On Windows 7, I can use the following command to get information about a firewall rule:
netsh advfirewall show rule name=foobarTCP
yields:
Rule Name: foobarTCP
----------------------------------------------------------------------
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: TCP
LocalPort: Any
RemotePort: Any
Edge traversal: No
Action: Allow
But I would like to know the specific EXE identified with that rule. I can see this info in Control Panel -> Windows Firewall -> Advanced Settings -> Inbound Rules. e.g. that foobarTCP is c:\ProgramData\MyCompany\foobar.exe
How can I get the EXE path via netsh
(or another command line tool?). Please note that installing PowerShell is not an option for me.