CATEGORIES
home Blogs
by Daniel A. BegunFriday, October 30, 2009, 11:05 AM EDT

Adventures in Firewall Permissions: Getting BitDefender to Work With Netflix Watch Now in Windows Media Center

At a recent tradeshow, while I was walking by the BitDefender booth, a BitDefender representative literally shoved a copy of BitDefender Internet Security 2010 into my hands. Never one to say no to free software, I was grateful and actually stopped to talk cybersecurity for a bit--I guess I felt I had to earn that free software! And I knew exactly what I was going to do with the software: install it on my Windows 7 test machine.

I was actually already a BitDefender user, running BitDefender Internet Security 2009 (using licenses that I paid for) on several of my Windows systems. But I had yet to install any security software on my recently set-up Windows 7 rig. (This was before Microsoft released its free security app, Microsoft Security Essentials.) My Windows 7 system is actually a dual-boot system with Vista Home Premium (64-bit) on one partition and Windows 7 Ultimate (64-bit) on the other. I installed BitDefender on both partitions (you can install each copy on up to three systems). After installing BitDefender on both partitions, everything continued to hum along smoothly, with the occasional window popping up either telling me that an exception was added for a particular app or asking me to allow or deny an app's network access.

Then came the day that Microsoft released the Netflix Watch Instantly module for Windows 7's Windows Media Center. As a longtime Netflix subscriber (and, yes, I pay for my subscription), I wanted to see how well the feature worked in Windows 7's Media Center. I had used it before in Vista's Windows Media Center, but it had been a while. I launched Windows 7's Media Center and was happy to see the Netflix Watch Instantly module, which had not been there previously (I have Windows 7 set to automatically download and install updates). I went to launch Netflix Watch Instantly in Media Center, but instead of being asking for my login credentials, a window popped up saying that it couldn't connect. I could use Internet Explorer 8 in Windows 7 to watch the Netflix Watch Instantly service, so the problem was definitely isolated to Media Center. I rebooted into the Vista partition, and discovered the same problem there as well. It didn't take me long to make an educated guess that this was due to a firewall issue... I quickly confirmed my suspicions by temporarily disabling the firewall and then successfully connecting to Netflix in Media Center. The challenge I now had was to figure out what sort of exception I needed to create that would allow Netflix to connect in Media Center, but wouldn't punch too large a hole in the firewall.

It took me a while, but I narrowed down the culprit to two potential apps: ehshell.exe and svchost.exe. I decided to tackle ehshell.exe first. By monitoring ButDefender's Activity window with the firewall disabled, I saw that ehshell.exe was using connecting via TCP on ports in the 49400 range. So I created a rule that permitted ehshell.exe TCP connections on ports 49400 to 49500. I had to position the rule so that it came before an existing system rule for ehshell.exe that blocked all connections--rules are used in the order in which they appear in the list. On the very next try, Media Center's Netflix Watch Instantly worked! It turns out that I didn't need to create an additional exception for svchost.exe. But wouldn't you know it, on the very next attempt, Media Center couldn't connect to the Netflix Watch Instantly service. So I once again temporarily disabled the firewall and watched what was going on again in the Activity window. Now ehshell.exe was using ports in the 49500 range. With some experimenting over time, I discovered that ehshell.exe uses successively higher ports each time it connects to Netflix. I also discovered that it sometimes uses ports in the 49200 range as well. In fact, there might very well other port ranges it uses that I have yet to see. So I wound up adjusting the rule to encompass a rather wide port range: 49200 to 65535.

I don't claim to be a networking expert, so I wanted to run my rule by the BitDefender folks to get their two cents on if I was opening up too big a hole in the firewall with my rule. The answer I got back was that my rule was fine, as long as I made sure that Active Virus Control (Antivirus -> Shield -> Advanced Settings) and Intrusion Detection (Firewall -> Settings -> Advanced Settings) were both enabled. I checked, and it turns out that Intrusion Detection was not enabled; Active Virus Control was already enabled. I turned on Intrusion Detection and tried Media Center's Netflix Watch Instantly again just to make sure it still worked... And it did.

So now I can watch Netflix Watch Instantly in Windows 7's Media Center. I offer this story for anyone else who might have encountered the same problem I did. Of course, how often will I actually watch movies using the Windows 7 Media Center Netflix Watch Instantly module? That's hard to say... Especially since I just received a Roku box...

UPDATE: A comment that user "Cristian" made (see below) reminded me that I left out an important part of the rule that I created. I also opened up remote port 80, which shows up in the BitDefender rule simply as "HTTP." As to Windows assigning random ports, it is possible that at some point in the future I might encounter a situation where the Netflix app wants to use ports that are outside of the range I have permitted. I will cross that bridge when and if it happens--I feel more comfortable limiting the rule to just those ports I have actually encountered (with the exception being that as I keep encountering higher and higher ports, that I did open it up to the highest possible port number). As to enabling Intrusion Detection and Active Virus Control, these were not enabled to permit the Netflix app connect, but were enabled (per BitDefender's suggestion) in order to better protect my system. Here are screenshots of the BitDefender rule:

TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment