLE network objects identified by their Windows "workgroup" name, also showing their computer name, IP address, and MAC address. The method of query us through the repeated use of the NETBIOS command: NBTSTAT -a <computer-name>, where each <computer-name> is from the list returned through the NET VIEW command. This is all done internally by Lanscan.exe with the output presented in a very nice tabular format.
Note from this pair of images that once again, when BD Firewall is enabled on T495T2 the output of Lanscan.exe (run from any other machine on the LAN, other than T495T2) fails to show the expected information for T495T2 (because the PING to T495T2 which is part of NBTSTAT fails, caused by BD Firewall on T495T2). But when BD Firewall is disabled on T495T2, now the PING is successful and the information requested by Lanscan.exe is returned, processed, and presented properly.
Note from the Oppo network images that the "media server" present on all five PCs is apparently not impacted by BD Firewall. Regardless of whether BD Firewall is enabled or disabled (on both the two Win7 and three Win10 machines) each PC's "media server" enabled through the "streaming video" option of "advanced sharing" is still visible to the Oppo players. It's only the SMBv1 servers running on the three Win10 laptops whose visiblity seems to be impacted by BD Firewall. And again, the Oppo players only support SMBv1, not SMBv2, and that is why this BD defect is so impactful.
Comments
-
Does anybody have any idea how to perhaps code a proper firewall exception rule that will resolve this?
I really don't want to operate my Win10 machines without Bitdefender Firewall being active. But if I activate it I can no longer see the shared media files on the machine (via SMBv1 running on the machine) from other network machines, and this is not how it's supposed to be.
I've tried coding a rule "for all applications" specifying just the local LAN IP address (with no port) but that didn't make a difference. Only disabling firewall solves the issue, and so clearly the problem is coming from Bitdefender Firewall itself.
Please help, somebody?
NOTE: the sought-after elusive firewall rule which successfully solves the SMBv1 problem for Win10, may also solve a related problem for Win7. Again there is an active SMBv1 server in the Win7 environment. But complicating things further is the presence of a Ceton InfiniTV 6 PCIe TV tuner card which is accessed using its network address of 192.168.200.1. The six tuners are accessed ghrough this gateway of 192.168.200.1 as 192.168.200.2:8000, 192.168.200.2:8001, etc.
Obviously this PCIe card is a totally different subnet than the "real LAN" gateway of 192.168.1.1 and all of the other "real" network devices present.
Once again, if Bitdefender Firewall is enabled, this machine with its Ceton PCIe card (192.168.200.1) cannot respond properly, and its SMBv1 server is inhibited. But if (as in Win10) I simply disable Bitdefender Firewall, everything works perfectly and the PC is visible.
0 -
This problem still persists. Unfixed, and very annoying.
Also, I don't know why I had thought it only affected Win10 environments (where SMB1 is not supported by default, but can be manually re-activated using "customize features"). Turns out it also affects Win7 environments (where SMB1 is officially supported by default).
My Oppo players (both 103 and 203) cannot see any SMB servers (either Win7 or Win10) when BitDefender is installed and firewall protection is active.
If, instead, I just un-check firewall protection (to disable it, leaving the rest of BitDefender fully and normally operational), like magic my Oppo players can now see all of the Win7 and Win10 machines and network browsing and access by the Oppo's is now fully functional via SMB1 on all the PC's.
No excuse for this. And the problem still persists unfixed, umpteen months after first reported.
0 -
Ok. Finally solved this. I had been asking for a real "solution" for months since originally posting this, meaning I had been asking for either (a) a firewall rule which would provide the appropriate access, or (b) a FAQ or document reference which would give me the correct firewall settings I needed to implement in order to allow access to the Win10 PC's.
Today I accidentally clicked on "Protection" sub-forum for the 2019 BitDefender Total Security product, instead of this 2020 one. By sheer coincidence the very first article most recently posted there had to do with a very similar question. There was information there which has now been my long sought after answers to my own problems.
(1) The poster of the question had made reference to an FAQ support document I was totally unaware of. It was this document which mostly was helpful for my own very similar issue. But the FAQ article really was addressing the desire to access ANOTHER DEVICE on the network. My own situation had a similar need, but in fact to allow OTHER DEVICES ON THE NETWORK TO ACCESS THIS PC.
(2) That document kind of addressed opening up access to ANOTHER DEVICE, by setting up a firewall rule for it. Rather casually, but not explicitly, it also happened to describe what you should do to allow other devices to access this host PC on the LAN... but it wasn't really worded explicitly enough so that you would know that. But Alex (from BitDefender) had replied on that thread in the 2019 forum (though not on my own thread here in the 2020 forum, which would have been helpful to me) that described a subset of the total instructions described in the FAQ which was really all that was needed in order to allow what I was looking for, namely to allow other devices to access this PC.
The most common cause for this behavior is the way the Firewall was configured. In order to address this, please follow the steps below:
1. Bring up the Bitdefender interface and go to Protection
2. Use the switch to turn the FIREWALL on in case it was off, then click Settings under Firewall
3. On the Network Adapters tab use the drop-down menu next to the name of your network adapters to select Home/Office
4. On the Settings tab click Edit stealth settings, and switch off this feature for your network adapters.
And in fact, once I did that on each of my Win10 machines (on which SMB1 had already been previously enabled in "turn Windows features on or off", since by default SMB1 is NOT enabled in Win10 but can be enabled using "feature") sure enough I was now able to "see" those machines from the Oppo BluRay player (which only understands SMB1 protocol) on my network.
As it turns out, the additional instructions in the FAQ article which described setting up a firewall exception rule with a remote IP address for the other device to be accessed was unnecessary. The issue was allowing other devices on the network to see THIS host PC, and that was completely addressed by simply (a) setting the network adapter to "home/office' and then (b) editing stealth settings to OFF.
Turns out this was also true not only of Win10 machines (which required enabling SMB1, since it is disabled by default) but also to Win7 machines!! Win7 machines have SMB1 enabled, but once again I needed to configure BitDefender Firewall to show "home/office" for the network adapter and also to set "stealth settings" to OFF!!
So now I can see all of the PC'S on the LAN, both Win7 and Win10, from my Oppo BluRay player. All PC's now support SMB1, and the Oppo player can now see and browse all of the PC's as I'd wanted to do for a long time.
I believe I first posted this question on the 2019 forum and also never received an answer. When I was upgraded to 2020 I re-posted the same question on the 2020 forum, and still didn't receive an answer. I have now today, quite by accident, finally discovered all I needed to do to resolve my issue. Just a few simple tweaks in Firewall Settings.
0
