162:
function exposed by a filtering driver. The filtering drivers provide filtering capabilities other than the default block/allow. Administrators specify a callout function during registration of a filter rule. When the filter matches, the system invokes the callout, which handles a specified
270:
130:, providing basic filtering capabilities. It matches the data within a packet – as exposed by the shims – against filtering rules, and either blocks or permits the packet. A
152:, the module that manages the filtering engine. It accepts filtering rules and enforces the security model of the application. It also maintains statistics for the WFP and logs its state.
49:. It provides features such as integrated communication and per-application processing logic. Since Windows 8 and Windows Server 2012, WFP allows filtering at the second layer of
188:
Microsoft released three out-of-band hotfixes for WFP in
Windows Vista and Windows 7 to address issues that could cause a memory leak, loss of connectivity during a
134:(see below) may implement any other action as required. The filters operate on a per-application basis. To mitigate conflicts between filters, they are given
214:"A Windows Filtering Platform (WFP) driver hotfix rollup package is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2"
1132:
671:
213:
234:
261:
630:
344:
1009:
860:
620:
645:
635:
610:
754:
913:
805:
777:
704:
380:
1004:
981:
106:
1042:
956:
676:
530:
82:. WFP comes with a set of shims; users can register shims for other protocols using the API. The in-built set of shims includes:
966:
339:
309:
71:
1058:
999:
719:
870:
1142:
994:
865:
855:
843:
254:
46:
1106:
1019:
971:
159:
848:
582:
416:
838:
640:
557:
334:
329:
304:
189:
30:
and later that allows
Windows software to process and filter network traffic. Microsoft intended WFP for use by
146:
which may be given a name and description and are essentially associated to a particular application or service.
815:
603:
567:
1101:
1086:
1063:
810:
800:
734:
247:
75:
50:
1137:
767:
762:
744:
714:
572:
284:
1032:
951:
946:
499:
411:
314:
100:
833:
535:
484:
385:
324:
193:
31:
908:
891:
792:
699:
438:
479:
319:
1091:
961:
903:
729:
509:
463:
39:
562:
448:
66:
443:
88:
42:
apps. Additionally, WFP is used to implement NAT and to store IPSec policy configuration.
23:
923:
782:
504:
375:
1126:
1037:
1027:
941:
825:
694:
625:
458:
453:
94:
27:
1096:
739:
79:
35:
1081:
989:
724:
428:
370:
365:
239:
123:
709:
650:
514:
433:
1111:
173:
127:
494:
294:
289:
936:
931:
896:
772:
598:
540:
489:
406:
390:
550:
423:
142:, which also have weights. Filters and callouts may be associated to
577:
177:
666:
545:
349:
299:
243:
875:
61:
The filtering platform includes the following components:
196:. Later, these hotfixes were rolled up into one package.
1072:
1051:
1018:
980:
922:
884:
824:
791:
753:
685:
659:
591:
523:
472:
399:
358:
277:
180:command can diagnose of the internal state of WFP.
235:Windows Filtering Platform Architecture Overview
255:
8:
70:, which expose the internal structure of a
914:Security Support Provider Interface (SSPI)
262:
248:
240:
74:as properties. Different shims exist for
85:Application Layer Enforcement (ALE) shim
345:Windows Advanced Rasterization Platform
205:
340:DirectX Graphics Infrastructure (DXGI)
16:System services for Microsoft Windows
7:
1133:Windows communication and services
806:Microsoft Foundation Classes (MFC)
778:Distributed Component Object Model
14:
107:Internet Control Message Protocol
816:Windows Template Library (WTL)
138:(priorities) and grouped into
45:WFP relies on Windows Vista's
1:
811:Active Template Library (ATL)
531:Data Access Components (MDAC)
271:Microsoft APIs and frameworks
47:Next Generation TCP/IP stack
1107:Multilingual User Interface
1033:Dynamic Data Exchange (DDE)
220:. Microsoft. 12 April 2010.
1159:
20:Windows Filtering Platform
558:Extensible Storage Engine
335:Windows Imaging Component
330:Windows Image Acquisition
190:Remote Desktop Connection
1102:Language Interface Pack
1087:Text Services Framework
801:Framework Class Library
745:Common Log File System
573:Access Database Engine
285:Desktop Window Manager
1073:Text and multilingual
150:Base filtering engine
1059:Active Accessibility
325:Windows Color System
194:blue screen of death
36:antimalware software
1143:Windows Server 2008
1097:Input method editor
909:Data Protection API
700:Windows Script Host
439:Image Mastering API
122:, which spans both
995:Enterprise Library
982:Software factories
686:Administration and
616:Filtering Platform
417:Video Acceleration
22:(WFP) is a set of
1120:
1119:
1092:Text Object Model
904:Windows CardSpace
730:Windows Installer
464:Video for Windows
97:Module (NLM) shim
91:Module (TLM) shim
40:parental controls
1150:
705:WMI (extensions)
563:Entity Framework
449:Media Foundation
300:D3D (extensions)
264:
257:
250:
241:
222:
221:
210:
120:Filtering engine
1158:
1157:
1153:
1152:
1151:
1149:
1148:
1147:
1123:
1122:
1121:
1116:
1074:
1068:
1047:
1014:
976:
918:
880:
820:
787:
755:Component model
749:
735:Error Reporting
687:
681:
655:
587:
519:
510:SideBar Gadgets
468:
444:Managed DirectX
395:
354:
278:Graphics and UI
273:
268:
231:
226:
225:
218:Windows support
212:
211:
207:
202:
186:
170:
89:Transport Layer
59:
24:system services
17:
12:
11:
5:
1156:
1154:
1146:
1145:
1140:
1135:
1125:
1124:
1118:
1117:
1115:
1114:
1109:
1104:
1099:
1094:
1089:
1084:
1078:
1076:
1070:
1069:
1067:
1066:
1061:
1055:
1053:
1049:
1048:
1046:
1045:
1040:
1035:
1030:
1024:
1022:
1016:
1015:
1013:
1012:
1007:
1002:
997:
992:
986:
984:
978:
977:
975:
974:
969:
964:
959:
954:
949:
944:
939:
934:
928:
926:
920:
919:
917:
916:
911:
906:
901:
900:
899:
888:
886:
882:
881:
879:
878:
873:
868:
863:
858:
853:
852:
851:
846:
836:
830:
828:
826:Device drivers
822:
821:
819:
818:
813:
808:
803:
797:
795:
789:
788:
786:
785:
783:.NET Framework
780:
775:
770:
765:
759:
757:
751:
750:
748:
747:
742:
737:
732:
727:
722:
717:
715:Task Scheduler
712:
707:
702:
697:
691:
689:
683:
682:
680:
679:
674:
669:
663:
661:
657:
656:
654:
653:
648:
643:
638:
633:
628:
623:
618:
613:
611:Winsock Kernel
608:
607:
606:
595:
593:
589:
588:
586:
585:
580:
575:
570:
568:Sync Framework
565:
560:
555:
554:
553:
548:
543:
538:
527:
525:
521:
520:
518:
517:
512:
507:
502:
497:
492:
487:
482:
476:
474:
470:
469:
467:
466:
461:
456:
451:
446:
441:
436:
431:
426:
421:
420:
419:
414:
403:
401:
397:
396:
394:
393:
388:
383:
378:
376:DirectX plugin
373:
368:
362:
360:
356:
355:
353:
352:
347:
342:
337:
332:
327:
322:
317:
312:
307:
302:
297:
292:
287:
281:
279:
275:
274:
269:
267:
266:
259:
252:
244:
238:
237:
230:
229:External links
227:
224:
223:
204:
203:
201:
198:
192:session, or a
185:
182:
172:Starting with
169:
166:
165:
164:
153:
147:
116:
115:
114:
113:
110:
104:
98:
92:
86:
58:
55:
15:
13:
10:
9:
6:
4:
3:
2:
1155:
1144:
1141:
1139:
1138:Windows Vista
1136:
1134:
1131:
1130:
1128:
1113:
1110:
1108:
1105:
1103:
1100:
1098:
1095:
1093:
1090:
1088:
1085:
1083:
1080:
1079:
1077:
1071:
1065:
1064:UI Automation
1062:
1060:
1057:
1056:
1054:
1052:Accessibility
1050:
1044:
1041:
1039:
1036:
1034:
1031:
1029:
1026:
1025:
1023:
1021:
1017:
1011:
1008:
1006:
1003:
1001:
998:
996:
993:
991:
988:
987:
985:
983:
979:
973:
970:
968:
965:
963:
960:
958:
955:
953:
950:
948:
945:
943:
940:
938:
935:
933:
930:
929:
927:
925:
921:
915:
912:
910:
907:
905:
902:
898:
895:
894:
893:
890:
889:
887:
883:
877:
874:
872:
869:
867:
864:
862:
859:
857:
854:
850:
847:
845:
842:
841:
840:
837:
835:
832:
831:
829:
827:
823:
817:
814:
812:
809:
807:
804:
802:
799:
798:
796:
794:
790:
784:
781:
779:
776:
774:
771:
769:
766:
764:
761:
760:
758:
756:
752:
746:
743:
741:
738:
736:
733:
731:
728:
726:
723:
721:
720:Offline Files
718:
716:
713:
711:
708:
706:
703:
701:
698:
696:
695:Win32 console
693:
692:
690:
684:
678:
675:
673:
672:Telephony API
670:
668:
667:Messaging API
665:
664:
662:
660:Communication
658:
652:
649:
647:
644:
642:
639:
637:
634:
632:
629:
627:
626:Windows Rally
624:
622:
619:
617:
614:
612:
609:
605:
602:
601:
600:
597:
596:
594:
590:
584:
581:
579:
576:
574:
571:
569:
566:
564:
561:
559:
556:
552:
549:
547:
544:
542:
539:
537:
534:
533:
532:
529:
528:
526:
522:
516:
513:
511:
508:
506:
503:
501:
498:
496:
493:
491:
488:
486:
483:
481:
478:
477:
475:
471:
465:
462:
460:
459:Windows Media
457:
455:
452:
450:
447:
445:
442:
440:
437:
435:
432:
430:
427:
425:
422:
418:
415:
413:
412:Media Objects
410:
409:
408:
405:
404:
402:
398:
392:
389:
387:
384:
382:
379:
377:
374:
372:
369:
367:
364:
363:
361:
357:
351:
348:
346:
343:
341:
338:
336:
333:
331:
328:
326:
323:
321:
318:
316:
313:
311:
308:
306:
303:
301:
298:
296:
293:
291:
288:
286:
283:
282:
280:
276:
272:
265:
260:
258:
253:
251:
246:
245:
242:
236:
233:
232:
228:
219:
215:
209:
206:
199:
197:
195:
191:
183:
181:
179:
175:
167:
161:
157:
154:
151:
148:
145:
141:
137:
133:
129:
125:
121:
118:
117:
111:
108:
105:
102:
99:
96:
95:Network Layer
93:
90:
87:
84:
83:
81:
78:at different
77:
73:
69:
68:
64:
63:
62:
56:
54:
52:
48:
43:
41:
37:
33:
29:
28:Windows Vista
25:
21:
1000:Composite UI
615:
485:RSS Platform
217:
208:
187:
171:
155:
149:
143:
139:
135:
131:
119:
103:Runtime shim
65:
60:
51:TCP/IP suite
44:
19:
18:
1082:DirectWrite
990:EFx Factory
947:Silverlight
725:Shadow Copy
524:Data access
429:DirectInput
371:DirectSound
366:DirectMusic
315:Silverlight
168:Diagnostics
124:kernel-mode
112:Stream shim
109:(ICMP) shim
1127:Categories
892:Crypto API
710:PowerShell
688:management
651:DirectPlay
592:Networking
515:TypeScript
434:DirectShow
400:Multimedia
386:Speech API
305:GDI / GDI+
200:References
57:Components
1112:Uniscribe
793:Libraries
740:Event Log
174:Windows 7
144:providers
140:sublayers
128:user-mode
76:protocols
32:firewalls
1038:Remoting
942:Remoting
885:Security
495:VBScript
295:Direct3D
290:Direct2D
160:callback
1075:support
937:ADO.NET
932:ASP.NET
897:CAPICOM
773:ActiveX
636:P2P API
599:Winsock
541:ADO.NET
490:JScript
407:DirectX
391:XAudio2
163:action.
156:Callout
136:weights
132:callout
646:MS MPI
551:OLE DB
480:MSHTML
424:Xinput
184:Hotfix
176:, the
80:layers
72:packet
38:, and
1028:MSRPC
578:MSXML
359:Audio
320:WinUI
178:netsh
67:Shims
924:.NET
861:NDIS
856:WDDM
849:UMDF
844:KMDF
768:COM+
641:MSMQ
631:BITS
621:NDIS
546:ODBC
381:XACT
350:WinG
158:, a
126:and
1043:WCF
1020:IPC
1010:CSF
1005:CCF
967:WPF
962:WCS
957:WCF
952:TPL
876:VxD
871:BDA
866:UAA
839:WDF
834:WDM
763:COM
677:WCF
604:LSP
583:OPC
536:ADO
505:XDR
500:BHO
473:Web
454:XNA
310:WPF
101:RPC
26:in
1129::
972:WF
216:.
53:.
34:,
263:e
256:t
249:v
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.