Windows Defender Firewall works fine in Windows 10. Immediately after an upgrade to Windows 11 Firewall loads and works. After a reboot the Firewall will not load. There is no other firewall installed. Any selection in Control Panel Windows Defender produces an error. Windows Defender Firewall Service is continually toggling between "Running" and "Starting". All network selections in Windows Security/Firewall Network and Protection are grayed our. Any attempt to poll Defender status in command prompt produces an error.
Windows 11 Defender Firewall Will Not Load
- Thread starter Sparky
- Start date
Peradectes
New member
- Joined
- Nov 14, 2021
- Messages
- 4
- Reaction score
- 0
Hi Sparky, I have exactly the same problem on an ASUS Z390-F mainboard. I have installed Windows 11 three times and tried a lot to solve this problem (for example 1) DISM /Online /Cleanup-Image /RestoreHealth 2) sfc /scannow) but nothing succeeded. The eventlog says many many times "The Windows Defender Firewall service terminated with the following service-specific error: The parameter is incorrect. (EventID 7024). So I switched back to Windows 10. A solution for this problem would be VERY helpful. I will never run a system without using a firewall.
Sir Vagus Mus
Member
- Joined
- Nov 9, 2021
- Messages
- 20
- Reaction score
- 5
I had this issue after a Win 10 to Win 11 upgrade; so I tried a clean install and the Windows Defender/Firewall bugs were fixed. It seems to be a issue caused by upgrading.
Peradectes
New member
- Joined
- Nov 14, 2021
- Messages
- 4
- Reaction score
- 0
Thank you for this information. A clean install is absolutely impossible for me because my system has grown for years with many applications. Some of them are not even available any longer and many would ask for a new license key! So I must wait until Microsoft or a windows wizard posts the solution.
Peradectes
New member
- Joined
- Nov 14, 2021
- Messages
- 4
- Reaction score
- 0
I have switched back to Windows 10 and did not try again to solve the problem because the switching between Windows 10 and 11 is very time consuming (my system is bigger than 200 GB). Maybe I will start researching again when Microsoft has released the februar update. I hope the problem has disappeared ...
)Hi, did anyone figure this out, I have started getting this now. Believe its something to do with an update. I might enroll in to the insider programme again to see if anything in there fixes it. I can not bothered going back to Win10 too many apps etc.. to reinstall.
While I'm glad to find out others have had the exact same issue, it's very frustrating that there's so few mentions of it everywhere I've searched. Something that worries me though (but may be purely coincidence) I also have an ASUS board. ROG STRIX B365-G*.
Just to confirm it's the exact same issue: Upgraded from Windows 10 to 11 and everything was fine on the first boot. Next boot
(But then a secondary issue of the Start Button breaking every time Windows Update ran and being unable to install Windows Terminal and other apps from the Microsoft Store. When I traced this back to the the firewall in an error state incorrectly reporting that the system was shutting down and the Store would immediately stop downloading/installing... I gave up.)
So I'm back on Windows 10. *Just to check if it was hardware related though I took an image on Windows 11 before I blew it away and opened in Hyper-V and was still getting the exact same issues. Maybe next I'll open an image of my Win 10 in Hyper-V and perform and upgrade there and see what happens but I've spent so much time on this already.. It's a shame because apart from the firewall and Start button issues the rest of Windows 11 ran great on my hardware.
Just to confirm it's the exact same issue: Upgraded from Windows 10 to 11 and everything was fine on the first boot. Next boot
- Settings > Windows Security > any setting produces error "You'll need a new app to open this windows defender link"
(A repair reinstall or Win 11 followed by running Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage fixed this) - Could access the settings now, but I still couldn't turn firewall on. "Windows Defender Firewall can't change some of your settings"
- System Event Log reports "The Windows Defender Firewall service terminated with the following service-specific error: The parameter is incorrect." Event 7024
- Windows Defender Firewall Service continually toggling between "Running" and "Starting". The services/drivers it depends upon like "Windows Defender Firewall Authorization Driver" are all ok though.
- The usual DISM and SFC fixes did nothing, but a repair reinstall of Windows 11 either from the ISO (tested 3 times both with and without Check for Updates selected) or from the online Installation Assistant (tested once) had the same result: Firewall after the upgrade, but broken after a reboot.
(But then a secondary issue of the Start Button breaking every time Windows Update ran and being unable to install Windows Terminal and other apps from the Microsoft Store. When I traced this back to the the firewall in an error state incorrectly reporting that the system was shutting down and the Store would immediately stop downloading/installing... I gave up.)
So I'm back on Windows 10. *Just to check if it was hardware related though I took an image on Windows 11 before I blew it away and opened in Hyper-V and was still getting the exact same issues. Maybe next I'll open an image of my Win 10 in Hyper-V and perform and upgrade there and see what happens but I've spent so much time on this already.. It's a shame because apart from the firewall and Start button issues the rest of Windows 11 ran great on my hardware.
I ended up going to back Windows 10, I agreed with Jgers Windows 11 was great but not having a fix for the Firewall really annoyed me. Now on Windows 10, I ended up getting BitDefender as I don't trust Windows now. Never before I have got other A/V, malware software before.
I found a fix that worked for me. Following the thread from Event Viewer regarding "the parameter is incorrect," I went into the Registry Editor and checked out the Windows Defender Firewall Service's parameters:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\AppCs
For me, the DebugedLoopbackApps variable was corrupt, so I had to delete it, create a new one, and set the value to what it was in another working Windows 10 installation:
S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915,S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4043415302-551583165-304772019-4009825106
If you're having trouble modifying the register values, you need to set yourself as the owner in the Advanced permissions settings of the registry folder. Check the out the steps to do that here:
techlou.com
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\AppCs
For me, the DebugedLoopbackApps variable was corrupt, so I had to delete it, create a new one, and set the value to what it was in another working Windows 10 installation:
S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915,S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4043415302-551583165-304772019-4009825106
If you're having trouble modifying the register values, you need to set yourself as the owner in the Advanced permissions settings of the registry folder. Check the out the steps to do that here:
Fix "Unable to delete all specified values" In Registry - Techlou
The error "Unable to delete all specified values" is displayed when you do not have the required permissions to modify or delete a registry key. to solve this issue
techlou.com
Hmm, I‘m glad you posted this. After I posted in Feb I did indeed have another attempt and did also do something similar … although with the mpssvc key from another Windows 11 PC (instead of Win 10). BUT I don’t remember if I actually deleted any subkeys so perhaps it only merged and the corrupt one was still there? I’m definitely inspired to try it again now I think. Cheers!
By comparison to a newer laptop I determined the on my affected PC this particular registry key is corrupted as well. Unfortunately I can't change the ownership of the key. I cannot even see the current owner, even with running regedit in safe boot in the local Administrator. account. Any hint is welcome.
Meanwhile I figured it out. I had access to the "mpssvc" node and changed ownership and access from there down as described in the link.
The upgrade went through and the firewall is working!
Thank you very much @CZY3 !
BTW: Not that I like Windows 11 in any way, I just wanted to get beyond of the upgrade that will be mandatory in the future.
The upgrade went through and the firewall is working!
Thank you very much @CZY3 !
BTW: Not that I like Windows 11 in any way, I just wanted to get beyond of the upgrade that will be mandatory in the future.
So far so good here - and I worked out where I went wrong last time:
Looks like my Win10's DebugedLoopbackApps value is already corrupt before the upgrade. So this time around I used PSExec to run Regedit as SYSTEM (so I didn't need to mess around with ownership), changed the permissions on the AppCs key, deleted DebugedLoopbackApps and didn't replace/recreate it at all.
Then I set the permissions on AppC back to its original settings, restarted, and reinstalled Win11 with no issues.
Now unlike the last few times I tried the upgrade, Firewall remains working after reboots, Microsoft Store works, Start menu isn't freezing.
One thing that is making me nervous though: Every time I reboot I notice the same identical GUID S-1-15-2-490905099-2794809881-2632752266-3514030558-4166392763-3416490339-321513134 getting appended to DebugedLoopbackApps.
Anyone else seeing this behaviour? Seems almost impossible to find any info on this key value...
Looks like my Win10's DebugedLoopbackApps value is already corrupt before the upgrade. So this time around I used PSExec to run Regedit as SYSTEM (so I didn't need to mess around with ownership), changed the permissions on the AppCs key, deleted DebugedLoopbackApps and didn't replace/recreate it at all.
Then I set the permissions on AppC back to its original settings, restarted, and reinstalled Win11 with no issues.
Now unlike the last few times I tried the upgrade, Firewall remains working after reboots, Microsoft Store works, Start menu isn't freezing.
One thing that is making me nervous though: Every time I reboot I notice the same identical GUID S-1-15-2-490905099-2794809881-2632752266-3514030558-4166392763-3416490339-321513134 getting appended to DebugedLoopbackApps.
Anyone else seeing this behaviour? Seems almost impossible to find any info on this key value...
Ah, interesting. Do you have Hyper-V installed?
I have a suspicion it might be to do with the Default Switch, because looking at the Firewall Advanced options I'm seeing and extra pair of "HNS Container Networking" Inbound Rules appearing at each reboot. One for TCP and one for UDP.
I suspect it's probably been going on for a long time without me noticing, as I just deleted a LOT of them and found this:
"https://answers.microsoft.com/en-us...-for-hns/ab54a12d-dc6c-44c2-a4d8-9c4a2df498a5
I have a suspicion it might be to do with the Default Switch, because looking at the Firewall Advanced options I'm seeing and extra pair of "HNS Container Networking" Inbound Rules appearing at each reboot. One for TCP and one for UDP.
I suspect it's probably been going on for a long time without me noticing, as I just deleted a LOT of them and found this:
"https://answers.microsoft.com/en-us...-for-hns/ab54a12d-dc6c-44c2-a4d8-9c4a2df498a5