[RESOLVED] Your computer may stop responding when you run an application, Software Firewall or anti-virus package that uses the Windows Filtering Platform API

Your computer may stop responding when you run an application, Software Firewall or anti-virus package that uses the Windows Filtering Platform API

This issue affects the following operating systems:

  • Windows 7 – Service Pack 1
  • Windows Small Business Server 2011 – Service Pack 1
  • Windows SBS 2011 – Service Pack 1
  • Windows Server 2008 R2 – Service Pack 1
  • Windows Small Business Server 2008 – Service Pack 2
  • Windows SBS 2008 – Service Pack 2
  • Windows Server 2008 – Service Pack 2
  • Windows Vista – Service Pack 2

In this situation, the computer may perform slowly or stop responding and network activity may be affected.  You find that a system restart may resolve this issue in some instances.

This issue occurs because the FwpsStreamInjectAsync0 function causes the interrupt request level (IRQL) to leak.  You can resolve the issue by updating to the latest Netio.sys driver.  The download link can be found within Microsoft KB 2664888 http://support.microsoft.com/kb/2664888

 

Windows Filtering Platform (WFP) General Description

Windows Filtering Platform (WFP) is a set of API and system services that provide a platform for creating network filtering applications. The WFP API allows developers to write code that interacts with the packet processing that takes place at several layers in the networking stack of the operating system. Network data can be filtered and also modified before it reaches its destination.

By providing a simpler development platform, WFP is designed to replace  previous packet filtering technologies such as Transport Driver Interface (TDI)  filters, Network Driver Interface Specification (NDIS) filters, and Winsock Layered Service Providers (LSP). Starting in Windows Server 2008 and Windows Vista, the firewall hook and the filter hook drivers  are not available; applications that were using these drivers should use WFP instead.

With the WFP API, developers can implement firewalls, intrusion detection systems, antivirus programs, network monitoring tools, and parental controls. WFP integrates with and provides support for firewall features such as authenticated communication and dynamic firewall configuration based on applications’ use of sockets API (application-based policy). WFP also provides infrastructure for  IPsec policy management, change notifications, network diagnostics, and stateful filtering.

More info can be found here http://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx